From ec09fc2f6666d1d12a37f983e03aab7a22f0ce6f Mon Sep 17 00:00:00 2001 From: "QSL\\SumathiT" Date: Mon, 20 Jan 2025 16:47:27 -0800 Subject: [PATCH] Security: Dependabot findings. --- .../build.from.developer.branch.deploy.to.dev.yml | 2 +- .../build.from.main.branch.deploy.to.dev.yml | 2 +- .../build.from.release.branch.deploy.to.dev.yml | 2 +- .github/workflows/on.pr.yml | 5 +++-- api/pom.xml | 13 +++++++------ 5 files changed, 13 insertions(+), 11 deletions(-) diff --git a/.github/workflows/build.from.developer.branch.deploy.to.dev.yml b/.github/workflows/build.from.developer.branch.deploy.to.dev.yml index 4b92f7f1..f92be54d 100644 --- a/.github/workflows/build.from.developer.branch.deploy.to.dev.yml +++ b/.github/workflows/build.from.developer.branch.deploy.to.dev.yml @@ -63,7 +63,7 @@ jobs: echo "TAG=latest ${GITHUB_SHA::12}" | tee -a $GITHUB_ENV - name: Login to Docker Hub - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ${{ vars.DOCKER_ARTIFACTORY_REPO }} username: ${{ vars.DOCKER_ARTIFACTORY_USERNAME }} diff --git a/.github/workflows/build.from.main.branch.deploy.to.dev.yml b/.github/workflows/build.from.main.branch.deploy.to.dev.yml index df65cb95..2ea5459d 100644 --- a/.github/workflows/build.from.main.branch.deploy.to.dev.yml +++ b/.github/workflows/build.from.main.branch.deploy.to.dev.yml @@ -49,7 +49,7 @@ jobs: echo "TAG=latest ${GITHUB_SHA::12}" | tee -a $GITHUB_ENV - name: Login to Docker Hub - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ${{ vars.DOCKER_ARTIFACTORY_REPO }} username: ${{ vars.DOCKER_ARTIFACTORY_USERNAME }} diff --git a/.github/workflows/build.from.release.branch.deploy.to.dev.yml b/.github/workflows/build.from.release.branch.deploy.to.dev.yml index 4dddfdb2..63341ff5 100644 --- a/.github/workflows/build.from.release.branch.deploy.to.dev.yml +++ b/.github/workflows/build.from.release.branch.deploy.to.dev.yml @@ -58,7 +58,7 @@ jobs: echo "TAG=latest ${GITHUB_SHA::12}" | tee -a $GITHUB_ENV - name: Login to Docker Hub - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ${{ vars.DOCKER_ARTIFACTORY_REPO }} username: ${{ vars.DOCKER_ARTIFACTORY_USERNAME }} diff --git a/.github/workflows/on.pr.yml b/.github/workflows/on.pr.yml index 07e25ce7..f33413bf 100644 --- a/.github/workflows/on.pr.yml +++ b/.github/workflows/on.pr.yml @@ -21,8 +21,9 @@ jobs: with: fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis - name: Set up JDK 18 - uses: actions/setup-java@v1 + uses: actions/setup-java@v4 with: + distribution: 'corretto' java-version: 18 - uses: actions/cache@v1 with: @@ -42,7 +43,7 @@ jobs: severity: 'CRITICAL' - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: 'trivy-results.sarif' - name: Cache SonarCloud packages diff --git a/api/pom.xml b/api/pom.xml index 48b58f75..9b9b03e2 100644 --- a/api/pom.xml +++ b/api/pom.xml @@ -24,11 +24,11 @@ src/main/java/ca/bc/gov/educ/api/ruleengine/util/** 18 - 3.10.1 + 3.13.0 ${java.version} ${java.version} 4.12 - 2.18.0 + 2.24.3 @@ -56,7 +56,8 @@ com.oracle.database.jdbc - ojdbc8 + ojdbc11 + 23.6.0.24.10 runtime @@ -83,7 +84,7 @@ org.modelmapper modelmapper - 3.1.0 + 3.2.2 org.springframework.boot @@ -115,7 +116,7 @@ commons-io commons-io - 2.11.0 + 2.18.0 org.apache.logging.log4j @@ -213,7 +214,7 @@ org.hibernate.orm.tooling hibernate-enhance-maven-plugin - 6.1.1.Final + 6.6.5.Final