Skip to content

Commit

Permalink
Merge pull request #118 from catenax-ng/dependabot-issues-fix
Browse files Browse the repository at this point in the history
chore dependabot fixes for github actions
  • Loading branch information
almadigabor authored May 13, 2024
2 parents 96949c6 + 54180ca commit 84995e4
Show file tree
Hide file tree
Showing 7 changed files with 50 additions and 36 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/Release-charts.yml
Original file line number Diff line number Diff line change
Expand Up @@ -48,11 +48,11 @@ jobs:
git config user.email "[email protected]"
- name: Install Helm
uses: azure/setup-helm@v3
uses: azure/setup-helm@v4

Check warning on line 51 in .github/workflows/Release-charts.yml

View workflow job for this annotation

GitHub Actions / Analyze

[LOW] Unpinned Actions Full Length Commit SHA

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
with:
token: ${{ secrets.GITHUB_TOKEN }}

- name: Run chart-releaser
uses: helm/chart-releaser-action@v1.4.1
uses: helm/chart-releaser-action@v1.6.0
env:
CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
3 changes: 2 additions & 1 deletion .github/workflows/dependencies.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
# #############################################################################
# Copyright (c) 2023 Contributors to the Eclipse Foundation
# Copyright (c) 2024 T-Systems International GmbH
#
# See the NOTICE file(s) distributed with this work for additional
# information regarding copyright ownership.
Expand Down Expand Up @@ -34,7 +35,7 @@ jobs:
steps:

- name: Set up JDK 17
uses: actions/setup-java@v3
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: '17'
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/dockerbuild.yml
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@ jobs:
- name: DockerHub login
if: github.event_name != 'pull_request'
uses: docker/login-action@v2
uses: docker/login-action@v3
with:
# Use existing DockerHub credentials present as secrets
username: ${{ secrets.DOCKER_HUB_USER }}
Expand Down
7 changes: 4 additions & 3 deletions .github/workflows/trivy-scan.yml
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,8 @@ on:

jobs:

analyze-config:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
Expand All @@ -42,9 +43,9 @@ jobs:

steps:
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.18.0
uses: aquasecurity/trivy-action@0.20.0
with:
image-ref: "tractusx/managed-simple-data-exchanger-backend:latest" # Pull image from Docker Hub and run Trivy vulnerability scanner
image-ref: "tractusx/managed-simple-data-exchanger-frontend:latest" # Pull image from Docker Hub and run Trivy vulnerability scanner
format: "sarif"
output: "trivy-results.sarif"
exit-code: "1" # Trivy exits with code 1 if vulnerabilities are found, causing the workflow step to fail.
Expand Down
10 changes: 7 additions & 3 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -13,9 +13,12 @@ New features, fixed bugs, known defects and other noteworthy changes to each rel
- Policy related documentations updated.

### Changed
- Upload data api implemetation moved to RTK query for better performance.
- Upload data api implementation moved to RTK query for better performance.
- Consumer: Fetching policy information from EDC for offer details overlay

## [2.3.7] - 2024-05-09
- Bumped version for release 24.03 to match with backend version (hotfix issue in fixed backend).

## [2.3.6] - 2024-03-08
### Added
- Policy overlay descriptions.
Expand All @@ -27,7 +30,7 @@ New features, fixed bugs, known defects and other noteworthy changes to each rel
- legal information added to docker image.
- trivy workflow steps updated.
- PCF Documentation update
- Download file functions code optimisations.
- Download file functions code optimizations.
- Page layout css fixes.

### Known defects
Expand Down Expand Up @@ -264,7 +267,8 @@ New features, fixed bugs, known defects and other noteworthy changes to each rel
- Compliance with Catena-X Guidelines
- Integration with Digital Twin registry service.

[unreleased]: https://github.com/eclipse-tractusx/managed-simple-data-exchanger-frontend/compare/v2.3.6...main
[unreleased]: https://github.com/eclipse-tractusx/managed-simple-data-exchanger-frontend/compare/v2.3.7...main
[2.3.7]: https://github.com/eclipse-tractusx/managed-simple-data-exchanger-frontend/compare/v2.3.6...v2.3.7
[2.3.6]: https://github.com/eclipse-tractusx/managed-simple-data-exchanger-frontend/compare/v2.3.5...v2.3.6
[2.3.5]: https://github.com/eclipse-tractusx/managed-simple-data-exchanger-frontend/compare/v2.3.3...v2.3.5
[2.3.3]: https://github.com/eclipse-tractusx/managed-simple-data-exchanger-frontend/compare/v2.3.2...v2.3.3
Expand Down
52 changes: 30 additions & 22 deletions package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 4 additions & 4 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -41,11 +41,11 @@
"file-saver": "^2.0.5",
"i18next": "^23.11.1",
"i18next-browser-languagedetector": "^7.2.1",
"keycloak-js": "^21.1.1",
"keycloak-js": "^24.0.4",
"lodash": "^4.17.21",
"moment": "^2.29.4",
"react": "^18.2.0",
"react-dom": "^18.2.0",
"react-dom": "^18.3.1",
"react-dropzone": "^14.2.3",
"react-hook-form": "^7.46.2",
"react-i18next": "^14.1.0",
Expand All @@ -62,7 +62,7 @@
"@types/lodash": "^4.14.185",
"@types/node": "^20.12.4",
"@types/react": "^18.2.74",
"@types/react-dom": "^18.2.24",
"@types/react-dom": "^18.3.0",
"@types/react-redux": "^7.1.33",
"@types/react-router-dom": "^5.3.3",
"@types/react-slick": "^0.23.13",
Expand Down Expand Up @@ -97,4 +97,4 @@
"build:custom-config": "bash scripts/custom-config.sh",
"check:dependencies": "java -jar ./scripts/download/org.eclipse.dash.licenses.jar ./package-lock.json -project automotive.tractusx -summary DEPENDENCIES || true"
}
}
}

0 comments on commit 84995e4

Please sign in to comment.