From c42a347ec598c70962ae75bf6b4f2e299a7fee2b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 20 Sep 2024 10:35:27 +0000 Subject: [PATCH 01/20] chore(deps): bump keycloak-js from 23.0.5 to 25.0.6 in /frontend Bumps [keycloak-js](https://github.com/keycloak/keycloak) from 23.0.5 to 25.0.6. - [Release notes](https://github.com/keycloak/keycloak/releases) - [Commits](https://github.com/keycloak/keycloak/compare/23.0.5...25.0.6) --- updated-dependencies: - dependency-name: keycloak-js dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- frontend/package-lock.json | 20 +++++++++++--------- frontend/package.json | 2 +- 2 files changed, 12 insertions(+), 10 deletions(-) diff --git a/frontend/package-lock.json b/frontend/package-lock.json index a85752fc..3fa462da 100644 --- a/frontend/package-lock.json +++ b/frontend/package-lock.json @@ -1,18 +1,18 @@ { "name": "puris-frontend", - "version": "2.0.2", + "version": "2.1.0", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "puris-frontend", - "version": "2.0.2", + "version": "2.1.0", "license": "Apache-2.0", "dependencies": { "@catena-x/portal-shared-components": "^2.1.31", "@mui/icons-material": "^5.14.12", "@mui/material": "^5.14.12", - "keycloak-js": "^23.0.5", + "keycloak-js": "^25.0.6", "react": "^18.2.0", "react-dom": "^18.2.0", "react-markdown": "^8.0.5", @@ -2538,6 +2538,7 @@ }, "node_modules/base64-js": { "version": "1.5.1", + "dev": true, "funding": [ { "type": "github", @@ -3828,8 +3829,9 @@ "license": "MIT" }, "node_modules/js-sha256": { - "version": "0.10.1", - "license": "MIT" + "version": "0.11.0", + "resolved": "https://registry.npmjs.org/js-sha256/-/js-sha256-0.11.0.tgz", + "integrity": "sha512-6xNlKayMZvds9h1Y1VWc0fQHQ82BxTXizWPEtEeGvmOUYpBRy4gbWroHLpzowe6xiQhHpelCQiE7HEdznyBL9Q==" }, "node_modules/js-tokens": { "version": "4.0.0", @@ -3904,11 +3906,11 @@ } }, "node_modules/keycloak-js": { - "version": "23.0.5", - "license": "Apache-2.0", + "version": "25.0.6", + "resolved": "https://registry.npmjs.org/keycloak-js/-/keycloak-js-25.0.6.tgz", + "integrity": "sha512-Km+dc+XfNvY6a4az5jcxTK0zPk52ns9mAxLrHj7lF3V+riVYvQujfHmhayltJDjEpSOJ4C8a57LFNNKnNnRP2g==", "dependencies": { - "base64-js": "^1.5.1", - "js-sha256": "^0.10.1", + "js-sha256": "^0.11.0", "jwt-decode": "^4.0.0" } }, diff --git a/frontend/package.json b/frontend/package.json index ef972226..59f381a1 100644 --- a/frontend/package.json +++ b/frontend/package.json @@ -19,7 +19,7 @@ "@catena-x/portal-shared-components": "^2.1.31", "@mui/icons-material": "^5.14.12", "@mui/material": "^5.14.12", - "keycloak-js": "^23.0.5", + "keycloak-js": "^25.0.6", "react": "^18.2.0", "react-dom": "^18.2.0", "react-markdown": "^8.0.5", From acd3961fa633212cccd5cd7b0c8e6594b82f5ab5 Mon Sep 17 00:00:00 2001 From: --show-origin Date: Wed, 2 Oct 2024 09:20:18 -0700 Subject: [PATCH 02/20] ci: added workflow to run unit tests for backend --- .github/workflows/unit-test-backend.yaml | 51 ++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 .github/workflows/unit-test-backend.yaml diff --git a/.github/workflows/unit-test-backend.yaml b/.github/workflows/unit-test-backend.yaml new file mode 100644 index 00000000..489383cb --- /dev/null +++ b/.github/workflows/unit-test-backend.yaml @@ -0,0 +1,51 @@ +############################################################### +# Copyright (c) 2024 Contributors to the Eclipse Foundation +# Copyright (c) 2024 Fraunhofer-Gesellschaft zur Foerderung der angewandten Forschung e.V. +# (represented by Fraunhofer ISST) +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +############################################################### +--- + +name: Unit Test - Backend + +on: + pull_request: + branches: + - main + +jobs: + unit-test-backend: + if: github.repository_owner == 'eclipse-tractusx' # prevent running on forks + runs-on: ubuntu-latest + permissions: + packages: write + + steps: + - name: Checkout + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + - name: Set up JDK 21 + uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018 # v4.2.2 + with: + java-version: '21' + distribution: 'temurin' + cache: maven + + - name: Build and test with Maven + run: | + cd backend + mvn clean install From 0769ac25f28753a508df9954a6c04efb5b7f7581 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 4 Oct 2024 10:23:53 +0000 Subject: [PATCH 03/20] chore(deps): bump docker/setup-buildx-action from 3.6.1 to 3.7.1 Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.6.1 to 3.7.1. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/988b5a0280414f521da01fcc63a27aeeb4b104db...c47758b77c9736f4b2ef4073d4d51994fabfe349) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/build-image-backend.yml | 2 +- .github/workflows/build-image-frontend.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-image-backend.yml b/.github/workflows/build-image-backend.yml index 0047544d..3528eefd 100644 --- a/.github/workflows/build-image-backend.yml +++ b/.github/workflows/build-image-backend.yml @@ -63,7 +63,7 @@ jobs: # Needed to create multi-platfrom image - name: Set up Docker Buildx - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 + uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 # Needed to create multi-platfrom image - name: Set up QEMU diff --git a/.github/workflows/build-image-frontend.yml b/.github/workflows/build-image-frontend.yml index 8596fe85..e9339ee6 100644 --- a/.github/workflows/build-image-frontend.yml +++ b/.github/workflows/build-image-frontend.yml @@ -95,7 +95,7 @@ jobs: # Needed to create multi-platfrom image - name: Set up Docker Buildx - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 + uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 # Create SemVer or ref tags dependent of trigger event - name: Docker meta From b70963b42a90d8ff96675dd8f6cf5b8f243b602f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 4 Oct 2024 10:23:56 +0000 Subject: [PATCH 04/20] chore(deps): bump checkmarx/kics-github-action from 2.1.2 to 2.1.3 Bumps [checkmarx/kics-github-action](https://github.com/checkmarx/kics-github-action) from 2.1.2 to 2.1.3. - [Release notes](https://github.com/checkmarx/kics-github-action/releases) - [Commits](https://github.com/checkmarx/kics-github-action/compare/530ac1f8efe6202b0f12c9a6e952597ae707b755...94469746ec2c43de89a42fb9d2a80070f5d25b16) --- updated-dependencies: - dependency-name: checkmarx/kics-github-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/kics.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/kics.yml b/.github/workflows/kics.yml index 844166e3..757d3aac 100644 --- a/.github/workflows/kics.yml +++ b/.github/workflows/kics.yml @@ -50,7 +50,7 @@ jobs: - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: KICS scan - uses: checkmarx/kics-github-action@530ac1f8efe6202b0f12c9a6e952597ae707b755 # v2.1.2 + uses: checkmarx/kics-github-action@94469746ec2c43de89a42fb9d2a80070f5d25b16 # v2.1.3 with: path: "." fail_on: high From 953363f64d2a8b64390fae090562f74da2c7ddc6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 8 Oct 2024 10:15:16 +0000 Subject: [PATCH 05/20] chore(deps): bump github/codeql-action from 3.26.10 to 3.26.12 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.10 to 3.26.12. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/e2b3eafc8d227b0241d48be5f425d47c2d750a13...c36620d31ac7c881962c3d9dd939c40ec9434f2b) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 6 +++--- .github/workflows/kics.yml | 2 +- .github/workflows/trivy.yml | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index fa6fd45a..b3d7e197 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -69,7 +69,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10 + uses: github/codeql-action/init@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -93,7 +93,7 @@ jobs: # Automates dependency installation for Python, Ruby, and JavaScript, optimizing the CodeQL analysis setup. # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10 + uses: github/codeql-action/autobuild@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12 # Command-line programs to run using the OS shell. # See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -106,6 +106,6 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10 + uses: github/codeql-action/analyze@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/kics.yml b/.github/workflows/kics.yml index 844166e3..4fec196c 100644 --- a/.github/workflows/kics.yml +++ b/.github/workflows/kics.yml @@ -62,6 +62,6 @@ jobs: # Upload findings to GitHub Advanced Security Dashboard - name: Upload SARIF file for GitHub Advanced Security Dashboard if: always() - uses: github/codeql-action/upload-sarif@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10 + uses: github/codeql-action/upload-sarif@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12 with: sarif_file: kicsResults/results.sarif diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index 318d5202..22e1f85a 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -51,7 +51,7 @@ jobs: limit-severities-for-sarif: true - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10 + uses: github/codeql-action/upload-sarif@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12 if: always() with: sarif_file: "trivy-results-1.sarif" @@ -78,6 +78,6 @@ jobs: limit-severities-for-sarif: true - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10 + uses: github/codeql-action/upload-sarif@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12 with: sarif_file: "trivy-results-2.sarif" From 790e357d7fb31f9d7f4bef0e493a90c04ff3a432 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 11 Oct 2024 10:30:35 +0000 Subject: [PATCH 06/20] chore(deps): bump aquasecurity/trivy-action from 0.24.0 to 0.27.0 Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.24.0 to 0.27.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8...5681af892cd0f4997658e2bacc62bd0a894cf564) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/trivy.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index 318d5202..d3fad183 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -40,7 +40,7 @@ jobs: uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Run Trivy vulnerability scanner in repo mode - uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.24.0 + uses: aquasecurity/trivy-action@5681af892cd0f4997658e2bacc62bd0a894cf564 # v0.27.0 with: image-ref: "tractusx/app-puris-frontend:latest" format: "sarif" @@ -67,7 +67,7 @@ jobs: steps: # Pull image from Docker Hub and run Trivy vulnerability scanner - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.24.0 + uses: aquasecurity/trivy-action@5681af892cd0f4997658e2bacc62bd0a894cf564 # v0.27.0 with: image-ref: "tractusx/app-puris-backend:latest" format: "sarif" From 316875159e5ab47128a2a3d71cf5a4151159b77e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 14 Oct 2024 10:16:39 +0000 Subject: [PATCH 07/20] chore(deps): bump actions/setup-java from 4.2.2 to 4.4.0 Bumps [actions/setup-java](https://github.com/actions/setup-java) from 4.2.2 to 4.4.0. - [Release notes](https://github.com/actions/setup-java/releases) - [Commits](https://github.com/actions/setup-java/compare/v4.2.2...b36c23c0d998641eff861008f374ee103c25ac73) --- updated-dependencies: - dependency-name: actions/setup-java dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/unit-test-backend.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/unit-test-backend.yaml b/.github/workflows/unit-test-backend.yaml index 489383cb..d5136565 100644 --- a/.github/workflows/unit-test-backend.yaml +++ b/.github/workflows/unit-test-backend.yaml @@ -39,7 +39,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Set up JDK 21 - uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018 # v4.2.2 + uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4.4.0 with: java-version: '21' distribution: 'temurin' From 352f72dda6fb2db80c56a8195257458c354c0128 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 14 Oct 2024 10:16:45 +0000 Subject: [PATCH 08/20] chore(deps): bump actions/checkout from 4.1.7 to 4.2.1 Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.7 to 4.2.1. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4.1.7...eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/build-image-backend.yml | 2 +- .github/workflows/build-image-frontend.yml | 2 +- .github/workflows/chart-release.yaml | 2 +- .github/workflows/codeql.yml | 2 +- .github/workflows/dash-dependency-check.yml | 4 ++-- .github/workflows/helm-test.yml | 2 +- .github/workflows/kics.yml | 2 +- .github/workflows/render-puml-to-svg.yml | 2 +- .github/workflows/trivy.yml | 2 +- .github/workflows/trufflehog.yml | 2 +- .github/workflows/unit-test-backend.yaml | 2 +- 11 files changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/build-image-backend.yml b/.github/workflows/build-image-backend.yml index 3528eefd..b0a7eddf 100644 --- a/.github/workflows/build-image-backend.yml +++ b/.github/workflows/build-image-backend.yml @@ -49,7 +49,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 # Copy legal information from root dir to backend dir for publishing diff --git a/.github/workflows/build-image-frontend.yml b/.github/workflows/build-image-frontend.yml index e9339ee6..6278f4bc 100644 --- a/.github/workflows/build-image-frontend.yml +++ b/.github/workflows/build-image-frontend.yml @@ -53,7 +53,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Setup Node uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4 diff --git a/.github/workflows/chart-release.yaml b/.github/workflows/chart-release.yaml index 7e46d061..e5967eba 100644 --- a/.github/workflows/chart-release.yaml +++ b/.github/workflows/chart-release.yaml @@ -32,7 +32,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: fetch-depth: 0 diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index b3d7e197..6f347140 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -65,7 +65,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/dash-dependency-check.yml b/.github/workflows/dash-dependency-check.yml index 7b9c70e4..7d7423e3 100644 --- a/.github/workflows/dash-dependency-check.yml +++ b/.github/workflows/dash-dependency-check.yml @@ -35,7 +35,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Run dash id: run-dash @@ -51,7 +51,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Set up JDK 17 uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4.4.0 diff --git a/.github/workflows/helm-test.yml b/.github/workflows/helm-test.yml index 2ed64a4c..4c39862e 100644 --- a/.github/workflows/helm-test.yml +++ b/.github/workflows/helm-test.yml @@ -53,7 +53,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: fetch-depth: 0 diff --git a/.github/workflows/kics.yml b/.github/workflows/kics.yml index 1c342cf7..6bc2b10b 100644 --- a/.github/workflows/kics.yml +++ b/.github/workflows/kics.yml @@ -47,7 +47,7 @@ jobs: security-events: write steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: KICS scan uses: checkmarx/kics-github-action@94469746ec2c43de89a42fb9d2a80070f5d25b16 # v2.1.3 diff --git a/.github/workflows/render-puml-to-svg.yml b/.github/workflows/render-puml-to-svg.yml index 63e3d653..ba00fcbd 100644 --- a/.github/workflows/render-puml-to-svg.yml +++ b/.github/workflows/render-puml-to-svg.yml @@ -42,7 +42,7 @@ jobs: needs: render-images steps: - name: checkout source repo - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: download generated svg file from job before uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v3 id: download diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index 7cbb1c82..c03829cf 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -37,7 +37,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Run Trivy vulnerability scanner in repo mode uses: aquasecurity/trivy-action@5681af892cd0f4997658e2bacc62bd0a894cf564 # v0.27.0 diff --git a/.github/workflows/trufflehog.yml b/.github/workflows/trufflehog.yml index 20958044..873ab3d9 100644 --- a/.github/workflows/trufflehog.yml +++ b/.github/workflows/trufflehog.yml @@ -42,7 +42,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repository - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: fetch-depth: 0 # Ensure full clone for pull request workflows diff --git a/.github/workflows/unit-test-backend.yaml b/.github/workflows/unit-test-backend.yaml index 489383cb..45342bb4 100644 --- a/.github/workflows/unit-test-backend.yaml +++ b/.github/workflows/unit-test-backend.yaml @@ -36,7 +36,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Set up JDK 21 uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018 # v4.2.2 From 49ae5b80c396e092a6073b96ed7eff2e6f457172 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 14 Oct 2024 10:16:50 +0000 Subject: [PATCH 09/20] chore(deps): bump trufflesecurity/trufflehog from 3.82.6 to 3.82.8 Bumps [trufflesecurity/trufflehog](https://github.com/trufflesecurity/trufflehog) from 3.82.6 to 3.82.8. - [Release notes](https://github.com/trufflesecurity/trufflehog/releases) - [Changelog](https://github.com/trufflesecurity/trufflehog/blob/main/.goreleaser.yml) - [Commits](https://github.com/trufflesecurity/trufflehog/compare/0328a19a9d3877c9f04d0dbee5717aabff5b575d...5280c3877c038b601658903fb98da62192f436d8) --- updated-dependencies: - dependency-name: trufflesecurity/trufflehog dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/trufflehog.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/trufflehog.yml b/.github/workflows/trufflehog.yml index 20958044..718d8be3 100644 --- a/.github/workflows/trufflehog.yml +++ b/.github/workflows/trufflehog.yml @@ -48,7 +48,7 @@ jobs: - name: TruffleHog OSS id: trufflehog - uses: trufflesecurity/trufflehog@0328a19a9d3877c9f04d0dbee5717aabff5b575d #v3.82.6 + uses: trufflesecurity/trufflehog@5280c3877c038b601658903fb98da62192f436d8 #v3.82.8 continue-on-error: true with: path: ./ # Scan the entire repository From 8797587a0fb2be557406552c2fc0f3a1ee1cbf98 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 15 Oct 2024 10:56:53 +0000 Subject: [PATCH 10/20] chore(deps): bump github/codeql-action from 3.26.12 to 3.26.13 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.12 to 3.26.13. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/c36620d31ac7c881962c3d9dd939c40ec9434f2b...f779452ac5af1c261dce0346a8f964149f49322b) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 6 +++--- .github/workflows/kics.yml | 2 +- .github/workflows/trivy.yml | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 6f347140..cc3b3801 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -69,7 +69,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12 + uses: github/codeql-action/init@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -93,7 +93,7 @@ jobs: # Automates dependency installation for Python, Ruby, and JavaScript, optimizing the CodeQL analysis setup. # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12 + uses: github/codeql-action/autobuild@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 # Command-line programs to run using the OS shell. # See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -106,6 +106,6 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12 + uses: github/codeql-action/analyze@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/kics.yml b/.github/workflows/kics.yml index 6bc2b10b..8ec36f9b 100644 --- a/.github/workflows/kics.yml +++ b/.github/workflows/kics.yml @@ -62,6 +62,6 @@ jobs: # Upload findings to GitHub Advanced Security Dashboard - name: Upload SARIF file for GitHub Advanced Security Dashboard if: always() - uses: github/codeql-action/upload-sarif@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12 + uses: github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 with: sarif_file: kicsResults/results.sarif diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index c03829cf..9acebd86 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -51,7 +51,7 @@ jobs: limit-severities-for-sarif: true - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12 + uses: github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 if: always() with: sarif_file: "trivy-results-1.sarif" @@ -78,6 +78,6 @@ jobs: limit-severities-for-sarif: true - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12 + uses: github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 with: sarif_file: "trivy-results-2.sarif" From f7635c140e5587e147bbbda81351d9f47b98a658 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 16 Oct 2024 10:54:06 +0000 Subject: [PATCH 11/20] chore(deps): bump aquasecurity/trivy-action from 0.27.0 to 0.28.0 Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.27.0 to 0.28.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/5681af892cd0f4997658e2bacc62bd0a894cf564...915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/trivy.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index 9acebd86..bcb06707 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -40,7 +40,7 @@ jobs: uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Run Trivy vulnerability scanner in repo mode - uses: aquasecurity/trivy-action@5681af892cd0f4997658e2bacc62bd0a894cf564 # v0.27.0 + uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # v0.28.0 with: image-ref: "tractusx/app-puris-frontend:latest" format: "sarif" @@ -67,7 +67,7 @@ jobs: steps: # Pull image from Docker Hub and run Trivy vulnerability scanner - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@5681af892cd0f4997658e2bacc62bd0a894cf564 # v0.27.0 + uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # v0.28.0 with: image-ref: "tractusx/app-puris-backend:latest" format: "sarif" From 65d1df86ab48f5d9e4f6baa2f6a2c79b8f70f3db Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 16 Oct 2024 10:54:13 +0000 Subject: [PATCH 12/20] chore(deps): bump trufflesecurity/trufflehog from 3.82.8 to 3.82.9 Bumps [trufflesecurity/trufflehog](https://github.com/trufflesecurity/trufflehog) from 3.82.8 to 3.82.9. - [Release notes](https://github.com/trufflesecurity/trufflehog/releases) - [Changelog](https://github.com/trufflesecurity/trufflehog/blob/main/.goreleaser.yml) - [Commits](https://github.com/trufflesecurity/trufflehog/compare/5280c3877c038b601658903fb98da62192f436d8...8988cb51be4c97bcd362d7524fc67b47ac967a58) --- updated-dependencies: - dependency-name: trufflesecurity/trufflehog dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/trufflehog.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/trufflehog.yml b/.github/workflows/trufflehog.yml index b69d75b6..de40cd5f 100644 --- a/.github/workflows/trufflehog.yml +++ b/.github/workflows/trufflehog.yml @@ -48,7 +48,7 @@ jobs: - name: TruffleHog OSS id: trufflehog - uses: trufflesecurity/trufflehog@5280c3877c038b601658903fb98da62192f436d8 #v3.82.8 + uses: trufflesecurity/trufflehog@8988cb51be4c97bcd362d7524fc67b47ac967a58 #v3.82.9 continue-on-error: true with: path: ./ # Scan the entire repository From 9c7340b5d72e6856247335db75312b523568cc60 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 18 Oct 2024 11:05:04 +0000 Subject: [PATCH 13/20] chore(deps): bump trufflesecurity/trufflehog from 3.82.9 to 3.82.11 Bumps [trufflesecurity/trufflehog](https://github.com/trufflesecurity/trufflehog) from 3.82.9 to 3.82.11. - [Release notes](https://github.com/trufflesecurity/trufflehog/releases) - [Changelog](https://github.com/trufflesecurity/trufflehog/blob/main/.goreleaser.yml) - [Commits](https://github.com/trufflesecurity/trufflehog/compare/8988cb51be4c97bcd362d7524fc67b47ac967a58...b66c1670749c06f8d18f96bcbc5a6b80f7a7108e) --- updated-dependencies: - dependency-name: trufflesecurity/trufflehog dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/trufflehog.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/trufflehog.yml b/.github/workflows/trufflehog.yml index de40cd5f..912f1b1b 100644 --- a/.github/workflows/trufflehog.yml +++ b/.github/workflows/trufflehog.yml @@ -48,7 +48,7 @@ jobs: - name: TruffleHog OSS id: trufflehog - uses: trufflesecurity/trufflehog@8988cb51be4c97bcd362d7524fc67b47ac967a58 #v3.82.9 + uses: trufflesecurity/trufflehog@b66c1670749c06f8d18f96bcbc5a6b80f7a7108e #v3.82.11 continue-on-error: true with: path: ./ # Scan the entire repository From 381037bbae27cc534e8057a6bf664c120233d038 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 23 Oct 2024 10:52:40 +0000 Subject: [PATCH 14/20] chore(deps): bump github/codeql-action from 3.26.13 to 3.27.0 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.13 to 3.27.0. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/f779452ac5af1c261dce0346a8f964149f49322b...662472033e021d55d94146f66f6058822b0b39fd) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 6 +++--- .github/workflows/kics.yml | 2 +- .github/workflows/trivy.yml | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index cc3b3801..9b081bf7 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -69,7 +69,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 + uses: github/codeql-action/init@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -93,7 +93,7 @@ jobs: # Automates dependency installation for Python, Ruby, and JavaScript, optimizing the CodeQL analysis setup. # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 + uses: github/codeql-action/autobuild@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 # Command-line programs to run using the OS shell. # See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -106,6 +106,6 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 + uses: github/codeql-action/analyze@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/kics.yml b/.github/workflows/kics.yml index 8ec36f9b..fcfacd47 100644 --- a/.github/workflows/kics.yml +++ b/.github/workflows/kics.yml @@ -62,6 +62,6 @@ jobs: # Upload findings to GitHub Advanced Security Dashboard - name: Upload SARIF file for GitHub Advanced Security Dashboard if: always() - uses: github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 + uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 with: sarif_file: kicsResults/results.sarif diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index bcb06707..a25fde3e 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -51,7 +51,7 @@ jobs: limit-severities-for-sarif: true - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 + uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 if: always() with: sarif_file: "trivy-results-1.sarif" @@ -78,6 +78,6 @@ jobs: limit-severities-for-sarif: true - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 + uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 with: sarif_file: "trivy-results-2.sarif" From 5f8da757bb0d009bdf8a98be83bf873572351c61 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 24 Oct 2024 10:11:52 +0000 Subject: [PATCH 15/20] chore(deps): bump actions/checkout from 4.2.1 to 4.2.2 Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.1 to 4.2.2. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871...11bd71901bbe5b1630ceea73d27597364c9af683) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/build-image-backend.yml | 2 +- .github/workflows/build-image-frontend.yml | 2 +- .github/workflows/chart-release.yaml | 2 +- .github/workflows/codeql.yml | 2 +- .github/workflows/dash-dependency-check.yml | 4 ++-- .github/workflows/helm-test.yml | 2 +- .github/workflows/kics.yml | 2 +- .github/workflows/render-puml-to-svg.yml | 2 +- .github/workflows/trivy.yml | 2 +- .github/workflows/trufflehog.yml | 2 +- .github/workflows/unit-test-backend.yaml | 2 +- 11 files changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/build-image-backend.yml b/.github/workflows/build-image-backend.yml index b0a7eddf..44989751 100644 --- a/.github/workflows/build-image-backend.yml +++ b/.github/workflows/build-image-backend.yml @@ -49,7 +49,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 # Copy legal information from root dir to backend dir for publishing diff --git a/.github/workflows/build-image-frontend.yml b/.github/workflows/build-image-frontend.yml index 6278f4bc..e4deb790 100644 --- a/.github/workflows/build-image-frontend.yml +++ b/.github/workflows/build-image-frontend.yml @@ -53,7 +53,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup Node uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4 diff --git a/.github/workflows/chart-release.yaml b/.github/workflows/chart-release.yaml index e5967eba..088c6505 100644 --- a/.github/workflows/chart-release.yaml +++ b/.github/workflows/chart-release.yaml @@ -32,7 +32,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 9b081bf7..012828eb 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -65,7 +65,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/dash-dependency-check.yml b/.github/workflows/dash-dependency-check.yml index 7d7423e3..7ff5e2d0 100644 --- a/.github/workflows/dash-dependency-check.yml +++ b/.github/workflows/dash-dependency-check.yml @@ -35,7 +35,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Run dash id: run-dash @@ -51,7 +51,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up JDK 17 uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4.4.0 diff --git a/.github/workflows/helm-test.yml b/.github/workflows/helm-test.yml index 4c39862e..54e7da8d 100644 --- a/.github/workflows/helm-test.yml +++ b/.github/workflows/helm-test.yml @@ -53,7 +53,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 diff --git a/.github/workflows/kics.yml b/.github/workflows/kics.yml index fcfacd47..e4bdebbc 100644 --- a/.github/workflows/kics.yml +++ b/.github/workflows/kics.yml @@ -47,7 +47,7 @@ jobs: security-events: write steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: KICS scan uses: checkmarx/kics-github-action@94469746ec2c43de89a42fb9d2a80070f5d25b16 # v2.1.3 diff --git a/.github/workflows/render-puml-to-svg.yml b/.github/workflows/render-puml-to-svg.yml index ba00fcbd..0b934f07 100644 --- a/.github/workflows/render-puml-to-svg.yml +++ b/.github/workflows/render-puml-to-svg.yml @@ -42,7 +42,7 @@ jobs: needs: render-images steps: - name: checkout source repo - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: download generated svg file from job before uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v3 id: download diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index a25fde3e..d4b490ef 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -37,7 +37,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Run Trivy vulnerability scanner in repo mode uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # v0.28.0 diff --git a/.github/workflows/trufflehog.yml b/.github/workflows/trufflehog.yml index 912f1b1b..da2ba985 100644 --- a/.github/workflows/trufflehog.yml +++ b/.github/workflows/trufflehog.yml @@ -42,7 +42,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 # Ensure full clone for pull request workflows diff --git a/.github/workflows/unit-test-backend.yaml b/.github/workflows/unit-test-backend.yaml index 1829ac65..c2058c44 100644 --- a/.github/workflows/unit-test-backend.yaml +++ b/.github/workflows/unit-test-backend.yaml @@ -36,7 +36,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up JDK 21 uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4.4.0 From d961abfe4efcf87145e190fefbebb38fd03ad8c2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 25 Oct 2024 10:46:54 +0000 Subject: [PATCH 16/20] chore(deps): bump actions/setup-python from 5.2.0 to 5.3.0 Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5.2.0 to 5.3.0. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/f677139bbe7f9c59b41e40162b753c062f5d49a3...0b93645e9fea7318ecaed2b359559ac225c90a2b) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/helm-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/helm-test.yml b/.github/workflows/helm-test.yml index 54e7da8d..73842736 100644 --- a/.github/workflows/helm-test.yml +++ b/.github/workflows/helm-test.yml @@ -86,7 +86,7 @@ jobs: with: version: ${{ github.event.inputs.helm_version || 'latest' }} - - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 + - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: '3.9' check-latest: true From f63981e3ba10d03caa67bf036d518fea6b003d3a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 25 Oct 2024 10:46:58 +0000 Subject: [PATCH 17/20] chore(deps): bump actions/setup-java from 4.4.0 to 4.5.0 Bumps [actions/setup-java](https://github.com/actions/setup-java) from 4.4.0 to 4.5.0. - [Release notes](https://github.com/actions/setup-java/releases) - [Commits](https://github.com/actions/setup-java/compare/b36c23c0d998641eff861008f374ee103c25ac73...8df1039502a15bceb9433410b1a100fbe190c53b) --- updated-dependencies: - dependency-name: actions/setup-java dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 2 +- .github/workflows/dash-dependency-check.yml | 2 +- .github/workflows/unit-test-backend.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 012828eb..544abcc0 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -82,7 +82,7 @@ jobs: - name: Setup java for backend # Ensures that the workflow only runs for 'java' if: ${{ matrix.language == 'java' }} - uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4.4.0 + uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0 with: java-version: 21 distribution: temurin diff --git a/.github/workflows/dash-dependency-check.yml b/.github/workflows/dash-dependency-check.yml index 7ff5e2d0..52a93d9f 100644 --- a/.github/workflows/dash-dependency-check.yml +++ b/.github/workflows/dash-dependency-check.yml @@ -54,7 +54,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up JDK 17 - uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4.4.0 + uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0 with: java-version: '17' distribution: 'temurin' diff --git a/.github/workflows/unit-test-backend.yaml b/.github/workflows/unit-test-backend.yaml index c2058c44..534da302 100644 --- a/.github/workflows/unit-test-backend.yaml +++ b/.github/workflows/unit-test-backend.yaml @@ -39,7 +39,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up JDK 21 - uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4.4.0 + uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0 with: java-version: '21' distribution: 'temurin' From b565c99ff92e7c8298a72720be4d72c83d6cdfe0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 25 Oct 2024 10:47:01 +0000 Subject: [PATCH 18/20] chore(deps): bump actions/setup-node from 4.0.4 to 4.1.0 Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4.0.4 to 4.1.0. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/0a44ba7841725637a19e28fa30b79a866c81b0a6...39370e3970a6d050c480ffad4ff0ed4d3fdee5af) --- updated-dependencies: - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/build-image-frontend.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-image-frontend.yml b/.github/workflows/build-image-frontend.yml index e4deb790..b91cb9c9 100644 --- a/.github/workflows/build-image-frontend.yml +++ b/.github/workflows/build-image-frontend.yml @@ -56,7 +56,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup Node - uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4 + uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 with: node-version: 20 registry-url: https://registry.npmjs.org/ From 3dc0e5b4aafbb68307428500fb966ac4db9e9597 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 25 Oct 2024 10:47:05 +0000 Subject: [PATCH 19/20] chore(deps): bump trufflesecurity/trufflehog from 3.82.11 to 3.82.13 Bumps [trufflesecurity/trufflehog](https://github.com/trufflesecurity/trufflehog) from 3.82.11 to 3.82.13. - [Release notes](https://github.com/trufflesecurity/trufflehog/releases) - [Changelog](https://github.com/trufflesecurity/trufflehog/blob/main/.goreleaser.yml) - [Commits](https://github.com/trufflesecurity/trufflehog/compare/b66c1670749c06f8d18f96bcbc5a6b80f7a7108e...1aa1871f9ae24a8c8a3a48a9345514acf42beb39) --- updated-dependencies: - dependency-name: trufflesecurity/trufflehog dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/trufflehog.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/trufflehog.yml b/.github/workflows/trufflehog.yml index da2ba985..6d9ff5cb 100644 --- a/.github/workflows/trufflehog.yml +++ b/.github/workflows/trufflehog.yml @@ -48,7 +48,7 @@ jobs: - name: TruffleHog OSS id: trufflehog - uses: trufflesecurity/trufflehog@b66c1670749c06f8d18f96bcbc5a6b80f7a7108e #v3.82.11 + uses: trufflesecurity/trufflehog@1aa1871f9ae24a8c8a3a48a9345514acf42beb39 #v3.82.13 continue-on-error: true with: path: ./ # Scan the entire repository From a0cff09d854009971b9835739b4e34cc7c4b82f7 Mon Sep 17 00:00:00 2001 From: --show-origin Date: Thu, 21 Nov 2024 00:03:59 -0800 Subject: [PATCH 20/20] chore(./DEPENDENCIES_FRONTEND): updated due to keycloak-js --- DEPENDENCIES_FRONTEND | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/DEPENDENCIES_FRONTEND b/DEPENDENCIES_FRONTEND index ae7460a3..5894716e 100644 --- a/DEPENDENCIES_FRONTEND +++ b/DEPENDENCIES_FRONTEND @@ -42,7 +42,7 @@ npm/npmjs/-/concat-map/0.0.1, MIT, approved, clearlydefined npm/npmjs/-/convert-source-map/1.9.0, MIT, approved, clearlydefined npm/npmjs/-/convert-source-map/2.0.0, MIT, approved, clearlydefined npm/npmjs/-/cosmiconfig/7.1.0, MIT, approved, #4975 -npm/npmjs/-/cross-spawn/7.0.3, MIT, approved, clearlydefined +npm/npmjs/-/cross-spawn/7.0.3, MIT, approved, #17146 npm/npmjs/-/cssesc/3.0.0, MIT, approved, clearlydefined npm/npmjs/-/csstype/3.1.3, MIT, approved, #11847 npm/npmjs/-/date-fns/2.30.0, MIT, approved, clearlydefined @@ -68,7 +68,7 @@ npm/npmjs/-/escalade/3.1.1, MIT, approved, clearlydefined npm/npmjs/-/escape-string-regexp/1.0.5, MIT, approved, clearlydefined npm/npmjs/-/escape-string-regexp/4.0.0, MIT, approved, clearlydefined npm/npmjs/-/eslint-plugin-react-hooks/4.6.0, MIT, approved, clearlydefined -npm/npmjs/-/eslint-plugin-react-refresh/0.4.5, MIT, approved, clearlydefined +npm/npmjs/-/eslint-plugin-react-refresh/0.4.5, MIT, approved, #16852 npm/npmjs/-/eslint-scope/7.2.2, BSD-2-Clause, approved, #9916 npm/npmjs/-/eslint-visitor-keys/3.4.3, Apache-2.0, approved, #15274 npm/npmjs/-/eslint/8.56.0, MIT AND ISC AND OFL-1.1 AND CC-BY-SA-2.0-UK, approved, #12110 @@ -132,7 +132,7 @@ npm/npmjs/-/isexe/2.0.0, ISC, approved, clearlydefined npm/npmjs/-/jackspeak/2.3.6, BlueOak-1.0.0, approved, #10783 npm/npmjs/-/jiti/1.21.0, MIT, approved, clearlydefined npm/npmjs/-/jquery/3.7.1, MIT, approved, clearlydefined -npm/npmjs/-/js-sha256/0.10.1, MIT, approved, clearlydefined +npm/npmjs/-/js-sha256/0.11.0, MIT, approved, clearlydefined npm/npmjs/-/js-tokens/4.0.0, MIT, approved, #2401 npm/npmjs/-/js-yaml/4.1.0, MIT, approved, clearlydefined npm/npmjs/-/jsesc/2.5.2, MIT, approved, clearlydefined @@ -143,7 +143,7 @@ npm/npmjs/-/json-stable-stringify-without-jsonify/1.0.1, MIT, approved, clearlyd npm/npmjs/-/json2mq/0.2.0, MIT, approved, clearlydefined npm/npmjs/-/json5/2.2.3, MIT, approved, #15226 npm/npmjs/-/jwt-decode/4.0.0, MIT, approved, clearlydefined -npm/npmjs/-/keycloak-js/23.0.5, Apache-2.0 AND MIT AND EPL-1.0 AND LicenseRef-scancode-oasis-ws-security-spec AND W3C AND LicenseRef-scancode-ws-policy-specification AND W3C AND W3C-19980720 AND (AFL-2.1 OR LGPL-2.0-only) AND (Apache-2.0 AND MIT) AND (Apache-2.0 AND MIT), approved, #11737 +npm/npmjs/-/keycloak-js/25.0.6, Apache-2.0, approved, clearlydefined npm/npmjs/-/keyv/4.5.4, MIT, approved, #4674 npm/npmjs/-/kleur/4.1.5, MIT, approved, clearlydefined npm/npmjs/-/levn/0.4.1, MIT, approved, clearlydefined @@ -267,10 +267,8 @@ npm/npmjs/-/source-map-js/1.2.0, BSD-3-Clause, approved, #15272 npm/npmjs/-/source-map/0.5.7, BSD-3-Clause, approved, #2400 npm/npmjs/-/space-separated-tokens/2.0.2, MIT, approved, clearlydefined npm/npmjs/-/string-convert/0.2.1, MIT, approved, clearlydefined -npm/npmjs/-/string-width-cjs/4.2.3, MIT, approved, #11627 npm/npmjs/-/string-width/4.2.3, MIT, approved, clearlydefined npm/npmjs/-/string-width/5.1.2, MIT, approved, clearlydefined -npm/npmjs/-/strip-ansi-cjs/6.0.1, MIT, approved, #11643 npm/npmjs/-/strip-ansi/6.0.1, MIT, approved, clearlydefined npm/npmjs/-/strip-ansi/7.1.0, MIT, approved, #8735 npm/npmjs/-/strip-json-comments/3.1.1, MIT, approved, clearlydefined @@ -309,7 +307,7 @@ npm/npmjs/-/vfile/5.3.7, MIT, approved, clearlydefined npm/npmjs/-/vite/5.3.3, MIT AND (ISC AND MIT) AND (Apache-2.0 AND BSD-2-Clause AND BlueOak-1.0.0 AND CC0-1.0 AND ISC AND MIT) AND (BSD-3-Clause AND MIT) AND ISC AND (BSD-2-Clause AND BSD-3-Clause), approved, #15461 npm/npmjs/-/void-elements/3.1.0, MIT, approved, clearlydefined npm/npmjs/-/which/2.0.2, ISC, approved, clearlydefined -npm/npmjs/-/wrap-ansi-cjs/7.0.0, MIT, approved, #11631 +npm/npmjs/-/wrap-ansi/7.0.0, MIT, approved, clearlydefined npm/npmjs/-/wrap-ansi/8.1.0, MIT, approved, clearlydefined npm/npmjs/-/wrappy/1.0.2, ISC, approved, clearlydefined npm/npmjs/-/yallist/3.1.1, ISC, approved, clearlydefined @@ -407,7 +405,7 @@ npm/npmjs/@mui/material/5.14.12, , approved, #9917 npm/npmjs/@mui/private-theming/5.14.12, MIT, approved, #10973 npm/npmjs/@mui/styled-engine/5.14.20, MIT, approved, #10971 npm/npmjs/@mui/system/5.14.12, MIT AND CC-BY-3.0, approved, #9905 -npm/npmjs/@mui/types/7.2.13, MIT, approved, clearlydefined +npm/npmjs/@mui/types/7.2.13, MIT, approved, #16017 npm/npmjs/@mui/utils/5.14.12, MIT AND CC-BY-3.0, approved, #9891 npm/npmjs/@mui/utils/5.14.20, MIT AND CC-BY-3.0, approved, #9891 npm/npmjs/@mui/x-data-grid/6.18.7, MIT AND ISC, approved, #11696 @@ -446,7 +444,7 @@ npm/npmjs/@types/mdast/3.0.15, MIT, approved, clearlydefined npm/npmjs/@types/ms/0.7.34, MIT, approved, #10811 npm/npmjs/@types/node/20.8.3, MIT, approved, #10804 npm/npmjs/@types/parse-json/4.0.2, MIT, approved, clearlydefined -npm/npmjs/@types/prop-types/15.7.11, MIT, approved, clearlydefined +npm/npmjs/@types/prop-types/15.7.11, MIT, approved, #16176 npm/npmjs/@types/react-dom/18.2.18, MIT, approved, #8256 npm/npmjs/@types/react-transition-group/4.4.10, MIT, approved, #8416 npm/npmjs/@types/react/18.2.48, MIT, approved, #8234