Skip to content

Commit 9ccdd68

Browse files
varunreddy-egovtalele08dependabot[bot]claude
authored
Security patch (#1333)
* Bump ch.qos.logback:logback-classic in /core-services/egov-user (#1310) Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.2.0 to 1.2.13. - [Release notes](https://github.com/qos-ch/logback/releases) - [Commits](qos-ch/logback@v_1.2.0...v_1.2.13) --- updated-dependencies: - dependency-name: ch.qos.logback:logback-classic dependency-version: 1.2.13 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump org.postgresql:postgresql in /core-services/egov-location (#1311) Bumps [org.postgresql:postgresql](https://github.com/pgjdbc/pgjdbc) from 42.7.7 to 42.7.11. - [Release notes](https://github.com/pgjdbc/pgjdbc/releases) - [Changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md) - [Commits](pgjdbc/pgjdbc@REL42.7.7...REL42.7.11) --- updated-dependencies: - dependency-name: org.postgresql:postgresql dependency-version: 42.7.11 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Fix: pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS * Dependabot/maven/tutorials/backend developer guide/btr service/net.minidev json smart 2.5.2 (#1314) * Bump net.minidev:json-smart Bumps [net.minidev:json-smart](https://github.com/netplex/json-smart-v2) from 2.5.0 to 2.5.2. - [Release notes](https://github.com/netplex/json-smart-v2/releases) - [Commits](netplex/json-smart-v2@2.5.0...2.5.2) --- updated-dependencies: - dependency-name: net.minidev:json-smart dependency-version: 2.5.2 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> * updated json-smart version --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Dependabot/maven/core services/egov malware detection/commons io commons io 2.14.0 (#1316) * Bump commons-io:commons-io in /core-services/egov-malware-detection Bumps commons-io:commons-io from 2.11.0 to 2.14.0. --- updated-dependencies: - dependency-name: commons-io:commons-io dependency-version: 2.14.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> * updated common.io --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Dependabot/maven/core services/egov user/org.jsoup jsoup 1.15.3 (#1317) * Bump org.jsoup:jsoup from 1.10.2 to 1.15.3 in /core-services/egov-user Bumps [org.jsoup:jsoup](https://github.com/jhy/jsoup) from 1.10.2 to 1.15.3. - [Release notes](https://github.com/jhy/jsoup/releases) - [Changelog](https://github.com/jhy/jsoup/blob/jsoup-1.15.3/CHANGES) - [Commits](jhy/jsoup@jsoup-1.10.2...jsoup-1.15.3) --- updated-dependencies: - dependency-name: org.jsoup:jsoup dependency-version: 1.15.3 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> * Update jsoup dependency version to 1.15.3 --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump io.minio:minio from 7.1.4 to 8.6.0 in /core-services/egov-filestore (#1318) Bumps [io.minio:minio](https://github.com/minio/minio-java) from 7.1.4 to 8.6.0. - [Release notes](https://github.com/minio/minio-java/releases) - [Commits](minio/minio-java@7.1.4...8.6.0) --- updated-dependencies: - dependency-name: io.minio:minio dependency-version: 8.6.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump io.minio:minio in /core-services/egov-malware-detection (#1319) Bumps [io.minio:minio](https://github.com/minio/minio-java) from 8.5.7 to 8.6.0. - [Release notes](https://github.com/minio/minio-java/releases) - [Commits](minio/minio-java@8.5.7...8.6.0) --- updated-dependencies: - dependency-name: io.minio:minio dependency-version: 8.6.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump com.amazonaws:aws-java-sdk-s3 in /core-services/egov-filestore (#1321) Bumps [com.amazonaws:aws-java-sdk-s3](https://github.com/aws/aws-sdk-java) from 1.11.289 to 1.12.261. - [Changelog](https://github.com/aws/aws-sdk-java/blob/master/CHANGELOG.md) - [Commits](aws/aws-sdk-java@1.11.289...1.12.261) --- updated-dependencies: - dependency-name: com.amazonaws:aws-java-sdk-s3 dependency-version: 1.12.261 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Kafka client will transitively pull the dependency * Update tracer dependency version to 2.9.2-SNAPSHOT * Filestore changes due to minio major version change * Feat: Updated tracer version to 2.9.2 * Fix: Removed hardcoded postgresql version * Patches for vulnerabilites * Changes to dependencies in utilites * Change branch for push trigger to 'security-patch' * Clean up permissions in scorecard.yml (#1330) Removed commented-out permissions for private repositories. * Add workflow_dispatch trigger to scorecard workflow Allows manual triggering from GitHub Actions UI and fixes the job condition to not skip runs triggered via workflow_dispatch on non-default branches. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * Fix scorecard publish_results to allow runs on non-default branches publish_results: true causes scorecard-action to abort on any branch other than master. Making it conditional lets manual/PR runs complete. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * Update scorecard.yml * Update scorecard.yml --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: talele08 <talele08@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: talele08 <talele.aniket@gmail.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
1 parent b4f1845 commit 9ccdd68

34 files changed

Lines changed: 58 additions & 20 deletions

File tree

.github/workflows/scorecard.yml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,8 @@ on:
1212
schedule:
1313
- cron: '45 1 * * 4'
1414
push:
15-
branches: [ "security-patch" ]
15+
branches: [ "master" ]
16+
1617
workflow_dispatch:
1718

1819
# Declare default permissions as read only.

accelerators/gateway-kubernetes-discovery/go.mod

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,6 @@ go 1.13
44

55
require (
66
k8s.io/api v0.17.0
7-
k8s.io/apimachinery v0.17.0
8-
k8s.io/client-go v0.17.0
7+
k8s.io/apimachinery v0.17.9
8+
k8s.io/client-go v0.17.16
99
)

core-services/audit-service/pom.xml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@
1616
<java.version>17</java.version>
1717
<tomcat.version>10.1.45</tomcat.version>
1818
<jackson-bom.version>2.18.6</jackson-bom.version>
19+
<logback.version>1.5.25</logback.version>
1920
<spring-framework.version>6.2.11</spring-framework.version>
2021
<postgresql.version>42.7.11</postgresql.version>
2122
</properties>

core-services/boundary-service/pom.xml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,8 @@
99
<java.version>17</java.version>
1010
<maven.compiler.source>${java.version}</maven.compiler.source>
1111
<maven.compiler.target>${java.version}</maven.compiler.target>
12+
<jackson-bom.version>2.18.6</jackson-bom.version>
13+
<logback.version>1.5.25</logback.version>
1214
</properties>
1315
<parent>
1416
<groupId>org.springframework.boot</groupId>

core-services/egov-accesscontrol/pom.xml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,7 @@
2525
<cache2k-version>1.2.0.Final</cache2k-version>
2626
<tomcat.version>10.1.45</tomcat.version>
2727
<jackson-bom.version>2.18.6</jackson-bom.version>
28+
<logback.version>1.5.25</logback.version>
2829
<spring-framework.version>6.2.11</spring-framework.version>
2930
<postgresql.version>42.7.11</postgresql.version>
3031
</properties>
@@ -83,7 +84,7 @@
8384
<dependency>
8485
<groupId>org.apache.commons</groupId>
8586
<artifactId>commons-lang3</artifactId>
86-
<version>3.0</version>
87+
<version>3.18.0</version>
8788
</dependency>
8889

8990
<dependency>

core-services/egov-enc-service/pom.xml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@
1818
<lombok.version>1.18.22</lombok.version>
1919
<tomcat.version>10.1.45</tomcat.version>
2020
<jackson-bom.version>2.18.6</jackson-bom.version>
21+
<logback.version>1.5.25</logback.version>
2122
<spring-framework.version>6.2.11</spring-framework.version>
2223
<postgresql.version>42.7.11</postgresql.version>
2324
</properties>

core-services/egov-filestore/pom.xml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,7 @@
2222
<lombok.version>1.18.22</lombok.version>
2323
<tomcat.version>10.1.45</tomcat.version>
2424
<jackson-bom.version>2.18.6</jackson-bom.version>
25+
<logback.version>1.5.25</logback.version>
2526
<spring-framework.version>6.2.11</spring-framework.version>
2627
<postgresql.version>42.7.11</postgresql.version>
2728
</properties>

core-services/egov-idgen/pom.xml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,7 @@
2020
<lombok.version>1.18.22</lombok.version>
2121
<tomcat.version>10.1.45</tomcat.version>
2222
<jackson-bom.version>2.18.6</jackson-bom.version>
23+
<logback.version>1.5.25</logback.version>
2324
<spring-framework.version>6.2.11</spring-framework.version>
2425
<postgresql.version>42.7.11</postgresql.version>
2526
</properties>

core-services/egov-indexer/pom.xml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,7 @@
2222
<cache2k-version>1.2.0.Final</cache2k-version>
2323
<tomcat.version>10.1.45</tomcat.version>
2424
<jackson-bom.version>2.18.6</jackson-bom.version>
25+
<logback.version>1.5.25</logback.version>
2526
<spring-framework.version>6.2.11</spring-framework.version>
2627
<postgresql.version>42.7.11</postgresql.version>
2728
</properties>

core-services/egov-localization/pom.xml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,7 @@
1919
<lombok.version>1.18.22</lombok.version>
2020
<tomcat.version>10.1.45</tomcat.version>
2121
<jackson-bom.version>2.18.6</jackson-bom.version>
22+
<logback.version>1.5.25</logback.version>
2223
<spring-framework.version>6.2.11</spring-framework.version>
2324
<postgresql.version>42.7.11</postgresql.version>
2425
</properties>

0 commit comments

Comments
 (0)