From a98ecb900fcb2feadfa77647b2fab3e75901fb36 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 14 Aug 2024 00:18:43 +0000 Subject: [PATCH 1/7] fix(deps): bump org.slf4j:slf4j-api from 2.0.14 to 2.0.16 Bumps org.slf4j:slf4j-api from 2.0.14 to 2.0.16. --- updated-dependencies: - dependency-name: org.slf4j:slf4j-api dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index d3d5d388..925d8029 100644 --- a/build.gradle +++ b/build.gradle @@ -46,7 +46,7 @@ jib { project.ext { mongoDbDriverVersion = "5.1.2" - slf4jVersion = "2.0.14" + slf4jVersion = "2.0.16" operatorFrameworkVersion = "4.9.2" kubernetesServerMockVersion = "6.13.1" // align with transitive dependency of operator framework mockitoVersion = "5.2.0" From 9efe2cfd42e958160df5f2ebc445bcea50ae1f1a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 14 Aug 2024 00:18:46 +0000 Subject: [PATCH 2/7] test(deps): bump org.apache.commons:commons-compress Bumps org.apache.commons:commons-compress from 1.26.2 to 1.27.0. --- updated-dependencies: - dependency-name: org.apache.commons:commons-compress dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 925d8029..891eb797 100644 --- a/build.gradle +++ b/build.gradle @@ -118,7 +118,7 @@ dependencies { // CVE-2024-25710 + CVE-2024-26308 in transitive version 1.25.0 exclude group: "org.apache.commons", module: "commons-compress" } - testImplementation 'org.apache.commons:commons-compress:1.26.2' + testImplementation 'org.apache.commons:commons-compress:1.27.0' testImplementation "org.mongodb:mongodb-driver-legacy:${mongoDbDriverVersion}" testImplementation "org.mockito:mockito-junit-jupiter:${mockitoVersion}", { // conflict of 1.14.1 and 1.14.7 in uk.org.webcompere:system-stubs-jupiter From 4e30b9e8238e1aa189ec194be8beaf6f32f69b8f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 14 Aug 2024 02:18:51 +0200 Subject: [PATCH 3/7] fix(deps): bump mongoDbDriverVersion from 5.1.2 to 5.1.3 Bumps `mongoDbDriverVersion` from 5.1.2 to 5.1.3. Updates `org.mongodb:mongodb-driver-sync` from 5.1.2 to 5.1.3 - [Release notes](https://github.com/mongodb/mongo-java-driver/releases) - [Commits](https://github.com/mongodb/mongo-java-driver/compare/r5.1.2...r5.1.3) Updates `org.mongodb:mongodb-driver-legacy` from 5.1.2 to 5.1.3 - [Release notes](https://github.com/mongodb/mongo-java-driver/releases) - [Commits](https://github.com/mongodb/mongo-java-driver/compare/r5.1.2...r5.1.3) --- updated-dependencies: - dependency-name: org.mongodb:mongodb-driver-sync dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.mongodb:mongodb-driver-legacy dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 891eb797..530cb5f2 100644 --- a/build.gradle +++ b/build.gradle @@ -45,7 +45,7 @@ jib { } project.ext { - mongoDbDriverVersion = "5.1.2" + mongoDbDriverVersion = "5.1.3" slf4jVersion = "2.0.16" operatorFrameworkVersion = "4.9.2" kubernetesServerMockVersion = "6.13.1" // align with transitive dependency of operator framework From 46de8e703b737e2e35cce7b944331ce923101754 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 14 Aug 2024 00:18:55 +0000 Subject: [PATCH 4/7] fix(deps): bump io.micrometer:micrometer-registry-prometheus Bumps [io.micrometer:micrometer-registry-prometheus](https://github.com/micrometer-metrics/micrometer) from 1.13.2 to 1.13.3. - [Release notes](https://github.com/micrometer-metrics/micrometer/releases) - [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.13.2...v1.13.3) --- updated-dependencies: - dependency-name: io.micrometer:micrometer-registry-prometheus dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 530cb5f2..2f9974f9 100644 --- a/build.gradle +++ b/build.gradle @@ -101,7 +101,7 @@ dependencies { exclude group: "ch.qos.logback", module: "logback-core" } - implementation 'io.micrometer:micrometer-registry-prometheus:1.13.2' + implementation 'io.micrometer:micrometer-registry-prometheus:1.13.3' // test testImplementation enforcedPlatform("org.junit:junit-bom:5.10.3") From a6ab9a57674f146790a6b14dfe46bd68a80143d2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 14 Aug 2024 00:18:57 +0000 Subject: [PATCH 5/7] test(deps): bump org.awaitility:awaitility from 4.2.1 to 4.2.2 Bumps [org.awaitility:awaitility](https://github.com/awaitility/awaitility) from 4.2.1 to 4.2.2. - [Changelog](https://github.com/awaitility/awaitility/blob/master/changelog.txt) - [Commits](https://github.com/awaitility/awaitility/compare/awaitility-4.2.1...awaitility-4.2.2) --- updated-dependencies: - dependency-name: org.awaitility:awaitility dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 2f9974f9..3d217233 100644 --- a/build.gradle +++ b/build.gradle @@ -131,7 +131,7 @@ dependencies { exclude group: 'net.bytebuddy', 'module': 'byte-buddy' exclude group: 'net.bytebuddy', 'module': 'byte-buddy-agent' } - testImplementation 'org.awaitility:awaitility:4.2.1' + testImplementation 'org.awaitility:awaitility:4.2.2' testImplementation "io.fabric8:kubernetes-server-mock:${kubernetesServerMockVersion}", { // self managed to avoid conflicts exclude group: "org.slf4j" From c0d30e7b1d98aea9bf04538a0c9c3478d629b65b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 7 Aug 2024 09:08:58 +0000 Subject: [PATCH 6/7] chore(deps): bump actions/upload-artifact from 4.3.5 to 4.3.6 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.5 to 4.3.6. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/89ef406dd8d7e03cfd12d9e0a4a378f454709029...834a144ee995460fba8ed112a2fc961b36a5ec5a) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/cve-check.yml | 2 +- .github/workflows/java-ci.yml | 2 +- .github/workflows/publish-docs.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/cve-check.yml b/.github/workflows/cve-check.yml index de83dc23..bfc8d342 100644 --- a/.github/workflows/cve-check.yml +++ b/.github/workflows/cve-check.yml @@ -144,7 +144,7 @@ jobs: - name: Upload CVE files if: failure() - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5 + uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 with: name: cves path: cve_slack_payload_*.json diff --git a/.github/workflows/java-ci.yml b/.github/workflows/java-ci.yml index 22275193..012a4183 100644 --- a/.github/workflows/java-ci.yml +++ b/.github/workflows/java-ci.yml @@ -37,7 +37,7 @@ jobs: ./gradlew jibDockerBuild && docker run --rm --entrypoint="echo" mongodb-operator:latest 'image is not distroless' && exit 1 || echo 'image is distroless' - - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5 + - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 if: always() with: name: java-ci-test-results diff --git a/.github/workflows/publish-docs.yml b/.github/workflows/publish-docs.yml index e567a949..f61e571b 100644 --- a/.github/workflows/publish-docs.yml +++ b/.github/workflows/publish-docs.yml @@ -31,7 +31,7 @@ jobs: run: mkdocs build --config-file mkdocs.yml && ls -al - name: Archive test build if: github.event_name == 'pull_request' - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5 + uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 with: name: site path: | From cd306e7b60dc38f0289b5f4fd2fa85f3575fe4bb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Siebahn?= Date: Mon, 19 Aug 2024 14:43:34 +0200 Subject: [PATCH 7/7] test(deps): stop managing apache commons compress --- build.gradle | 3 --- 1 file changed, 3 deletions(-) diff --git a/build.gradle b/build.gradle index 3d217233..f518b41e 100644 --- a/build.gradle +++ b/build.gradle @@ -115,10 +115,7 @@ dependencies { // try to replace local commons-compress management on update! testImplementation 'de.flapdoodle.embed:de.flapdoodle.embed.mongo:4.16.2', { exclude group: "org.slf4j", module: "slf4j-api" - // CVE-2024-25710 + CVE-2024-26308 in transitive version 1.25.0 - exclude group: "org.apache.commons", module: "commons-compress" } - testImplementation 'org.apache.commons:commons-compress:1.27.0' testImplementation "org.mongodb:mongodb-driver-legacy:${mongoDbDriverVersion}" testImplementation "org.mockito:mockito-junit-jupiter:${mockitoVersion}", { // conflict of 1.14.1 and 1.14.7 in uk.org.webcompere:system-stubs-jupiter