From 147673da312ed9796cb6977b16d0913f263dbc9a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 9 Jun 2025 20:44:12 +0000
Subject: [PATCH 1/7] chore(deps): bump aquasecurity/trivy-action from 0.30.0
 to 0.31.0

Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.30.0 to 0.31.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/6c175e9c4083a92bbca2f9724c8a5e33bc2d97a5...76071ef0d7ec797419534a183b498b4d6366cf37)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-version: 0.31.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/cve-check.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/cve-check.yml b/.github/workflows/cve-check.yml
index 2c9064c7..1beda08a 100644
--- a/.github/workflows/cve-check.yml
+++ b/.github/workflows/cve-check.yml
@@ -41,7 +41,7 @@ jobs:
         run: ./gradlew resolveAndLockAll --write-locks
 
       - name: Check for vulnerabilities
-        uses: aquasecurity/trivy-action@6c175e9c4083a92bbca2f9724c8a5e33bc2d97a5 # v0.30.0
+        uses: aquasecurity/trivy-action@76071ef0d7ec797419534a183b498b4d6366cf37 # v0.31.0
         id: cve_check
         with:
           scan-type: 'fs'

From b776facec8b727df4a2c5f683a40f32a0d9c94c5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 11 Jun 2025 00:05:07 +0000
Subject: [PATCH 2/7] fix(deps): bump io.netty:netty-bom from 4.2.1.Final to
 4.2.2.Final

Bumps [io.netty:netty-bom](https://github.com/netty/netty) from 4.2.1.Final to 4.2.2.Final.
- [Commits](https://github.com/netty/netty/compare/netty-4.2.1.Final...netty-4.2.2.Final)

---
updated-dependencies:
- dependency-name: io.netty:netty-bom
  dependency-version: 4.2.2.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 build.gradle | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build.gradle b/build.gradle
index 8b96d055..be3fb8a0 100644
--- a/build.gradle
+++ b/build.gradle
@@ -56,7 +56,7 @@ project.ext {
   mockitoVersion = "5.2.0"
   jacksonVersion = "2.19.0"
   logbackContribVersion = "0.1.5"
-  nettyVersion = "4.2.1.Final"
+  nettyVersion = "4.2.2.Final"
 }
 
 dependencies {

From 1aa0230eb20b3b14d3c3025e8ea13cbb87fb4883 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 11 Jun 2025 00:05:19 +0000
Subject: [PATCH 3/7] test(deps): bump org.junit:junit-bom from 5.13.0 to
 5.13.1

Bumps [org.junit:junit-bom](https://github.com/junit-team/junit5) from 5.13.0 to 5.13.1.
- [Release notes](https://github.com/junit-team/junit5/releases)
- [Commits](https://github.com/junit-team/junit5/compare/r5.13.0...r5.13.1)

---
updated-dependencies:
- dependency-name: org.junit:junit-bom
  dependency-version: 5.13.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 build.gradle | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build.gradle b/build.gradle
index be3fb8a0..37a26389 100644
--- a/build.gradle
+++ b/build.gradle
@@ -102,7 +102,7 @@ dependencies {
   implementation 'io.micrometer:micrometer-registry-prometheus:1.15.0'
 
   // test
-  testImplementation enforcedPlatform("org.junit:junit-bom:5.13.0")
+  testImplementation enforcedPlatform("org.junit:junit-bom:5.13.1")
   testImplementation 'org.junit.jupiter:junit-jupiter'
   testImplementation 'org.junit-pioneer:junit-pioneer:2.3.0'
   testImplementation 'org.assertj:assertj-core:3.27.3', {

From 83bd400a3e56d9058065efaa98535366e1570765 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 11 Jun 2025 00:05:25 +0000
Subject: [PATCH 4/7] test(deps): bump
 de.flapdoodle.embed:de.flapdoodle.embed.mongo

Bumps [de.flapdoodle.embed:de.flapdoodle.embed.mongo](https://github.com/flapdoodle-oss/de.flapdoodle.embed.mongo) from 4.20.0 to 4.20.1.
- [Commits](https://github.com/flapdoodle-oss/de.flapdoodle.embed.mongo/compare/de.flapdoodle.embed.mongo-4.20.0...de.flapdoodle.embed.mongo-4.20.1)

---
updated-dependencies:
- dependency-name: de.flapdoodle.embed:de.flapdoodle.embed.mongo
  dependency-version: 4.20.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 build.gradle | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build.gradle b/build.gradle
index 37a26389..0677e9c9 100644
--- a/build.gradle
+++ b/build.gradle
@@ -111,7 +111,7 @@ dependencies {
     exclude group: "net.bytebuddy", module: "byte-buddy-agent"
   }
   // try to replace local commons-compress management on update!
-  testImplementation 'de.flapdoodle.embed:de.flapdoodle.embed.mongo:4.20.0', {
+  testImplementation 'de.flapdoodle.embed:de.flapdoodle.embed.mongo:4.20.1', {
     // newer version from operator-framework
     exclude group: "org.apache.commons", module: "commons-lang3"
   }

From 23c4f8c3977b7347022de318e3a269cf22a709bc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 11 Jun 2025 00:05:30 +0000
Subject: [PATCH 5/7] fix(deps): bump org.bouncycastle:bcpkix-jdk18on from 1.80
 to 1.81

Bumps [org.bouncycastle:bcpkix-jdk18on](https://github.com/bcgit/bc-java) from 1.80 to 1.81.
- [Changelog](https://github.com/bcgit/bc-java/blob/main/docs/releasenotes.html)
- [Commits](https://github.com/bcgit/bc-java/commits)

---
updated-dependencies:
- dependency-name: org.bouncycastle:bcpkix-jdk18on
  dependency-version: '1.81'
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 build.gradle | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build.gradle b/build.gradle
index 0677e9c9..f3051bfe 100644
--- a/build.gradle
+++ b/build.gradle
@@ -85,7 +85,7 @@ dependencies {
 
   implementation 'org.hibernate.validator:hibernate-validator:9.0.0.Final'
   implementation 'jakarta.el:jakarta.el-api:6.0.1'
-  implementation 'org.bouncycastle:bcpkix-jdk18on:1.80'
+  implementation 'org.bouncycastle:bcpkix-jdk18on:1.81'
   implementation "io.javalin:javalin:6.6.0"
 
   // logging

From 104256462677feee55b9b7ea26804756203ce67b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 11 Jun 2025 00:05:33 +0000
Subject: [PATCH 6/7] fix(deps): bump
 io.micrometer:micrometer-registry-prometheus

Bumps [io.micrometer:micrometer-registry-prometheus](https://github.com/micrometer-metrics/micrometer) from 1.15.0 to 1.15.1.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.15.0...v1.15.1)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-registry-prometheus
  dependency-version: 1.15.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 build.gradle | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build.gradle b/build.gradle
index f3051bfe..c1de1827 100644
--- a/build.gradle
+++ b/build.gradle
@@ -99,7 +99,7 @@ dependencies {
     exclude group: "ch.qos.logback", module: "logback-core"
   }
 
-  implementation 'io.micrometer:micrometer-registry-prometheus:1.15.0'
+  implementation 'io.micrometer:micrometer-registry-prometheus:1.15.1'
 
   // test
   testImplementation enforcedPlatform("org.junit:junit-bom:5.13.1")

From 077858c75bca608e588ea7a05166d52d185495fd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Siebahn?= <joerg.siebahn@sda-se.com>
Date: Wed, 11 Jun 2025 11:08:58 +0200
Subject: [PATCH 7/7] test(deps): prefer Bouncycastle from implementation

---
 build.gradle | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/build.gradle b/build.gradle
index c1de1827..86e9437b 100644
--- a/build.gradle
+++ b/build.gradle
@@ -131,6 +131,8 @@ dependencies {
   testImplementation "io.fabric8:kubernetes-server-mock:${kubernetesServerMockVersion}", {
     exclude group: 'com.squareup.okio', module: 'okio'
     exclude group: 'junit', module: 'junit'
+    // comes in newer version directly for implementation scope
+    exclude group: 'org.bouncycastle', module: 'bcpkix-jdk18on'
   }
   // CVE-2020-15250 in 4.12
   // -> pulled transitively from OkHttp3 mockwebserver used by kubernetes-server-mock