From b8b258af9c78ae20b12205b2b29a191313fa238b Mon Sep 17 00:00:00 2001 From: Lari Hotari Date: Thu, 28 Dec 2023 20:50:06 +0200 Subject: [PATCH 1/3] [improve][CI] Improve OWASP dependency check: restore check & upgrade - restore check accidentially removed by PR # --- .github/workflows/ci-owasp-dependency-check.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/ci-owasp-dependency-check.yaml b/.github/workflows/ci-owasp-dependency-check.yaml index 0ee1275bdfefc..c6ce36c6ab79e 100644 --- a/.github/workflows/ci-owasp-dependency-check.yaml +++ b/.github/workflows/ci-owasp-dependency-check.yaml @@ -84,6 +84,9 @@ jobs: - name: run OWASP Dependency Check for distribution/server (-DfailBuildOnAnyVulnerability=true) run: mvn -B -ntp -Pmain,skip-all,skipDocker,owasp-dependency-check initialize verify -pl distribution/server -DfailBuildOnAnyVulnerability=true + - name: run OWASP Dependency Check for distribution/offloaders and distribution/io + run: mvn -B -ntp -Pmain,skip-all,skipDocker,owasp-dependency-check initialize verify -pl distribution/offloaders,distribution/io + - name: Upload OWASP Dependency Check reports uses: actions/upload-artifact@v3 if: always() From dce385ed4b7bf5c2644a02800ebe3dd43b53ec96 Mon Sep 17 00:00:00 2001 From: Lari Hotari Date: Thu, 28 Dec 2023 20:57:50 +0200 Subject: [PATCH 2/3] Upgrade dependency check version --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 6844f20e1aa9e..ba724ac7f3c96 100644 --- a/pom.xml +++ b/pom.xml @@ -295,7 +295,7 @@ flexible messaging model and an intuitive client API. 0.1.4 1.3 0.4 - 8.2.1 + 9.0.7 0.9.44 1.6.1 6.4.0 From 93ae3473b49fa15e6c9a4804298b9a59e325134a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 28 Dec 2023 19:09:02 +0000 Subject: [PATCH 3/3] Bump golang.org/x/net from 0.16.0 to 0.17.0 in /pulsar-function-go Bumps [golang.org/x/net](https://github.com/golang/net) from 0.16.0 to 0.17.0. - [Commits](https://github.com/golang/net/compare/v0.16.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] --- pulsar-function-go/go.mod | 2 +- pulsar-function-go/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/pulsar-function-go/go.mod b/pulsar-function-go/go.mod index 9de13ae596dda..756de05edfcb4 100644 --- a/pulsar-function-go/go.mod +++ b/pulsar-function-go/go.mod @@ -45,7 +45,7 @@ require ( github.com/spaolacci/murmur3 v1.1.0 // indirect go.uber.org/atomic v1.7.0 // indirect golang.org/x/crypto v0.14.0 // indirect - golang.org/x/net v0.16.0 // indirect + golang.org/x/net v0.17.0 // indirect golang.org/x/oauth2 v0.13.0 // indirect golang.org/x/sys v0.13.0 // indirect golang.org/x/term v0.13.0 // indirect diff --git a/pulsar-function-go/go.sum b/pulsar-function-go/go.sum index 7d77e58018ae8..98c4e3dc9c632 100644 --- a/pulsar-function-go/go.sum +++ b/pulsar-function-go/go.sum @@ -472,8 +472,8 @@ golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96b golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.16.0 h1:7eBu7KsSvFDtSXUIDbh3aqlK4DPsZ1rByC8PFfBThos= -golang.org/x/net v0.16.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= +golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= +golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=