openedx · irtazaakram · Nov 11, 2024 · Nov 11, 2024 · Nov 11, 2024
diff --git a/.github/workflows/trivy-code-scanning.yml b/.github/workflows/trivy-code-scanning.yml
@@ -19,11 +19,14 @@ jobs:
 
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@master
+        env:
+          # https://github.com/aquasecurity/trivy/discussions/7668#discussioncomment-11141034
+          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db,aquasec/trivy-db,ghcr.io/aquasecurity/trivy-db
+          TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db,aquasec/trivy-java-db,ghcr.io/aquasecurity/trivy-java-db
         with:
           scan-type: "fs"
           format: "sarif"
           output: "trivy-results.sarif"
-          args: --skip-update
 
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v3

diff --git a/requirements/base.txt b/requirements/base.txt
@@ -106,7 +106,7 @@ newrelic==10.2.0
     # via
     #   -r requirements/base.in
     #   edx-django-utils
-packaging==24.1
+packaging==24.2
     # via
     #   django-nine
     #   gunicorn
@@ -147,7 +147,7 @@ requests==2.32.3
     # via
     #   -r requirements/base.in
     #   edx-drf-extensions
-rpds-py==0.20.1
+rpds-py==0.21.0
     # via
     #   jsonschema
     #   referencing

diff --git a/requirements/ci.txt b/requirements/ci.txt
@@ -16,7 +16,7 @@ filelock==3.16.1
     # via
     #   tox
     #   virtualenv
-packaging==24.1
+packaging==24.2
     # via
     #   pyproject-api
     #   tox

diff --git a/requirements/pip-tools.txt b/requirements/pip-tools.txt
@@ -8,15 +8,15 @@ build==1.2.2.post1
     # via pip-tools
 click==8.1.7
     # via pip-tools
-packaging==24.1
+packaging==24.2
     # via build
 pip-tools==7.4.1
     # via -r requirements/pip-tools.in
 pyproject-hooks==1.2.0
     # via
     #   build
     #   pip-tools
-wheel==0.44.0
+wheel==0.45.0
     # via pip-tools
 
 # The following packages are considered to be unsafe in a requirements file:

diff --git a/requirements/pip.txt b/requirements/pip.txt
@@ -4,7 +4,7 @@
 #
 #    make upgrade
 #
-wheel==0.44.0
+wheel==0.45.0
     # via -r requirements/pip.in
 
 # The following packages are considered to be unsafe in a requirements file:

diff --git a/requirements/quality.txt b/requirements/quality.txt
@@ -253,7 +253,7 @@ newrelic==10.2.0
     #   -r requirements/base.txt
     #   -r requirements/test.txt
     #   edx-django-utils
-packaging==24.1
+packaging==24.2
     # via
     #   -r requirements/base.txt
     #   -r requirements/test.txt
@@ -383,7 +383,7 @@ requests==2.32.3
     #   -r requirements/base.txt
     #   -r requirements/test.txt
     #   edx-drf-extensions
-rpds-py==0.20.1
+rpds-py==0.21.0
     # via
     #   -r requirements/base.txt
     #   -r requirements/test.txt

diff --git a/requirements/test.txt b/requirements/test.txt
@@ -183,7 +183,7 @@ newrelic==10.2.0
     # via
     #   -r requirements/base.txt
     #   edx-django-utils
-packaging==24.1
+packaging==24.2
     # via
     #   -r requirements/base.txt
     #   django-nine
@@ -273,7 +273,7 @@ requests==2.32.3
     # via
     #   -r requirements/base.txt
     #   edx-drf-extensions
-rpds-py==0.20.1
+rpds-py==0.21.0
     # via
     #   -r requirements/base.txt
     #   jsonschema