diff --git a/.github/workflows/.reusable-cleanup-registry.yml b/.github/workflows/.reusable-cleanup-registry.yml index 30d37881b..ec02aae71 100644 --- a/.github/workflows/.reusable-cleanup-registry.yml +++ b/.github/workflows/.reusable-cleanup-registry.yml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Cleanup test images in 'connaisseur-test' - uses: snok/container-retention-policy@2ebfab771446f9cde79044dab61eec867ac1d62b # v2.1.1 + uses: snok/container-retention-policy@04c70fd030033036d69c0057e0d125bf25820544 # v2.1.2 with: image-names: connaisseur-test cut-off: three weeks ago UTC+1 @@ -19,7 +19,7 @@ jobs: org-name: sse-secure-systems token: ${{ secrets.GHCR_PAT }} - name: Cleanup dangling images without tag - uses: snok/container-retention-policy@2ebfab771446f9cde79044dab61eec867ac1d62b # v2.1.1 + uses: snok/container-retention-policy@04c70fd030033036d69c0057e0d125bf25820544 # v2.1.2 with: image-names: connaisseur* untagged-only: true @@ -29,7 +29,7 @@ jobs: org-name: sse-secure-systems token: ${{ secrets.GHCR_PAT }} - name: Cleanup all connaisseur images - uses: snok/container-retention-policy@2ebfab771446f9cde79044dab61eec867ac1d62b # v2.1.1 + uses: snok/container-retention-policy@04c70fd030033036d69c0057e0d125bf25820544 # v2.1.2 with: image-names: connaisseur skip-tags: master, develop, v*, sha256-* diff --git a/.github/workflows/.reusable-compliance.yml b/.github/workflows/.reusable-compliance.yml index 4042eb2dd..3eb4fd11a 100644 --- a/.github/workflows/.reusable-compliance.yml +++ b/.github/workflows/.reusable-compliance.yml @@ -25,7 +25,7 @@ jobs: repo_token: ${{ secrets.SCORECARD_TOKEN }} publish_results: ${{ github.ref_name == 'master' }} - name: Upload - uses: github/codeql-action/upload-sarif@1813ca74c3faaa3a2da2070b9b8a0b3e7373a0d8 # v2.21.0 + uses: github/codeql-action/upload-sarif@a09933a12a80f87b87005513f0abb1494c27a716 # v2.21.4 with: sarif_file: results.sarif @@ -39,7 +39,7 @@ jobs: - name: Checkout code uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Review - uses: actions/dependency-review-action@1360a344ccb0ab6e9475edef90ad2f46bf8003b1 # v3.0.6 + uses: actions/dependency-review-action@f6fff72a3217f580d5afd49a46826795305b63c7 # v3.0.8 check-commit-message: runs-on: ubuntu-latest diff --git a/.github/workflows/.reusable-sast.yml b/.github/workflows/.reusable-sast.yml index 4785a781e..49855fd20 100644 --- a/.github/workflows/.reusable-sast.yml +++ b/.github/workflows/.reusable-sast.yml @@ -15,11 +15,11 @@ jobs: - name: Checkout repository uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Initialize CodeQL - uses: github/codeql-action/init@1813ca74c3faaa3a2da2070b9b8a0b3e7373a0d8 # v2.21.0 + uses: github/codeql-action/init@a09933a12a80f87b87005513f0abb1494c27a716 # v2.21.4 with: languages: 'python' - name: Analyze - uses: github/codeql-action/analyze@1813ca74c3faaa3a2da2070b9b8a0b3e7373a0d8 # v2.21.0 + uses: github/codeql-action/analyze@a09933a12a80f87b87005513f0abb1494c27a716 # v2.21.4 black: runs-on: ubuntu-latest @@ -61,7 +61,7 @@ jobs: - name: Run Bandit run: bandit -r -f sarif -o bandit-results.sarif connaisseur/ --exit-zero - name: Upload - uses: github/codeql-action/upload-sarif@1813ca74c3faaa3a2da2070b9b8a0b3e7373a0d8 # v2.21.0 + uses: github/codeql-action/upload-sarif@a09933a12a80f87b87005513f0abb1494c27a716 # v2.21.4 with: sarif_file: 'bandit-results.sarif' @@ -80,7 +80,7 @@ jobs: format: sarif output-file: hadolint-results.sarif - name: Upload - uses: github/codeql-action/upload-sarif@1813ca74c3faaa3a2da2070b9b8a0b3e7373a0d8 # v2.21.0 + uses: github/codeql-action/upload-sarif@a09933a12a80f87b87005513f0abb1494c27a716 # v2.21.4 with: sarif_file: 'hadolint-results.sarif' @@ -99,7 +99,7 @@ jobs: format: sarif output-file: kubelinter-results.sarif - name: Upload - uses: github/codeql-action/upload-sarif@1813ca74c3faaa3a2da2070b9b8a0b3e7373a0d8 # v2.21.0 + uses: github/codeql-action/upload-sarif@a09933a12a80f87b87005513f0abb1494c27a716 # v2.21.4 with: sarif_file: 'kubelinter-results.sarif' @@ -128,13 +128,13 @@ jobs: helm template helm > deployment/deployment.yaml shell: bash - name: Scan - uses: bridgecrewio/checkov-action@7476756db370d6692e054711745f07138397d119 # v12.2434.0 + uses: bridgecrewio/checkov-action@789980e0ad12800af9c4456e91f6eb6bf41fbb5d # v12.2463.0 with: soft_fail: true output_format: cli,sarif output_file_path: console,checkov-results.sarif - name: Upload - uses: github/codeql-action/upload-sarif@1813ca74c3faaa3a2da2070b9b8a0b3e7373a0d8 # v2.21.0 + uses: github/codeql-action/upload-sarif@a09933a12a80f87b87005513f0abb1494c27a716 # v2.21.4 with: sarif_file: checkov-results.sarif @@ -151,6 +151,6 @@ jobs: - name: Scan run: semgrep ci --config=auto --suppress-errors --sarif --output=semgrep-results.sarif || exit 0 - name: Upload - uses: github/codeql-action/upload-sarif@1813ca74c3faaa3a2da2070b9b8a0b3e7373a0d8 # v2.21.0 + uses: github/codeql-action/upload-sarif@a09933a12a80f87b87005513f0abb1494c27a716 # v2.21.4 with: sarif_file: semgrep-results.sarif diff --git a/docs/requirements_docs.txt b/docs/requirements_docs.txt index ae93672f8..00e4c8b5e 100644 --- a/docs/requirements_docs.txt +++ b/docs/requirements_docs.txt @@ -1,2 +1,2 @@ -mkdocs-material~=9.1.19 +mkdocs-material~=9.1.21 mike~=1.1.2 diff --git a/requirements.txt b/requirements.txt index b84dcefbe..5e1917589 100644 --- a/requirements.txt +++ b/requirements.txt @@ -3,7 +3,7 @@ cheroot~=10.0.0 ecdsa~=0.18 Flask~=2.3.2 Jinja2~=3.1.2 -jsonschema~=4.18.4 +jsonschema~=4.19.0 parsedatetime~=2.6 prometheus-flask-exporter==0.22.4 python-dateutil~=2.8.2 diff --git a/requirements_dev.txt b/requirements_dev.txt index 5142b9496..a8879fd31 100644 --- a/requirements_dev.txt +++ b/requirements_dev.txt @@ -2,10 +2,10 @@ aioresponses~=0.7.4 freezegun~=1.2.2 parsedatetime~=2.6 -pylint~=2.17.4 +pylint~=2.17.5 pytest-asyncio~=0.21.1 pytest-cov~=4.1.0 pytest-mock~=3.11.1 pytest-subprocess~=1.5.0 requests-mock~=1.11.0 -setuptools~=68.0.0 +setuptools~=68.1.0