LASB-2748: Resolve critical vulnerabilities reported by Snyk #256

mtac50 · 2023-12-06T16:41:30Z

What

Link to story

Updated dependabot configuration.
Updated micrometer-registry-cloudwatch version
Updated aws-xray-recorder-sdk-spring version.
Updated org.apache.cxf:cxf-rt-features-logging version
Updated spring-boot
Updated gradle
Updated the build and deploy pipelines so that the docker image tag using the commit hash.

Checklist

Before you ask people to review this PR:

Tests should be passing: ./gradlew test
Github should not be reporting conflicts; you should have recently run git rebase master.
Avoid mixing whitespace changes with code changes in the same commit. These make diffs harder to read and conflicts more likely.
You should have looked at the diff against master and ensured that nothing unexpected is included in your changes.
You should have checked that the commit messages say why the change was made.

…reading from a file.

…endencies to resolve vulnerabilities.

… and aws-java-sdk-s3 versions to remove vulnerability.

…lication.

…sable workflows.

…rkflow.

…v from the master build.

Ross-Nation

I think everything looks good to my eyes, I couldn't see any glaringly obvious issues and I think I'm getting a better understanding of how the pipelines hook up :)

mtac50 requested review from a team as code owners December 6, 2023 16:41

mtac50 temporarily deployed to development December 6, 2023 23:40 — with GitHub Actions Inactive

mtac50 added 3 commits December 6, 2023 23:44

Updated the dependabot settings to with with version 2.

eced812

LASB-2748: Updated spring boot and gradle versions

64a8d34

LASB-2748: Migrated test to use JUnit 5.

8c83341

mtac50 force-pushed the LASB-2748-Fix-snyk-dependencies branch from cff819b to 8c83341 Compare December 6, 2023 23:47

mtac50 temporarily deployed to development December 6, 2023 23:47 — with GitHub Actions Inactive

mtac50 added 2 commits December 7, 2023 08:13

LASB-2748: Fixed test constructor.

0892516

LASB-2748: Updated the docker tag to use the commit hash rather than …

2ca6284

…reading from a file.

mtac50 temporarily deployed to development December 7, 2023 08:59 — with GitHub Actions Inactive

lkm0287 previously approved these changes Dec 7, 2023

View reviewed changes

LASB-2748: Remove references to the BUILD_TAG file.

067a84d

mtac50 dismissed lkm0287’s stale review via 067a84d December 7, 2023 09:17

mtac50 temporarily deployed to development December 7, 2023 09:19 — with GitHub Actions Inactive

LASB-2748: Updated spring boot, logback, snakeyaml and apache.cxf dep…

36ef0e2

…endencies to resolve vulnerabilities.

mtac50 temporarily deployed to development December 7, 2023 13:43 — with GitHub Actions Inactive

LASB-2748: Upgraded spring dependency management and pinned snakeyaml…

2ffbb57

… and aws-java-sdk-s3 versions to remove vulnerability.

mtac50 temporarily deployed to development December 7, 2023 16:43 — with GitHub Actions Inactive

LASB-2748: Reverted aws sdk update.

9903a87

mtac50 temporarily deployed to development December 7, 2023 22:24 — with GitHub Actions Inactive

mtac50 added 9 commits December 8, 2023 09:03

LASB-2748: Created reusable workflows for build and deploying the app…

fbc21aa

…lication.

LASB02748: Replaced the cp-build workflow with one that calls the reu…

50cfebd

…sable workflows.

LASB-2748: Fixed yaml syntax issue.

1672aaa

LASB-2748: Added missing job name.

6b2b13e

LASB-2748: Updated reference to GITHUB_SHA variable.

a1018a4

LASB-2748: Update reference to github.sha variable.

1eca258

LASB-2748: Refactored build and deploy dev into steps.

a3c09a1

LASB-2748: Removed secret inheritance.

bee4303

LASB-2748: Remove secret inheritance from deploy workflow.

0f58c05

mtac50 had a problem deploying to development December 8, 2023 10:26 — with GitHub Actions Failure

mtac50 added 2 commits December 8, 2023 10:31

LASB-2748: Moved checkout action to the calling workflow.

3d1ff68

LASB-2748: Removed typo in uses section.

e7ea8c0

mtac50 had a problem deploying to development December 8, 2023 11:07 — with GitHub Actions Failure

mtac50 added 5 commits December 8, 2023 11:23

LASB-2748: Changes reusable workflow calls from steps to jobs.

4664578

LASB-2748: move runs on and environment settings into the reusable wo…

9655b3f

…rkflow.

LASB-2748:Updated secret usage in reusable workflows.

b0bf59b

LASB-2748: Fixed typo in inputs reference.

93b3632

LASB-2748: Updated secrets references.

8f30f78

mtac50 temporarily deployed to development December 8, 2023 12:04 — with GitHub Actions Inactive

mtac50 added 2 commits December 8, 2023 13:33

LASB-2748: Updated the cp-deploy action to build and deploy to all en…

fe4a0a1

…v from the master build.

LASB-2748: Removed additional jobs section.

6d410e3

mtac50 temporarily deployed to development December 8, 2023 13:36 — with GitHub Actions Inactive

Ross-Nation approved these changes Dec 8, 2023

View reviewed changes

mtac50 merged commit 0127cd9 into master Dec 8, 2023
2 checks passed

mtac50 deleted the LASB-2748-Fix-snyk-dependencies branch December 8, 2023 15:31

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

LASB-2748: Resolve critical vulnerabilities reported by Snyk #256

LASB-2748: Resolve critical vulnerabilities reported by Snyk #256

mtac50 commented Dec 6, 2023 •

edited

Loading

Ross-Nation left a comment

LASB-2748: Resolve critical vulnerabilities reported by Snyk #256

LASB-2748: Resolve critical vulnerabilities reported by Snyk #256

Conversation

mtac50 commented Dec 6, 2023 • edited Loading

What

Checklist

Ross-Nation left a comment

Choose a reason for hiding this comment

mtac50 commented Dec 6, 2023 •

edited

Loading