diff --git a/.github/workflows/dependencies_check.yml b/.github/workflows/dependencies_check.yml index 3059964b..4b6eadf6 100644 --- a/.github/workflows/dependencies_check.yml +++ b/.github/workflows/dependencies_check.yml @@ -1,12 +1,15 @@ -name: Dependencies Check +name: Report Security Issues for Repository on: + workflow_dispatch: schedule: - cron: "0 2 * * *" jobs: - build: + report_security_issues: runs-on: ubuntu-latest + permissions: + issues: write steps: - uses: actions/checkout@v4 @@ -16,5 +19,17 @@ jobs: distribution: "temurin" java-version: 11 cache: "maven" - - name: Checking dependencies for vulnerabilities - run: mvn --batch-mode org.sonatype.ossindex.maven:ossindex-maven-plugin:audit -f pom.xml + + - name: Generate ossindex report + run: | + mvn org.sonatype.ossindex.maven:ossindex-maven-plugin:audit \ + org.sonatype.ossindex.maven:ossindex-maven-plugin:audit-aggregate \ + -Dossindex.reportFile=$(pwd)/ossindex-report.json \ + -Dossindex.fail=false + + - name: Report Security Issues + uses: exasol/python-toolbox/.github/actions/security-issues@main + with: + format: "maven" + command: "cat ossindex-report.json" + github-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/dependencies.md b/dependencies.md index 2220de9b..81ba40af 100644 --- a/dependencies.md +++ b/dependencies.md @@ -35,32 +35,27 @@ ## Plugin Dependencies -| Dependency | License | -| ------------------------------------------------------- | ---------------------------------------------- | -| [SonarQube Scanner for Maven][25] | [GNU LGPL 3][26] | -| [Apache Maven Compiler Plugin][27] | [Apache-2.0][3] | -| [Apache Maven Enforcer Plugin][28] | [Apache-2.0][3] | -| [Maven Flatten Plugin][29] | [Apache Software Licenese][3] | -| [org.sonatype.ossindex.maven:ossindex-maven-plugin][30] | [ASL2][11] | -| [Maven Surefire Plugin][31] | [Apache-2.0][3] | -| [Versions Maven Plugin][32] | [Apache License, Version 2.0][3] | -| [duplicate-finder-maven-plugin Maven Mojo][33] | [Apache License 2.0][34] | -| [Apache Maven Deploy Plugin][35] | [Apache-2.0][3] | -| [Apache Maven GPG Plugin][36] | [Apache-2.0][3] | -| [Apache Maven Source Plugin][37] | [Apache License, Version 2.0][3] | -| [Apache Maven Javadoc Plugin][38] | [Apache-2.0][3] | -| [Nexus Staging Maven Plugin][39] | [Eclipse Public License][40] | -| [Project keeper maven plugin][41] | [The MIT License][42] | -| [OpenFastTrace Maven Plugin][43] | [GNU General Public License v3.0][44] | -| [Maven Failsafe Plugin][45] | [Apache-2.0][3] | -| [JaCoCo :: Maven Plugin][46] | [Eclipse Public License 2.0][47] | -| [error-code-crawler-maven-plugin][48] | [MIT License][49] | -| [Reproducible Build Maven Plugin][50] | [Apache 2.0][11] | -| [Maven Clean Plugin][51] | [The Apache Software License, Version 2.0][11] | -| [Maven Resources Plugin][52] | [The Apache Software License, Version 2.0][11] | -| [Maven JAR Plugin][53] | [The Apache Software License, Version 2.0][11] | -| [Maven Install Plugin][54] | [The Apache Software License, Version 2.0][11] | -| [Maven Site Plugin 3][55] | [The Apache Software License, Version 2.0][11] | +| Dependency | License | +| ------------------------------------------------------- | ------------------------------------- | +| [SonarQube Scanner for Maven][25] | [GNU LGPL 3][26] | +| [Apache Maven Compiler Plugin][27] | [Apache-2.0][3] | +| [Apache Maven Enforcer Plugin][28] | [Apache-2.0][3] | +| [Maven Flatten Plugin][29] | [Apache Software Licenese][3] | +| [org.sonatype.ossindex.maven:ossindex-maven-plugin][30] | [ASL2][11] | +| [Maven Surefire Plugin][31] | [Apache-2.0][3] | +| [Versions Maven Plugin][32] | [Apache License, Version 2.0][3] | +| [duplicate-finder-maven-plugin Maven Mojo][33] | [Apache License 2.0][34] | +| [Apache Maven Deploy Plugin][35] | [Apache-2.0][3] | +| [Apache Maven GPG Plugin][36] | [Apache-2.0][3] | +| [Apache Maven Source Plugin][37] | [Apache License, Version 2.0][3] | +| [Apache Maven Javadoc Plugin][38] | [Apache-2.0][3] | +| [Nexus Staging Maven Plugin][39] | [Eclipse Public License][40] | +| [Project keeper maven plugin][41] | [The MIT License][42] | +| [OpenFastTrace Maven Plugin][43] | [GNU General Public License v3.0][44] | +| [Maven Failsafe Plugin][45] | [Apache-2.0][3] | +| [JaCoCo :: Maven Plugin][46] | [Eclipse Public License 2.0][47] | +| [error-code-crawler-maven-plugin][48] | [MIT License][49] | +| [Reproducible Build Maven Plugin][50] | [Apache 2.0][11] | [0]: https://java.testcontainers.org [1]: http://opensource.org/licenses/MIT @@ -79,7 +74,7 @@ [14]: http://hamcrest.org/JavaHamcrest/ [15]: http://opensource.org/licenses/BSD-3-Clause [16]: https://github.com/mockito/mockito -[17]: https://github.com/mockito/mockito/blob/main/LICENSE +[17]: https://opensource.org/licenses/MIT [18]: https://junit-pioneer.org/ [19]: https://github.com/exasol/udf-api-java/ [20]: https://github.com/exasol/udf-api-java/blob/main/LICENSE @@ -113,8 +108,3 @@ [48]: https://github.com/exasol/error-code-crawler-maven-plugin/ [49]: https://github.com/exasol/error-code-crawler-maven-plugin/blob/main/LICENSE [50]: http://zlika.github.io/reproducible-build-maven-plugin -[51]: http://maven.apache.org/plugins/maven-clean-plugin/ -[52]: http://maven.apache.org/plugins/maven-resources-plugin/ -[53]: http://maven.apache.org/plugins/maven-jar-plugin/ -[54]: http://maven.apache.org/plugins/maven-install-plugin/ -[55]: http://maven.apache.org/plugins/maven-site-plugin/ diff --git a/doc/changes/changes_6.6.3.md b/doc/changes/changes_6.6.3.md index b5389327..fb25ff49 100644 --- a/doc/changes/changes_6.6.3.md +++ b/doc/changes/changes_6.6.3.md @@ -22,9 +22,17 @@ This release fixes CVE-2023-4043 in runtime dependency `org.eclipse.parsson:pars ### Test Dependency Updates * Updated `com.exasol:udf-api-java:1.0.2` to `1.0.3` -* Updated `org.mockito:mockito-junit-jupiter:5.5.0` to `5.6.0` +* Updated `org.junit.jupiter:junit-jupiter-engine:5.10.0` to `5.10.1` +* Updated `org.junit.jupiter:junit-jupiter-params:5.10.0` to `5.10.1` +* Updated `org.mockito:mockito-junit-jupiter:5.5.0` to `5.7.0` * Updated `org.testcontainers:junit-jupiter:1.19.0` to `1.19.1` ### Plugin Dependency Updates -* Updated `com.exasol:project-keeper-maven-plugin:2.9.11` to `2.9.12` +* Updated `com.exasol:error-code-crawler-maven-plugin:1.3.0` to `1.3.1` +* Updated `com.exasol:project-keeper-maven-plugin:2.9.11` to `2.9.15` +* Updated `org.apache.maven.plugins:maven-enforcer-plugin:3.4.0` to `3.4.1` +* Updated `org.apache.maven.plugins:maven-javadoc-plugin:3.5.0` to `3.6.0` +* Updated `org.codehaus.mojo:versions-maven-plugin:2.16.0` to `2.16.1` +* Updated `org.jacoco:jacoco-maven-plugin:0.8.10` to `0.8.11` +* Updated `org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184` to `3.10.0.2594` diff --git a/pk_generated_parent.pom b/pk_generated_parent.pom index e8706aba..d3f94e91 100644 --- a/pk_generated_parent.pom +++ b/pk_generated_parent.pom @@ -48,7 +48,7 @@ org.sonarsource.scanner.maven sonar-maven-plugin - 3.9.1.2184 + 3.10.0.2594 org.apache.maven.plugins @@ -62,7 +62,7 @@ org.apache.maven.plugins maven-enforcer-plugin - 3.4.0 + 3.4.1 enforce-maven @@ -72,7 +72,7 @@ - [3.8.7,3.9.0) + 3.6.3 @@ -132,7 +132,7 @@ org.codehaus.mojo versions-maven-plugin - 2.16.0 + 2.16.1 display-updates @@ -219,7 +219,7 @@ org.apache.maven.plugins maven-javadoc-plugin - 3.5.0 + 3.6.0 attach-javadocs @@ -234,6 +234,7 @@ true true true + true @@ -281,7 +282,7 @@ org.jacoco jacoco-maven-plugin - 0.8.10 + 0.8.11 prepare-agent @@ -322,7 +323,7 @@ com.exasol error-code-crawler-maven-plugin - 1.3.0 + 1.3.1 verify diff --git a/pom.xml b/pom.xml index 6468545a..412d1390 100644 --- a/pom.xml +++ b/pom.xml @@ -9,7 +9,7 @@ https://github.com/exasol/exasol-testcontainers/ 1.19.1 - 5.10.0 + 5.10.1 @@ -101,7 +101,7 @@ org.mockito mockito-junit-jupiter - 5.6.0 + 5.7.0 test @@ -146,7 +146,7 @@ com.exasol project-keeper-maven-plugin - 2.9.12 + 2.9.15