diff --git a/.github/workflows/trivy-code-scanning.yml b/.github/workflows/trivy-code-scanning.yml index 72abad83..efaa3d61 100644 --- a/.github/workflows/trivy-code-scanning.yml +++ b/.github/workflows/trivy-code-scanning.yml @@ -19,11 +19,14 @@ jobs: - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master + env: + # https://github.com/aquasecurity/trivy/discussions/7668#discussioncomment-11141034 + TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db,aquasec/trivy-db,ghcr.io/aquasecurity/trivy-db + TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db,aquasec/trivy-java-db,ghcr.io/aquasecurity/trivy-java-db with: scan-type: "fs" format: "sarif" output: "trivy-results.sarif" - args: --skip-update - name: Upload Trivy scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@v3 diff --git a/requirements/base.txt b/requirements/base.txt index fe4a5d78..30bc5a40 100644 --- a/requirements/base.txt +++ b/requirements/base.txt @@ -106,7 +106,7 @@ newrelic==10.2.0 # via # -r requirements/base.in # edx-django-utils -packaging==24.1 +packaging==24.2 # via # django-nine # gunicorn @@ -147,7 +147,7 @@ requests==2.32.3 # via # -r requirements/base.in # edx-drf-extensions -rpds-py==0.20.1 +rpds-py==0.21.0 # via # jsonschema # referencing diff --git a/requirements/ci.txt b/requirements/ci.txt index d0a77467..e128790a 100644 --- a/requirements/ci.txt +++ b/requirements/ci.txt @@ -16,7 +16,7 @@ filelock==3.16.1 # via # tox # virtualenv -packaging==24.1 +packaging==24.2 # via # pyproject-api # tox diff --git a/requirements/pip-tools.txt b/requirements/pip-tools.txt index db6c4632..dc539c54 100644 --- a/requirements/pip-tools.txt +++ b/requirements/pip-tools.txt @@ -8,7 +8,7 @@ build==1.2.2.post1 # via pip-tools click==8.1.7 # via pip-tools -packaging==24.1 +packaging==24.2 # via build pip-tools==7.4.1 # via -r requirements/pip-tools.in @@ -16,7 +16,7 @@ pyproject-hooks==1.2.0 # via # build # pip-tools -wheel==0.44.0 +wheel==0.45.0 # via pip-tools # The following packages are considered to be unsafe in a requirements file: diff --git a/requirements/pip.txt b/requirements/pip.txt index 5055f7b5..3b88544c 100644 --- a/requirements/pip.txt +++ b/requirements/pip.txt @@ -4,7 +4,7 @@ # # make upgrade # -wheel==0.44.0 +wheel==0.45.0 # via -r requirements/pip.in # The following packages are considered to be unsafe in a requirements file: diff --git a/requirements/quality.txt b/requirements/quality.txt index 5e256f3f..7f6ba23f 100644 --- a/requirements/quality.txt +++ b/requirements/quality.txt @@ -253,7 +253,7 @@ newrelic==10.2.0 # -r requirements/base.txt # -r requirements/test.txt # edx-django-utils -packaging==24.1 +packaging==24.2 # via # -r requirements/base.txt # -r requirements/test.txt @@ -383,7 +383,7 @@ requests==2.32.3 # -r requirements/base.txt # -r requirements/test.txt # edx-drf-extensions -rpds-py==0.20.1 +rpds-py==0.21.0 # via # -r requirements/base.txt # -r requirements/test.txt diff --git a/requirements/test.txt b/requirements/test.txt index be6c13b1..d8412d3f 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -183,7 +183,7 @@ newrelic==10.2.0 # via # -r requirements/base.txt # edx-django-utils -packaging==24.1 +packaging==24.2 # via # -r requirements/base.txt # django-nine @@ -273,7 +273,7 @@ requests==2.32.3 # via # -r requirements/base.txt # edx-drf-extensions -rpds-py==0.20.1 +rpds-py==0.21.0 # via # -r requirements/base.txt # jsonschema