Skip to content

Commit

Permalink
[APIPUB-58] Update docker images and nuget packages to remove vulnera…
Browse files Browse the repository at this point in the history
…bilites (#59)

* Update docker images and nuget packages to remove vulnerabilites

* Update actions version

* Remove code warnings

* Upgrade alpine image
  • Loading branch information
jleiva-gap authored Jul 9, 2024
1 parent 02d36fc commit cf40f01
Show file tree
Hide file tree
Showing 153 changed files with 419 additions and 447 deletions.
10 changes: 5 additions & 5 deletions .github/workflows/on-prerelease.yml
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,7 @@ jobs:
- name: Upload Packages as Artifacts
if: success()
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0
with:
name: "${{ env.PACKAGE_NAME }}-NuGet"
path: ./*.nupkg
Expand All @@ -105,7 +105,7 @@ jobs:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

- name: Get Artifacts
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a #v3.0.2
uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 #v4.1.1
with:
name: ${{ env.PACKAGE_NAME }}-NuGet

Expand Down Expand Up @@ -136,7 +136,7 @@ jobs:
- name: Upload SBOM
if: success()
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0
with:
name: ${{ env.PACKAGE_NAME }}-SBOM
path: ./manifest
Expand All @@ -162,7 +162,7 @@ jobs:
contents: write
steps:
- name: Download the SBOM
uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@7f4fdb871876c23e455853d694197440c5a91506 # v1.5.0
uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@07e64b653f10a80b6510f4568f685f8b7b9ea830 # v1.9.0
with:
name: "${{ env.PACKAGE_NAME }}-SBOM"
path: ${{ env.MANIFEST_FILE }}
Expand Down Expand Up @@ -223,7 +223,7 @@ jobs:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

- name: Get Artifact
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a #v3.0.2
uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 #v4.1.1
with:
name: ${{ env.PACKAGE_NAME }}-NuGet

Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/on-pullrequest.yml
Original file line number Diff line number Diff line change
Expand Up @@ -48,14 +48,14 @@ jobs:
run: ./build.ps1 -Command UnitTest -Configuration Debug

- name: Upload Results as Workflow Artifact
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0
with:
name: csharp-tests
path: "**/*.trx"
retention-days: 5

- name: Dependency Review ("Dependabot on PR")
uses: actions/dependency-review-action@4901385134134e04cec5fbe5ddfe3b2c5bd5d976 # v4.0.0
uses: actions/dependency-review-action@9129d7d40b8c12c1ed0f60400d00c92d437adcce # v4.1.3
- name: Initialize CodeQL
if: success()
uses: github/codeql-action/init@cf7e9f23492505046de9a37830c3711dd0f25bb3 # codeql-bundle-v2.16.2
Expand Down
2 changes: 1 addition & 1 deletion src/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
# See the LICENSE and NOTICES files in the project root for more information.

# Tag aspnet:8.0-alpine
FROM mcr.microsoft.com/dotnet/aspnet@sha256:95f27052830db1c7a00e55f098ebda507204757907919f506a468387f7d856a4
FROM mcr.microsoft.com/dotnet/aspnet@sha256:de73c1e1abd69d3ffa2658075ad4cd4edccfef37eb92ddda2c78f20173403238
LABEL maintainer="Ed-Fi Alliance, LLC and Contributors <techsupport@ed-fi.org>"

ENV VERSION="1.0.0"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,12 +8,12 @@
</PropertyGroup>
<ItemGroup>
<PackageReference Include="Autofac.Extensions.DependencyInjection" Version="9.0.0" />
<PackageReference Include="AWSSDK.CloudWatchLogs" Version="3.7.304.6" />
<PackageReference Include="AWSSDK.Core" Version="3.7.302.12" />
<PackageReference Include="Serilog.Enrichers.Thread" Version="3.1.0" />
<PackageReference Include="Serilog.Settings.Configuration" Version="8.0.0" />
<PackageReference Include="Serilog.Sinks.AwsCloudWatch" Version="4.0.182" />
<PackageReference Include="Serilog.Sinks.File" Version="5.0.0" />
<PackageReference Include="AWSSDK.CloudWatchLogs" Version="3.7.305.55" />
<PackageReference Include="AWSSDK.Core" Version="3.7.304.25" />
<PackageReference Include="Serilog.Enrichers.Thread" Version="4.0.0" />
<PackageReference Include="Serilog.Settings.Configuration" Version="8.0.1" />
<PackageReference Include="Serilog.Sinks.AwsCloudWatch" Version="4.2.29" />
<PackageReference Include="Serilog.Sinks.File" Version="6.0.0" />
<PackageReference Include="Microsoft.Extensions.Configuration.Binder" Version="8.0.1" />
<PackageReference Include="Microsoft.Extensions.Configuration.CommandLine" Version="8.0.0" />
<PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="8.0.0" />
Expand Down
14 changes: 7 additions & 7 deletions src/EdFi.Tools.ApiPublisher.Cli/Program.cs
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
// SPDX-License-Identifier: Apache-2.0
// Licensed to the Ed-Fi Alliance under one or more agreements.
// The Ed-Fi Alliance licenses this file to you under the Apache License, Version 2.0.
// See the LICENSE and NOTICES files in the project root for more information.

// SPDX-License-Identifier: Apache-2.0
// Licensed to the Ed-Fi Alliance under one or more agreements.
// The Ed-Fi Alliance licenses this file to you under the Apache License, Version 2.0.
// See the LICENSE and NOTICES files in the project root for more information.

using Autofac;
using Autofac.Extensions.DependencyInjection;
using EdFi.Tools.ApiPublisher.Core.Configuration;
Expand All @@ -22,8 +22,8 @@
using System.Threading.Tasks;

namespace EdFi.Tools.ApiPublisher.Cli
{
internal class Program
{
internal class Program
{
private static readonly ILogger _logger = Log.ForContext(typeof(Program));

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,20 +3,20 @@
// The Ed-Fi Alliance licenses this file to you under the Apache License, Version 2.0.
// See the LICENSE and NOTICES files in the project root for more information.

using System;
using System.Threading.Tasks;
using Amazon.SimpleSystemsManagement;
using Amazon.SimpleSystemsManagement.Model;
using EdFi.Tools.ApiPublisher.Core.Configuration;
using EdFi.Tools.ApiPublisher.Core.Processing;
using Serilog;
using Microsoft.Extensions.Configuration;
using Newtonsoft.Json;
using Newtonsoft.Json.Linq;
using Serilog;
using System;
using System.Threading.Tasks;

namespace EdFi.Tools.ApiPublisher.ConfigurationStore.Aws
{
public class AwsSystemManagerChangeVersionProcessedWriter : IChangeVersionProcessedWriter
public class AwsSystemManagerChangeVersionProcessedWriter : IChangeVersionProcessedWriter
{
private readonly ILogger _logger = Log.ForContext(typeof(AwsSystemManagerChangeVersionProcessedWriter));

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@

namespace EdFi.Tools.ApiPublisher.ConfigurationStore.Aws
{
public class AwsSystemManagerNamedApiConnectionDetailsReader : INamedApiConnectionDetailsReader
public class AwsSystemManagerNamedApiConnectionDetailsReader : INamedApiConnectionDetailsReader
{
public ApiConnectionDetails GetNamedApiConnectionDetails(
string apiConnectionName,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,9 @@
<LangVersion>10</LangVersion>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="Amazon.Extensions.Configuration.SystemsManager" Version="6.0.0" />
<PackageReference Include="AWSSDK.Extensions.NETCore.Setup" Version="3.7.300" />
<PackageReference Include="AWSSDK.SimpleSystemsManagement" Version="3.7.302.8" />
<PackageReference Include="Amazon.Extensions.Configuration.SystemsManager" Version="6.2.0" />
<PackageReference Include="AWSSDK.Extensions.NETCore.Setup" Version="3.7.301" />
<PackageReference Include="AWSSDK.SimpleSystemsManagement" Version="3.7.305.5" />
<PackageReference Include="Microsoft.Extensions.Configuration" Version="8.0.0" />
</ItemGroup>
<ItemGroup>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@

namespace EdFi.Tools.ApiPublisher.ConfigurationStore.Aws.Modules
{
public class PluginModule : Module
public class PluginModule : Module
{
protected override void Load(ContainerBuilder builder)
{
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@

namespace EdFi.Tools.ApiPublisher.ConfigurationStore.Plaintext.Modules
{
public class PluginModule : Module
public class PluginModule : Module
{
protected override void Load(ContainerBuilder builder)
{
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,11 @@
// See the LICENSE and NOTICES files in the project root for more information.

using EdFi.Tools.ApiPublisher.Connections.Api.Configuration;
using EdFi.Tools.ApiPublisher.Core.Configuration;
using Microsoft.Extensions.Configuration;

namespace EdFi.Tools.ApiPublisher.ConfigurationStore.Plaintext
{
public class PlainTextJsonFileNamedApiConnectionDetailsReader : INamedApiConnectionDetailsReader
public class PlainTextJsonFileNamedApiConnectionDetailsReader : INamedApiConnectionDetailsReader
{
public ApiConnectionDetails GetNamedApiConnectionDetails(
string apiConnectionName,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@

namespace EdFi.Tools.ApiPublisher.ConfigurationStore.Plaintext
{
internal class PlainTextNamedConnectionConfiguration
internal class PlainTextNamedConnectionConfiguration
{
public ApiConnectionDetails[] Connections { get; set; }
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,10 @@
using EdFi.Tools.ApiPublisher.Core.Processing;
using Microsoft.Extensions.Configuration;
using Serilog;
using System.Threading.Tasks;

namespace EdFi.Tools.ApiPublisher.ConfigurationStore.Plaintext
{
public class PlaintextChangeVersionProcessedWriter : IChangeVersionProcessedWriter
public class PlaintextChangeVersionProcessedWriter : IChangeVersionProcessedWriter
{
private readonly ILogger _logger = Log.Logger.ForContext(typeof(PlaintextChangeVersionProcessedWriter));

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
// ReSharper disable once CheckNamespace
namespace Microsoft.Extensions.Configuration
{
public static class ConfigurationBuilderExtensions
public static class ConfigurationBuilderExtensions
{
public static IConfigurationBuilder AddConfigurationStoreForPostgreSql(
this IConfigurationBuilder builder,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@

namespace EdFi.Tools.ApiPublisher.ConfigurationStore.PostgreSql.Modules
{
public class PluginModule : Module
public class PluginModule : Module
{
protected override void Load(ContainerBuilder builder)
{
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,18 +3,18 @@
// The Ed-Fi Alliance licenses this file to you under the Apache License, Version 2.0.
// See the LICENSE and NOTICES files in the project root for more information.

using System;
using System.Threading.Tasks;
using EdFi.Tools.ApiPublisher.Core.Configuration;
using EdFi.Tools.ApiPublisher.Core.Processing;
using Microsoft.Extensions.Configuration;
using Newtonsoft.Json;
using Newtonsoft.Json.Linq;
using Npgsql;
using System;
using System.Threading.Tasks;

namespace EdFi.Tools.ApiPublisher.ConfigurationStore.PostgreSql
{
public class PostgreSqlConfigurationChangeVersionProcessedWriter : IChangeVersionProcessedWriter
public class PostgreSqlConfigurationChangeVersionProcessedWriter : IChangeVersionProcessedWriter
{
public async Task SetProcessedChangeVersionAsync(
string sourceConnectionName,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,14 +3,14 @@
// The Ed-Fi Alliance licenses this file to you under the Apache License, Version 2.0.
// See the LICENSE and NOTICES files in the project root for more information.

using System;
using EdFi.Tools.ApiPublisher.Connections.Api.Configuration;
using EdFi.Tools.ApiPublisher.Core.Configuration;
using Microsoft.Extensions.Configuration;
using System;

namespace EdFi.Tools.ApiPublisher.ConfigurationStore.PostgreSql
{
public class PostgreSqlConfigurationNamedApiConnectionDetailsReader : INamedApiConnectionDetailsReader
public class PostgreSqlConfigurationNamedApiConnectionDetailsReader : INamedApiConnectionDetailsReader
{
public ApiConnectionDetails GetNamedApiConnectionDetails(
string apiConnectionName,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@

namespace EdFi.Tools.ApiPublisher.ConfigurationStore.PostgreSql
{
public class PostgreSqlConfigurationProvider : ConfigurationProvider
public class PostgreSqlConfigurationProvider : ConfigurationProvider
{
private readonly PostgreSqlConfigurationSource _postgreSqlConfigurationSource;

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@

namespace EdFi.Tools.ApiPublisher.ConfigurationStore.PostgreSql
{
public class PostgreSqlConfigurationSource : IConfigurationSource
public class PostgreSqlConfigurationSource : IConfigurationSource
{
public string ConfigurationKeyPrefix { get; }
public string ConnectionString { get; }
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,14 +3,14 @@
// The Ed-Fi Alliance licenses this file to you under the Apache License, Version 2.0.
// See the LICENSE and NOTICES files in the project root for more information.

using Npgsql;
using System;
using System.Collections.Generic;
using System.Data;
using Npgsql;

namespace EdFi.Tools.ApiPublisher.ConfigurationStore.PostgreSql
{
public class PostgreSqlConfigurationValuesProvider
public class PostgreSqlConfigurationValuesProvider
{
public IDictionary<string, string> GetConfigurationValues(
string connectionString,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@

namespace EdFi.Tools.ApiPublisher.ConfigurationStore.PostgreSql
{
public class PostgresConfigurationStore
public class PostgresConfigurationStore
{
public PostgresConfiguration PostgreSql { get; set; }
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
// ReSharper disable once CheckNamespace
namespace Microsoft.Extensions.Configuration
{
public static class ConfigurationBuilderExtensions
public static class ConfigurationBuilderExtensions
{
public static IConfigurationBuilder AddConfigurationStoreForSqlServer(
this IConfigurationBuilder builder,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,11 @@
<LangVersion>10</LangVersion>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="Azure.Identity" Version="1.11.4" />
<PackageReference Include="Microsoft.Data.SqlClient" Version="5.1.5" />
<PackageReference Include="Azure.Identity" Version="1.12.0" />
<PackageReference Include="Microsoft.Data.SqlClient" Version="5.2.1" />
<PackageReference Include="Microsoft.Extensions.Configuration.Abstractions" Version="8.0.0" />
<PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.3.1" />
<PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="7.3.1" />
<PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.6.2" />
<PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="7.6.2" />
</ItemGroup>
<ItemGroup>
<ProjectReference Include="..\EdFi.Tools.ApiPublisher.Connections.Api\EdFi.Tools.ApiPublisher.Connections.Api.csproj" />
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@

namespace EdFi.Tools.ApiPublisher.ConfigurationStore.SqlServer.Modules
{
public class PluginModule : Module
public class PluginModule : Module
{
protected override void Load(ContainerBuilder builder)
{
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@

namespace EdFi.Tools.ApiPublisher.ConfigurationStore.SqlServer
{
public class SqlServerConfigurationStore
public class SqlServerConfigurationStore
{
public SqlServerConfiguration SqlServer { get; set; }
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,19 +3,19 @@
// The Ed-Fi Alliance licenses this file to you under the Apache License, Version 2.0.
// See the LICENSE and NOTICES files in the project root for more information.

using System;
using System.Data;
using Microsoft.Data.SqlClient;
using System.Threading.Tasks;
using EdFi.Tools.ApiPublisher.Core.Configuration;
using EdFi.Tools.ApiPublisher.Core.Processing;
using Microsoft.Data.SqlClient;
using Microsoft.Extensions.Configuration;
using Newtonsoft.Json;
using Newtonsoft.Json.Linq;
using System;
using System.Data;
using System.Threading.Tasks;

namespace EdFi.Tools.ApiPublisher.ConfigurationStore.SqlServer
{
public class SqlServerConfigurationChangeVersionProcessedWriter : IChangeVersionProcessedWriter
public class SqlServerConfigurationChangeVersionProcessedWriter : IChangeVersionProcessedWriter
{
public async Task SetProcessedChangeVersionAsync(
string sourceConnectionName,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@

namespace EdFi.Tools.ApiPublisher.ConfigurationStore.SqlServer
{
public class SqlServerConfigurationNamedApiConnectionDetailsReader : INamedApiConnectionDetailsReader
public class SqlServerConfigurationNamedApiConnectionDetailsReader : INamedApiConnectionDetailsReader
{
public ApiConnectionDetails GetNamedApiConnectionDetails(
string apiConnectionName,
Expand Down
Loading

0 comments on commit cf40f01

Please sign in to comment.