1.9.0: K8s 1.30, no Consul, Java 22, new challenges and automation leaps

What's Changed

This version is another new content & LCM release: we've added a cool and exciting challenge about Kubernetes Sealed Secrets! We upgraded to K8s 1.30, removed our dependency on Consul (less resources required to play!), and added a lot of automation to see if everything works the way it should. Next, we started compiling everything for Java 22. In other words: time for a big version bump!

New Challenges

• Vault sidecar challenge2 by @commjoen in #1405
• Update challenge48 to have both solutions in 1 by @commjoen in #1521
• Sealed Secret in Kubernetes Challenge by @Shubham-Patel07 in #1452

Fixes

• fix: add documentation on TLS for AWS and GCP by @bendehaan in #1407
• fix: change healthcheck path by @bendehaan in #1409
• fix: add terratest for challenge disabled by @bendehaan in #1410
• attempt to fix k8s workflows by @commjoen in #1449
• Hotfix: remove Colima support by @commjoen in #1450
• fix for links by @commjoen in #1454
• Add misssing oglang deps for dependabot by @commjoen in #1503
• Fix dependabot by @commjoen in #1504
• feat: bump to k8s 1.30 and remove consul by @bendehaan in #1500

LCM

• Bump org.webjars:datatables from 1.13.5 to 2.0.3 by @dependabot in #1350
• Bump hashicorp/google-beta from 5.25.0 to 5.27.0 in /gcp by @dependabot in #1371
• Bump hashicorp/google from 5.25.0 to 5.27.0 in /gcp by @dependabot in #1372
• Update terraform-aws-modules/vpc/aws requirement from ~> 5.7.0 to ~> 5.8.1 in /aws by @dependabot in #1376
• Bump hashicorp/aws from 5.45.0 to 5.47.0 in /aws by @dependabot in #1375
• Bump hashicorp/aws from 5.45.0 to 5.47.0 in /aws by @dependabot in #1379
• Bump eclipse-temurin from 22_36-jre-alpine to 22.0.1_8-jre-alpine by @dependabot in #1374
• Update terraform-aws-modules/vpc/aws requirement from ~> 5.7.0 to ~> 5.8.1 in /aws by @dependabot in #1381
• Bump hashicorp/azurerm from 3.99.0 to 3.101.0 in /azure by @dependabot in #1373
• Bump aws.sdk.version from 2.25.40 to 2.25.42 by @dependabot in #1377
• Bump com.puppycrawl.tools:checkstyle from 10.15.0 to 10.16.0 by @dependabot in #1378
• Bump org.jruby:jruby-complete from 9.4.6.0 to 9.4.7.0 by @dependabot in #1382
• Bump io.gatling.highcharts:gatling-charts-highcharts from 3.11.1 to 3.11.2 by @dependabot in #1380
• Bump globals from 15.0.0 to 15.1.0 by @dependabot in #1383
• Bump eslint-plugin-n from 17.2.1 to 17.4.0 by @dependabot in #1385
• Bump eslint-plugin-cypress from 2.15.2 to 3.0.2 in /src/test/e2e by @dependabot in #1388
• Bump cypress from 13.7.3 to 13.8.1 in /src/test/e2e by @dependabot in #1391
• Bump eslint-plugin-n from 17.2.1 to 17.4.0 in /src/test/e2e by @dependabot in #1390
• Bump cypress from 13.7.3 to 13.8.1 in /src/test/K8s-tests by @dependabot in #1395
• Bump eslint-plugin-jest from 28.2.0 to 28.5.0 in /src/test/e2e by @dependabot in #1401
• Bump eslint-plugin-jest from 28.2.0 to 28.3.0 in /src/test/K8s-tests by @dependabot in #1393
• Bump eslint-plugin-jest from 28.2.0 to 28.5.0 by @dependabot in #1400
• Bump @eslint/js from 9.0.0 to 9.2.0 by @dependabot in #1399
• Bump eslint-plugin-jest from 28.3.0 to 28.5.0 in /src/test/K8s-tests by @dependabot in #1402
• Bump eslint-plugin-n from 17.2.1 to 17.4.0 in /src/test/K8s-tests by @dependabot in #1396
• Bump eslint-plugin-cypress from 2.15.2 to 3.1.1 in /src/test/K8s-tests by @dependabot in #1404
• Bump requests from 2.31.0 to 2.32.0 in /scripts/sort_contibutors by @dependabot in #1406
• Bump eslint from 8.57.0 to 9.3.0 by @dependabot in #1398
• Bump cypress from 13.8.1 to 13.10.0 in /src/test/K8s-tests by @dependabot in #1413
• Bump eslint from 9.3.0 to 9.4.0 in /src/test/K8s-tests by @dependabot in #1415
• Bump eslint-plugin-chai-friendly from 0.7.4 to 0.8.0 in /src/test/K8s-tests by @dependabot in #1414
• Bump eslint-plugin-cypress from 3.2.0 to 3.3.0 by @dependabot in #1424
• Bump cypress from 13.8.1 to 13.10.0 in /src/test/e2e by @dependabot in #1443
• Bump eslint-plugin-cypress from 3.2.0 to 3.3.0 in /src/test/e2e by @dependabot in #1440
• Bump org.codehaus.mojo:tidy-maven-plugin from 1.2.0 to 1.3.0 by @dependabot in #1436
• Bump eslint-plugin-chai-friendly from 0.7.4 to 0.8.0 in /src/test/e2e by @dependabot in #1438
• Bump eslint from 9.3.0 to 9.4.0 by @dependabot in #1426
• Bump eslint-plugin-cypress from 3.2.0 to 3.3.0 in /src/test/K8s-tests by @dependabot in #1416
• Bump eslint-plugin-chai-friendly from 0.7.4 to 0.8.0 by @dependabot in #1420
• Bump eslint from 9.3.0 to 9.4.0 in /src/test/e2e by @dependabot in #1432
• Bump @babel/preset-env from 7.24.5 to 7.24.6 by @dependabot in #1422
• Bump @babel/eslint-parser from 7.24.5 to 7.24.6 by @dependabot in #1421
• Bump org.cyclonedx:cyclonedx-core-java from 8.0.3 to 9.0.2 by @dependabot in #1434
• Bump io.gatling.highcharts:gatling-charts-highcharts from 3.11.2 to 3.11.3 by @dependabot in #1447
• Bump io.gatling:gatling-maven-plugin from 4.9.0 to 4.9.1 by @dependabot in #1444
• Bump hashicorp/google from 5.27.0 to 5.31.1 in /gcp by @dependabot in #1417
• Bump hashicorp/google-beta from 5.27.0 to 5.31.1 in /gcp by @dependabot in #1418
• Bump hashicorp/random from 3.6.1 to 3.6.2 in /gcp by @dependabot in #1419
• Bump hashicorp/azurerm from 3.101.0 to 3.106.1 in /azure by @dependabot in #1429
• Bump hashicorp/random from 3.6.1 to 3.6.2 in /azure by @dependabot in #1433
• Bump hashicorp/random from 3.6.1 to 3.6.2 in /aws by @dependabot in #1435
• Bump hashicorp/aws from 5.47.0 to 5.52.0 in /aws by @dependabot in #1448
• Bump terraform-aws-modules/eks/aws from 20.8.5 to 20.13.0 in /aws by @dependabot in #1437
• Bump com.github.spotbugs:spotbugs-maven-plugin from 4.8.4.0 to 4.8.5.0 by @dependabot in #1423
• Bump org.codehaus.mojo:exec-maven-plugin from 3.2.0 to 3.3.0 by @dependabot in #1442
• Bump aws.sdk.version from 2.25.42 to 2.25.64 by @dependabot in #1439
• Bump com.github.spotbugs:spotbugs-annotations from 4.8.4 to 4.8.5 by @dependabot in #1431
• Bump com.azure.spring:spring-cloud-azure-dependencies from 5.11.0 to 5.12.0 by @dependabot in #1445
• Bump org.springframework.cloud:spring-cloud-dependencies from 2023.0.1 to 2023.0.2 by @dependabot in #1430
• Bump com.google.cloud:spring-cloud-gcp-dependencies from 5.1.2 to 5.4.1 by @dependabot in #1425
• Bump com.puppycrawl.tools:checkstyle from 10.16.0 to 10.17.0 by @dependabot in #1427
• Bump asciidoctorj.version from 2.5.12 to 2.5.13 by @dependabot in #1428
• Bump urllib3 from 2.2.1 to 2.2.2 in /scripts/sort_contibutors by @dependabot in #1451
• Bump org.cyclonedx:cyclonedx-core-java from 9.0.2 to 9.0.4 by @dependabot in #1453
• Bump org.springframework.boot:spring-boot-starter-parent from 3.2.5 to 3.3.0 by @dependabot in #1446
• Bump github.com/hashicorp/go-get...

1.8.5: Java 22, challenge fixes, automation, and textual updates

What's Changed

This version is a big LCM release, where we upgraded to Java22, and made a lot of the challenges easier to read. On top of that we extended the end2end tests a lot and made them part of our automations, in order to catch bugs faster.

Fixes

• Hotfix contributor patch by @commjoen in #1275
• Install libstdc++ to fix issue 1279 by @Wind010 in #1280
• Fix challenge29 heroku by @commjoen in #1297
• Correct hint file reference for Challenge 34 by @dannylloyd in #1307
• Fix for #1113 with docs: Document how to disable challenges by @commjoen in #1308
• Fix Zap workflow by @commjoen in #1315
• Make hint more explicit for challenge1 by @commjoen in #1316
• Fix CdoeQL for java 22 by @commjoen in #1318
• Added missing contributors to readme by @commjoen in #1319
• Fixes for challenge 3, 4 and 8 by @commjoen in #1320
• Update the cypress tests for #1306 to check for error codes by @commjoen in #1309
• Update README.md by @commjoen in #1323
• Update challenge8.adoc by @commjoen in #1321
• Add cypress testing to docker test and as a workflow for heroku by @commjoen in #1322
• update challenge 12 hints by @commjoen in #1325
• update final parts for cypress testing (k8s, docker) by @commjoen in #1324
• Update challenge6.adoc to make it clear which version we are looking for by @commjoen in #1361
• Update challenge6.adoc by @commjoen in #1362
• Fixed hints based on feedback by @commjoen in #1359

Java 22

• First version of java 22 moving back to temurin alpine by @commjoen in #1281

• Bump google.golang.org/protobuf from 1.31.0 to 1.33.0 in /gcp by @dependabot in #1278

• Bump google.golang.org/protobuf from 1.31.0 to 1.33.0 in /azure by @dependabot in #1277

• Bump google.golang.org/protobuf from 1.31.0 to 1.33.0 in /aws by @dependabot in #1276

• Bump hashicorp/google from 5.18.0 to 5.22.0 in /gcp by @dependabot in #1296

• Bump hashicorp/azurerm from 3.94.0 to 3.97.1 in /azure by @dependabot in #1292

• Bump terraform-aws-modules/eks/aws from 20.5.0 to 20.8.4 in /aws by @dependabot in #1295

• Update terraform-aws-modules/vpc/aws requirement from ~> 5.5.1 to ~> 5.7.0 in /aws by @dependabot in #1294

• Bump hashicorp/google-beta from 5.18.0 to 5.22.0 in /gcp by @dependabot in #1289

• Bump aws.sdk.version from 2.25.20 to 2.25.21 by @dependabot in #1283

• Bump @commitlint/config-conventional from 19.0.3 to 19.1.0 by @dependabot in #1287

• Bump com.puppycrawl.tools:checkstyle from 10.14.0 to 10.15.0 by @dependabot in #1298

• Bump org.cyclonedx:cyclonedx-maven-plugin from 2.7.11 to 2.8.0 by @dependabot in #1288

• Bump terraform-aws-modules/eks/aws from 20.5.0 to 20.8.4 in /aws by @dependabot in #1304

• Bump hashicorp/azurerm from 3.94.0 to 3.97.1 in /azure by @dependabot in #1301

• Bump hashicorp/google-beta from 5.18.0 to 5.22.0 in /gcp by @dependabot in #1300

• Bump hashicorp/google from 5.18.0 to 5.22.0 in /gcp by @dependabot in #1299

• Bump hashicorp/aws from 5.39.1 to 5.43.0 in /aws by @dependabot in #1293

• Update terraform-aws-modules/vpc/aws requirement from ~> 5.5.1 to ~> 5.7.0 in /aws by @dependabot in #1303

• Bump asciidoctorj.version from 2.5.11 to 2.5.12 by @dependabot in #1284

• Bump org.springdoc:springdoc-openapi-starter-webmvc-ui from 2.3.0 to 2.5.0 by @dependabot in #1305

• Bump com.google.cloud:spring-cloud-gcp-dependencies from 5.0.4 to 5.1.2 by @dependabot in #1290

• Bump zaproxy/action-baseline from 0.11.0 to 0.12.0 by @dependabot in #1311

• Bump minimatch from 9.0.3 to 9.0.4 in /js by @dependabot in #1285

• Bump idna from 3.4 to 3.7 in /scripts/sort_contibutors by @dependabot in #1312

• Bump azure/setup-helm from 3.5 to 4 by @dependabot in #1313

• Bump colima plugin by @commjoen in #1317

• Bump eslint-plugin-cypress from 2.15.1 to 2.15.2 in /src/test/e2e by @dependabot in #1342

• Bump @commitlint/config-conventional from 18.6.3 to 19.2.2 in /src/test/K8s-tests by @dependabot in #1341

• Bump eslint-plugin-cypress from 2.15.1 to 2.15.2 by @dependabot in #1340

• Bump @commitlint/config-conventional from 18.6.0 to 19.2.2 in /src/test/e2e by @dependabot in #1338

• Bump hashicorp/random from 3.6.0 to 3.6.1 in /aws by @dependabot in #1351

• Bump terraform-aws-modules/eks/aws from 20.8.4 to 20.8.5 in /aws by @dependabot in #1349

• Bump hashicorp/aws from 5.43.0 to 5.45.0 in /aws by @dependabot in #1348

• Bump hashicorp/azurerm from 3.97.1 to 3.99.0 in /azure by @dependabot in #1347

• Bump hashicorp/google-beta from 5.22.0 to 5.25.0 in /gcp by @dependabot in #1346

• Bump hashicorp/google from 5.22.0 to 5.25.0 in /gcp by @dependabot in #1339

• Bump hashicorp/random from 3.6.0 to 3.6.1 in /gcp by @dependabot in #1328

• Bump hashicorp/random from 3.6.0 to 3.6.1 in /azure by @dependabot in #1327

• Bump eslint-plugin-jest from 27.6.3 to 28.2.0 in /src/test/e2e by @dependabot in #1330

• Bump com.github.spotbugs:spotbugs-maven-plugin from 4.8.3.1 to 4.8.4.0 by @dependabot in #1344

• Bump eslint-plugin-jest from 27.9.0 to 28.2.0 in /src/test/K8s-tests by @dependabot in #1336

• Bump aws.sdk.version from 2.25.21 to 2.25.31 by @dependabot in #1329

• Bump eslint-plugin-n from 16.6.2 to 17.2.1 in /src/test/e2e by @dependabot in #1345

• Bump eslint-plugin-n from 16.6.2 to 17.2.1 by @dependabot in #1343

• Bump mocha from 10.3.0 to 10.4.0 in /src/test/e2e by @dependabot in #1333

• Bump eslint-plugin-jest from 27.9.0 to 28.2.0 by @dependabot in #1331

• Bump eslint-plugin-n from 16.6.2 to 17.2.1 in /src/test/K8s-tests by @dependabot in #1326

• Bump com.github.spotbugs:spotbugs-annotations from 4.8.3 to 4.8.4 by @dependabot in #1337

• Bump com.github.spotbugs:spotbugs from 4.8.3 to 4.8.4 by @dependabot in #1334

• Bump eslint from 8.56.0 to 8.57.0 in /src/test/e2e by @dependabot in #1355

• Bump cypress from 13.6.4 to 13.7.3 in /src/test/e2e by @dependabot in #1354

• Bump mocha from 10.3.0 to 10.4.0 in /src/test/e2e by @dependabot in #1353

• Bump eslint-plugin-n from 16.6.2 to 17.2.1 in /src/test/e2e by @dependabot in #1352

• Bump com.tngtech.archunit:archunit-junit5 from 1.2.1 to 1.3.0 by @dependabot in #1332

• Bump golang.org/x/net from 0.17.0 to 0.23.0 in /gcp by @dependabot in #1356

• Bump golang.org/x/net from 0.17.0 to 0.23.0 in /azure by @dependabot in #1357

• Bump golang.org/x/net from 0.17.0 to 0.23.0 in /aws by @dependabot in #1358

• Bump @commitlint/config-conventional from 19.1.0 to 19.2.2 by @dependabot in #1335

• Bump lycheeverse/lychee-action from 1.9.3 to 1.10.0 by @dependabot in #1363

• Bump org.springframework.boot:spring-boot-starter-parent from 3.2.4 to 3.2.5 by @dependabot in #1367

• Bump aws.sdk.version fro...

1.8.4: LCM and bugfixes

What's Changed

Bugfixes and Improvements

• Simplified intigration test for K8s in cypress by @Shubham-Patel07 in #1235
• Update toggle switch by @Shubham-Patel07 in #1239
• Various fixes: eslint, broken animation, contributors, and more challenges links by @commjoen in #1242
• Fix typo on CONTRIBUTING.md by @za in #1244
• Fix typo on CONTRIBUTING.md by @za in #1245
• Fix for challenge 16 FE/BE alignment and fix for showing the minimal needed tech. by @commjoen in #1272
• fix: fix AWS for new EKS module and K8s 1.29 by @bendehaan in #1273
• enable challenge 46 in cloud by @commjoen in #1274

LCM

• Bump hashicorp/google from 5.13.0 to 5.14.0 in /gcp by @dependabot in #1234
• Bump hashicorp/google-beta from 5.13.0 to 5.14.0 in /gcp by @dependabot in #1233
• Bump pre-commit-ci/lite-action from 1.0.1 to 1.0.2 by @dependabot in #1237
• Bump pre-commit/action from 3.0.0 to 3.0.1 by @dependabot in #1238
• Bump flat and mocha in /src/test/e2e by @dependabot in #1241
• Bump com.h3xstream.findsecbugs:findsecbugs-plugin from 1.12.0 to 1.13.0 by @dependabot in #1246
• Bump io.gatling.highcharts:gatling-charts-highcharts from 3.10.3 to 3.10.4 by @dependabot in #1247
• Bump com.puppycrawl.tools:checkstyle from 10.13.0 to 10.14.0 by @dependabot in #1250
• Bump com.github.spotbugs:spotbugs-maven-plugin from 4.8.3.0 to 4.8.3.1 by @dependabot in #1255
• Bump org.springframework.boot:spring-boot-starter-parent from 3.2.2 to 3.2.3 by @dependabot in #1248
• Bump org.codehaus.mojo:exec-maven-plugin from 3.1.1 to 3.2.0 by @dependabot in #1269
• Bump com.azure.spring:spring-cloud-azure-dependencies from 5.8.0 to 5.9.1 by @dependabot in #1249
• Bump hashicorp/http from 3.4.1 to 3.4.2 in /azure by @dependabot in #1268
• Bump hashicorp/azurerm from 3.89.0 to 3.94.0 in /azure by @dependabot in #1267
• Bump hashicorp/http from 3.4.1 to 3.4.2 in /aws by @dependabot in #1266
• Bump hashicorp/google from 5.14.0 to 5.18.0 in /gcp by @dependabot in #1264
• Bump hashicorp/google-beta from 5.14.0 to 5.18.0 in /gcp by @dependabot in #1263
• Bump hashicorp/http from 3.4.1 to 3.4.2 in /gcp by @dependabot in #1259
• Bump terraform-aws-modules/eks/aws from 19.21.0 to 20.5.0 in /aws by @dependabot in #1258
• Bump hashicorp/aws from 5.34.0 to 5.39.0 in /aws by @dependabot in #1265
• Bump @commitlint/config-conventional from 18.6.0 to 19.0.3 by @dependabot in #1262
• Bump org.jruby:jruby-complete from 9.4.5.0 to 9.4.6.0 by @dependabot in #1251
• Bump aws.sdk.version from 2.23.15 to 2.25.0 by @dependabot in #1252
• Bump com.google.cloud:spring-cloud-gcp-dependencies from 5.0.1 to 5.0.4 by @dependabot in #1256
• Bump eslint-plugin-jest from 27.6.3 to 27.9.0 by @dependabot in #1261
• Bump eslint from 8.56.0 to 8.57.0 by @dependabot in #1260
• Bump io.gatling:gatling-maven-plugin from 4.7.0 to 4.8.2 by @dependabot in #1257
• Bump org.webjars:bootstrap from 5.3.2 to 5.3.3 by @dependabot in #1254
• Bump org.asciidoctor:asciidoctor-maven-plugin from 2.2.5 to 3.0.0 by @dependabot in #1253

New Contributors

• @Shubham-Patel07 made their first contribution in #1235

Full Changelog: 1.8.3...1.8.4

Special Thanks

Special thanks to @Shubham-Patel07 , @bendehaan , @za , @nbaars , @commjoen for their hard work on this release!

1.8.3: last vault challenge and LCM

What's Changed

Bugfixes, improvements, and docs:

• Fix typo on Vaultpassword.java by @za in #1190
• attempt to fix surefire perm issue for non fork by @commjoen in #1197
• Update readme with contributors and more by @commjoen in #1194
• Issue 1193: update trufflehog command on the challenge 1 hint doc by @za in #1195
• Sort alphabetically while importing Python modules by @za in #1199
• Format Python script using Black formatter by @za in #1202
• Update main.yml to no longer contain test uploads to the PR by @commjoen in #1226

New challenges:

• New Challenge - Vault Template Injection by @nwolniak in #1189

LCM:

• Bump actions/cache from 3 to 4 by @dependabot in #1192
• Bump zaproxy/action-baseline from 0.10.0 to 0.11.0 by @dependabot in #1203
• Bump org.cyclonedx:cyclonedx-maven-plugin from 2.7.10 to 2.7.11 by @dependabot in #1204
• Bump org.springframework.boot:spring-boot-starter-parent from 3.2.1 to 3.2.2 by @dependabot in #1205
• Bump org.asciidoctor:asciidoctor-maven-plugin from 2.2.4 to 2.2.5 by @dependabot in #1207
• Bump org.springframework.vault:spring-vault-core from 3.1.0 to 3.1.1 by @dependabot in #1212
• Update main.yml to fix #1198 by @commjoen in #1223
• Bump eslint-plugin-jest from 27.6.0 to 27.6.3 by @dependabot in #1209
• Bump uk.org.webcompere:system-stubs-jupiter from 2.1.5 to 2.1.6 by @dependabot in #1206
• Bump com.google.cloud:spring-cloud-gcp-dependencies from 5.0.0 to 5.0.1 by @dependabot in #1208
• Bump @commitlint/config-conventional from 18.4.3 to 18.6.0 by @dependabot in #1211
• Bump com.github.spotbugs:spotbugs-maven-plugin from 4.8.2.0 to 4.8.3.0 by @dependabot in #1215
• Bump org.apache.maven.plugins:maven-surefire-plugin from 3.2.3 to 3.2.5 by @dependabot in #1216
• Bump com.diffplug.spotless:spotless-maven-plugin from 2.41.1 to 2.43.0 by @dependabot in #1217
• Bump lycheeverse/lychee-action from 1.9.1 to 1.9.3 by @dependabot in #1227
• Bump eLco/setup-vault from 1.0.2 to 1.0.3 by @dependabot in #1225
• Bump amazoncorretto from 21.0.1-alpine to 21.0.2-alpine by @dependabot in #1222
• Update terraform-aws-modules/vpc/aws requirement from ~> 5.4.0 to ~> 5.5.1 in /aws by @dependabot in #1221
• Bump hashicorp/aws from 5.31.0 to 5.34.0 in /aws by @dependabot in #1220
• Bump hashicorp/google-beta from 5.10.0 to 5.13.0 in /gcp by @dependabot in #1218
• Bump hashicorp/google from 5.10.0 to 5.13.0 in /gcp by @dependabot in #1213
• Bump hashicorp/azurerm from 3.85.0 to 3.89.0 in /azure by @dependabot in #1219
• Bump com.puppycrawl.tools:checkstyle from 10.12.7 to 10.13.0 by @dependabot in #1231
• Bump eslint-plugin-n from 16.6.0 to 16.6.2 by @dependabot in #1214
• Bump aws.sdk.version from 2.22.9 to 2.23.15 by @dependabot in #1232

Full Changelog: 1.8.2...1.8.3

Special thanks

Special thanks to @za , @commjoen , @bendehaan and @nwolniak for their hard work on this release!

1.8.2: 2 new challenges! Open Security Summit Release

What's Changed

• Challenge 44&45: Vault Metadata challenge by @commjoen in #1147

Full Changelog: 1.8.1...1.8.2

Special Thanks

Thanks to @nbaars , @commjoen , and @bendehaan for their hard work on this release

1.8.1: Challenge 43 and other updates

What's Changed

Improvements and bug fixes

• feat: run Cypress test against pre-compiled HTML by @nbaars in #1141

• Fix Webtop again by @commjoen in #1146

• refactor: simplify challenges when answer is fixed by @nbaars in #1125

• Fix cypress related docs by @commjoen in #1168

• fix reporting: give junit job the right permissions by @commjoen in #1169

• fix reporting for mochatests by @commjoen in #1170

New challenges

• Challenge 43: new challenge for secret shared on social media. by @djvinnie in #1144

Documentation

• Update main.py: give Nanne a special recognition for his work on the … by @commjoen in #1148

Goodbye Okteto

• Update README.md to remove okteto references by @commjoen in #1188

LCM

• Bump com.github.spotbugs:spotbugs-annotations from 4.8.2 to 4.8.3 by @dependabot in
• Bump github/codeql-action from 2 to 3 by @dependabot in #1143
• Bump actions/upload-artifact from 3 to 4 by @dependabot in #1145
• Bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /aws by @dependabot in #1151
• Bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /azure by @dependabot in #1152
• Bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /gcp by @dependabot in #1153
• Bump asciidoctorj.version from 2.5.10 to 2.5.11 by @dependabot in #1155
• Bump aws.sdk.version from 2.21.42 to 2.22.5 by @dependabot in #1156
  #1157
• Bump eslint-plugin-import from 2.29.0 to 2.29.1 by @dependabot in #1158
• Bump eslint from 8.55.0 to 8.56.0 by @dependabot in #1160
• Bump io.gatling.highcharts:gatling-charts-highcharts from 3.9.5 to 3.10.3 by @dependabot in #1159
• Bump com.google.cloud:spring-cloud-gcp-dependencies from 4.8.4 to 5.0.0 by @dependabot in #1161
• Bump io.gatling:gatling-maven-plugin from 4.6.0 to 4.7.0 by @dependabot in #1162
• Bump eslint-plugin-n from 16.3.1 to 16.5.0 by @dependabot in #1163
• Bump com.azure.spring:spring-cloud-azure-dependencies from 5.7.0 to 5.8.0 by @dependabot in #1164
• Bump com.github.spotbugs:spotbugs from 4.8.2 to 4.8.3 by @dependabot in #1165
• Bump org.springframework.boot:spring-boot-starter-parent from 3.2.0 to 3.2.1 by @dependabot in #1166
• Bump org.apache.maven.plugins:maven-surefire-plugin from 3.2.2 to 3.2.3 by @dependabot in #1167
• Bump hashicorp/http from 3.4.0 to 3.4.1 in /gcp by @dependabot in #1184
• Bump hashicorp/google from 5.7.0 to 5.10.0 in /gcp by @dependabot in #1183
• Bump hashicorp/google-beta from 5.7.0 to 5.10.0 in /gcp by @dependabot in #1182
• Bump hashicorp/random from 3.5.1 to 3.6.0 in /gcp by @dependabot in #1181
• Bump hashicorp/random from 3.5.1 to 3.6.0 in /aws by @dependabot in #1179
• Bump terraform-aws-modules/eks/aws from 19.20.0 to 19.21.0 in /aws by @dependabot in #1178
• Bump hashicorp/aws from 5.29.0 to 5.31.0 in /aws by @dependabot in #1177
• Update terraform-aws-modules/vpc/aws requirement from ~> 5.2.0 to ~> 5.4.0 in /aws by @dependabot in #1176
• Bump hashicorp/random from 3.5.1 to 3.6.0 in /azure by @dependabot in #1173
• Bump hashicorp/http from 3.4.0 to 3.4.1 in /azure by @dependabot in #1172
• Bump hashicorp/azurerm from 3.83.0 to 3.85.0 in /azure by @dependabot in #1171
• Bump hashicorp/http from 3.4.0 to 3.4.1 in /aws by @dependabot in #1180
• Bump aws.sdk.version from 2.22.5 to 2.22.9 by @dependabot in #1174
• Bump com.puppycrawl.tools:checkstyle from 10.12.6 to 10.12.7 by @dependabot in #1175
• Bump eslint-plugin-n from 16.5.0 to 16.6.0 by @dependabot in #1185
• Bump lycheeverse/lychee-action from 1.8.0 to 1.9.0 by @dependabot in #1186
• Bump lycheeverse/lychee-action from 1.9.0 to 1.9.1 by @dependabot in #1187

Special Thanks

Special thanks to @nbaars , @djvinnie , @bendehaan , and @commjoen for their hard work on this release!

Full Changelog: 1.8.0...1.8.1

1.8.0: Challenge 42, a refactor and many fixes

What's Changed

This is a new major release, as we have done a very big refactor! Thank you, @nbaars, for enabling parallel challenge development!
We also migrated to Spring Boot 3.2.
Just so you know, from here on, you can remove challenges from the app relatively easily by updating the config.

Let's group the changes below:

Documentation:

• Doc fix: explain and correct the local container creation by @commjoen in #1082
• Adding alternative text in the pictures to the contribution file by @CaduRoriz in #1066

Refactor:

• Introduce separate configuration for challenges by @nbaars in #1083

New challenge:

• [Challenge 42] Spring boot actuator hiding api key by @nwolniak in #1107

Fixes:

• Fix link checker by moving lycheeignore to root of folder again by @commjoen in #1109
• Hotfixes k8s defs, terratest and initial testing on okteto ctf by @commjoen in #1123
• Fix for arm at golang by @commjoen in #1126
• Fix docs and udpate nodejs version by @commjoen in #1127
• Fix image with new parameters for launching the app by @commjoen in #1128
• Challenge38 hint fix. by @djvinnie in #1129
• Bugfix: enable all challenges in cloud envs again by @commjoen in #1131
• fix: aws lb and gke by @bendehaan in #1137
• fix: fix gcp ingress by @bendehaan in #1138
• Fix for issues regarding challenge rendering by @commjoen in #1133
• fix: move gcp ingress to consul/vault script by @bendehaan in #1140

LCM:

• Bump org.webjars:bootstrap from 5.3.1 to 5.3.2 by @dependabot in #1011
• Bump amazoncorretto from 21.0.0-alpine to 21.0.1-alpine by @dependabot in #1065
• Bump com.github.eirslett:frontend-maven-plugin from 1.14.0 to 1.14.2 by @dependabot in #1064
• Bump org.springframework.boot:spring-boot-starter-parent from 3.1.4 to 3.1.5 by @dependabot in #1059
• Bump org.apache.maven.plugins:maven-checkstyle-plugin from 3.3.0 to 3.3.1 by @dependabot in #1061
• Bump org.cyclonedx:cyclonedx-core-java from 8.0.1 to 8.0.3 by @dependabot in #1060
• Bump hashicorp/setup-terraform from 2 to 3 by @dependabot in #1067
• Bump org.jruby:jruby-complete from 9.4.3.0 to 9.4.4.0 by @dependabot in #1058
• Bump hashicorp/google from 4.84.0 to 5.4.0 in /gcp by @dependabot in #1077
• Bump hashicorp/google-beta from 4.84.0 to 5.4.0 in /gcp by @dependabot in #1076
• Bump terraform-aws-modules/eks/aws from 19.16.0 to 19.17.4 in /aws by @dependabot in #1069
• Bump hashicorp/azurerm from 3.75.0 to 3.78.0 in /azure by @dependabot in #1068
• Bump eslint-plugin-import from 2.28.1 to 2.29.0 by @dependabot in #1071
• Bump eslint from 8.50.0 to 8.52.0 by @dependabot in #1073
• Bump org.cyclonedx:cyclonedx-maven-plugin from 2.7.9 to 2.7.10 by @dependabot in #1080
• Bump hashicorp/aws from 5.19.0 to 5.23.1 in /aws by @dependabot in #1070
• Bump eslint-plugin-jest from 27.4.2 to 27.6.0 by @dependabot in #1074
• Bump zaproxy/action-baseline from 0.9.0 to 0.10.0 by @dependabot in #1078
• Bump eslint-plugin-n from 16.1.0 to 16.2.0 by @dependabot in #1075
• Bump @commitlint/config-conventional from 17.7.0 to 18.1.0 by @dependabot in #1072
• Bump aws.sdk.version from 2.21.2 to 2.21.13 by @dependabot in #1081
• Bump com.azure.spring:spring-cloud-azure-dependencies from 5.5.0 to 5.6.0 by @dependabot in #1063
• Bump com.google.cloud:spring-cloud-gcp-dependencies from 4.8.2 to 4.8.3 by @dependabot in #1062
• Update terraform-aws-modules/vpc/aws requirement from ~> 5.1.1 to ~> 5.2.0 in /aws by @dependabot in #1099
• Bump terraform-aws-modules/eks/aws from 19.17.4 to 19.20.0 in /aws by @dependabot in #1098
• Bump hashicorp/google-beta from 5.4.0 to 5.7.0 in /gcp by @dependabot in #1096
• Bump hashicorp/google from 5.4.0 to 5.7.0 in /gcp by @dependabot in #1095
• Bump hashicorp/azurerm from 3.78.0 to 3.83.0 in /azure by @dependabot in #1085
• Bump @commitlint/config-conventional from 18.1.0 to 18.4.3 by @dependabot in #1100
• Bump hashicorp/aws from 5.23.1 to 5.29.0 in /aws by @dependabot in #1097
• Bump actions/setup-java from 3 to 4 by @dependabot in #1084
• chore(deps): bump actions/setup-python from 4 to 5 by @dependabot in #1110
• Bump com.github.spotbugs:spotbugs from 4.8.0 to 4.8.2 by @dependabot in #1086
• chore(deps): bump com.github.spotbugs:spotbugs-maven-plugin from 4.7.3.6 to 4.8.2.0 by @dependabot in #1108
• chore(deps): bump com.puppycrawl.tools:checkstyle from 10.12.4 to 10.12.6 by @dependabot in #1111
• Bump eslint from 8.52.0 to 8.55.0 by @dependabot in #1104
• Bump com.github.spotbugs:spotbugs-annotations from 4.8.0 to 4.8.2 by @dependabot in #1089
• Bump com.azure.spring:spring-cloud-azure-dependencies from 5.6.0 to 5.7.0 by @dependabot in #1093
• chore(deps): bump org.springdoc:springdoc-openapi-starter-webmvc-ui from 2.2.0 to 2.3.0 by @dependabot in #1117
• chore(deps-dev): bump com.tngtech.archunit:archunit-junit5 from 1.1.0 to 1.2.1 by @dependabot in #1118
• Bump com.github.eirslett:frontend-maven-plugin from 1.14.2 to 1.15.0 by @dependabot in #1090
• Bump com.google.cloud:spring-cloud-gcp-dependencies from 4.8.3 to 4.8.4 by @dependabot in #1092
• Bump uk.org.webcompere:system-stubs-jupiter from 2.1.3 to 2.1.5 by @dependabot in #1091
• chore(deps): bump aws.sdk.version from 2.21.13 to 2.21.42 by @dependabot in #1119
• chore(deps): bump org.codehaus.mojo:exec-maven-plugin from 3.1.0 to 3.1.1 by @dependabot in #1120
• chore(deps): bump com.diffplug.spotless:spotless-maven-plugin from 2.40.0 to 2.41.1 by @dependabot in #1122
• chore(deps): bump org.jruby:jruby-complete from 9.4.4.0 to 9.4.5.0 by @dependabot in #1121
• chore(deps): bump org.springframework.cloud:spring-cloud-dependencies from 2022.0.4 to 2023.0.0 by @dependabot in #1116

New Contributors

• @CaduRoriz made their first contribution in #1066
• @nwolniak made their first contribution in #1107

Special Thanks

Special thanks to @CaduRoriz, @nwolniak , @nbaars , @bendehaan , and @djvinnie for their hard work on this release!

Full Changelog: 1.7.2...1.8.0

1.7.2 quickfix for ui

What's Changed

Process

• Added github actions to un-assigned issues after 90 days of inactivity by @za in #1050

Required UI Fixes

• Remove negative margin on larger screens by @commjoen in #1054
• Fixing ui by moving blocks around by @commjoen in #1055

###LCM

• Bump google.golang.org/grpc from 1.51.0 to 1.56.3 in /gcp by @dependabot in #1053
• Bump google.golang.org/grpc from 1.51.0 to 1.56.3 in /azure by @dependabot in #1051
• Bump google.golang.org/grpc from 1.51.0 to 1.56.3 in /aws by @dependabot in #1052

New Contributors

• @za made their first contribution in #1050

Full Changelog: 1.7.1...1.7.2

1.7.1: hacktoberfest 2! New challenges and changes

What's Changed

This is the second Hacktoberfest release with small ui updates and some very cool new challenges!

New Challenges

• feat: Challenge 39 based on filename as encryption key by @adarsh-a-tw in #1023
• feat: Challenge 40 based on storing encryption key and secret in the same file by @adarsh-a-tw in #1027
• feat: Challenge 41 based on Password shucking by @adarsh-a-tw in #1037

Updates and fixes

• Heroku documentation update by @commjoen in #1024

• Prep release 1.7.0 ctf party by @commjoen in #1025

• Contributor rankings by @roddas in #1022

• Add the documentation of main.py script for contributor generation by @roddas in #1026

• Updated dockerfiles to include new challenge files and css layout by @commjoen in #1028

• Railway documentation addition. by @alphasecio in #1035

• Cleanup by @commjoen in #1036

• Fix menu ui on mobile by @commjoen in #1045

• release 1.7.1 final fixes (ui and contributors), minor node update by @commjoen in #1047

LCM

• Bump golang.org/x/net from 0.8.0 to 0.17.0 in /gcp by @dependabot in #1029
• Bump golang.org/x/net from 0.8.0 to 0.17.0 in /azure by @dependabot in #1030
• Bump golang.org/x/net from 0.8.0 to 0.17.0 in /aws by @dependabot in #1031
• Bump jeroenwillemsen/wrongsecrets from 1.7.0RC4-no-vault to 1.7.0-no-vault by @dependabot in #1032
• Bump urllib3 from 2.0.6 to 2.0.7 in /scripts/sort_contibutors by @dependabot in #1038
• Bump com.google.cloud:spring-cloud-gcp-dependencies from 4.8.0 to 4.8.2 by @dependabot in #1041
• Bump org.cyclonedx:cyclonedx-core-java from 7.3.2 to 8.0.1 by @dependabot in #1043
• Bump com.puppycrawl.tools:checkstyle from 10.12.3 to 10.12.4 by @dependabot in #1044
• Bump com.github.spotbugs:spotbugs-annotations from 4.7.3 to 4.8.0 by @dependabot in #1039
• Bump aws.sdk.version from 2.20.157 to 2.21.2 by @dependabot in #1042
• Bump com.github.spotbugs:spotbugs from 4.7.3 to 4.8.0 by @dependabot in #1040
• Bump actions/setup-node from 3 to 4 by @dependabot in #1048

New Contributors

• @adarsh-a-tw made their first contribution in #1023
• @alphasecio made their first contribution in #1035

Special thanks

We would like to thank @adarsh-a-tw , @alphasecio , @commjoen , @bendehaan , @mikewoudenberg, and @roddas for their hard work on this release!

Full Changelog: 1.7.0...1.7.1

1.7.0: Hacktoberfest 1: Java 21, K8s 1.28 and 3 new challenges

Project upgrade

This is another big release as part of #Hacktoberfest! and we have loads of great news:

• we have many #Hacktoberfest PRs which are part of this release.
• our project got upgraded to "Production Status" in OWASP!
• this release includes upgrades of K8S to 1.28 and Java to 21(LTS), which means we can easily deploy this project to various cloud providers for at least another year without the need for a lot of maintenance & we can continue development of the Java app as we are now compatible with a new LTS version of Java.

What's Changed

Major upgrades

• Upgrade to Java 21 by @commjoen in #987
• Upgrade to K8s 1.28 by @commjoen in #991

New challenges:

• Add challenge36: Advanced reverse engineering game by @roddas in #947
• Add challenge 37 for ZAP configuration with authenticated endpoint by @commjoen in #941
• Feature(#614): Challenge38 - Git notes challenge by @RemakingEden in #903

Other changes:

• Remove fly.io from readme and prepare deployment for fly v2 by @commjoen in #986
• Update README.md by @commjoen in #985
• Update README.md: adding @roddas as contributor by @commjoen in #1013
• Add missing files in container for challenge 36 by @commjoen in #1014
• feat: add terratest for AWS, Azure and GCP by @bendehaan in #1015
• Update contributing.md: Change image to use java 21 by @commjoen in #1017
• first fix for missing step on setting java to 21 by @commjoen in #1018
• Tests clean up by @drnow4u in #1021
• Update dependabot.yml to have 10 mrs on Java by @commjoen in #1008
• Pre-release of 1.7.0 by @commjoen in #1020

LCM:

• Bump s4u/setup-maven-action from 1.9.0 to 1.10.0 by @dependabot in #988
• Bump terraform-linters/setup-tflint from 3 to 4 by @dependabot in #989
• Bump eslint-plugin-jest from 27.2.3 to 27.4.2 by @dependabot in #1007
• Bump com.diffplug.spotless:spotless-maven-plugin from 2.39.0 to 2.40.0 by @dependabot in #1001
• Bump aws.sdk.version from 2.20.139 to 2.20.157 by @dependabot in #999
• Bump com.github.spotbugs:spotbugs-maven-plugin from 4.7.3.5 to 4.7.3.6 by @dependabot in #1010
• Bump eslint from 8.48.0 to 8.50.0 by @dependabot in #1006
• Bump eslint-plugin-n from 16.0.2 to 16.1.0 by @dependabot in #1005
• Bump cypress from 13.1.0 to 13.3.0 by @dependabot in #1004
• Bump eslint-plugin-cypress from 2.14.0 to 2.15.1 by @dependabot in #1003
• Bump hashicorp/azurerm from 3.71.0 to 3.75.0 in /azure by @dependabot in #995
• Bump hashicorp/google from 4.80.0 to 4.84.0 in /gcp by @dependabot in #994
• Bump hashicorp/google-beta from 4.80.0 to 4.84.0 in /gcp by @dependabot in #993
• Bump hashicorp/aws from 5.15.0 to 5.19.0 in /aws by @dependabot in #997
• Bump com.github.eirslett:frontend-maven-plugin from 1.13.4 to 1.14.0 by @dependabot in #1002
• Bump com.google.cloud:spring-cloud-gcp-dependencies from 4.7.2 to 4.8.0 by @dependabot in #1009
• Bump javascript-obfuscator from 4.0.2 to 4.1.0 in /js by @dependabot in #996
• Bump uk.org.webcompere:system-stubs-jupiter from 2.0.2 to 2.1.3 by @dependabot in #1012
• Bump nz.net.ultraq.thymeleaf:thymeleaf-layout-dialect from 3.2.1 to 3.3.0 by @dependabot in #998

New Contributors

• @roddas made their first contribution in #947

Full Changelog: 1.6.10...1.7.0

Special Thanks:

Special thanks to @roddas , @nbaars , @bendehaan , @drnow4u , @RemakingEden , and @commjoen for their hard work on this release!