Merge pull request #20 from IABTechLab/gdm-UID2-3154-secret-scanning

Added .trivyignore and updated .gitignore
IABTechLab · Apr 26, 2024 · c686f81 · c686f81
2 parents 304a420 + 483b029
commit c686f81
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 4 deletions.
diff --git a/.github/workflows/build-and-publish.yaml b/.github/workflows/build-and-publish.yaml
@@ -26,7 +26,7 @@ on:
 jobs:
   build-and-pubish:
     name: Build and publish JAR packages to Maven repository
-    uses: IABTechLab/uid2-shared-actions/.github/workflows/	shared-publish-to-maven-versioned@v2
+    uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-publish-to-maven-versioned.yaml@v2
     with:
       release_type: ${{ inputs.release_type }}
       publish_to_maven: ${{ inputs.publish_to_maven }}

diff --git a/.gitignore b/.gitignore
@@ -1 +1,2 @@
 target/
+.idea/
diff --git a/.trivyignore b/.trivyignore
@@ -0,0 +1,5 @@
+# List any vulnerability that are to be accepted
+# See https://aquasecurity.github.io/trivy/v0.35/docs/vulnerability/examples/filter/
+# for more details
+# e.g.
+# CVE-2022-3996
diff --git a/pom.xml b/pom.xml
@@ -52,7 +52,7 @@
         <dependency>
             <groupId>com.azure</groupId>
             <artifactId>azure-security-keyvault-secrets</artifactId>
-            <version>4.7.0</version>
+            <version>4.8.2</version>
         </dependency>
         <dependency>
             <groupId>com.azure</groupId>
@@ -62,12 +62,12 @@
         <dependency>
             <groupId>ch.qos.logback</groupId>
             <artifactId>logback-core</artifactId>
-            <version>1.3.5</version>
+            <version>1.4.12</version>
         </dependency>
         <dependency>
             <groupId>ch.qos.logback</groupId>
             <artifactId>logback-classic</artifactId>
-            <version>1.3.5</version>
+            <version>1.4.12</version>
         </dependency>
         <dependency>
             <groupId>junit</groupId>