From 9cb9ba3413f89cc4920e26c19dc80966b5121a7c Mon Sep 17 00:00:00 2001 From: Corneil du Plessis Date: Thu, 14 Sep 2023 12:22:28 +0200 Subject: [PATCH] Update versions for CVE mitigation. --- .../pom.xml | 15 +++++++ .../spring-cloud-skipper-server/pom.xml | 43 +++++++++++++++++-- src/deploy/images/build-grafana-image.sh | 5 ++- .../prometheus/docker/grafana/Dockerfile | 2 +- 4 files changed, 59 insertions(+), 6 deletions(-) diff --git a/spring-cloud-dataflow-single-step-batch-job/pom.xml b/spring-cloud-dataflow-single-step-batch-job/pom.xml index c3ef6aea4c..6442c3262f 100644 --- a/spring-cloud-dataflow-single-step-batch-job/pom.xml +++ b/spring-cloud-dataflow-single-step-batch-job/pom.xml @@ -17,6 +17,20 @@ 1.0.7 true + + + + org.springframework.kafka + spring-kafka + [2.9.11,3.0) + + + com.h2database + h2 + [2.2.222,3.0) + + + org.springframework.boot @@ -38,6 +52,7 @@ com.h2database h2 + 2.2.222 org.mariadb.jdbc diff --git a/spring-cloud-skipper/spring-cloud-skipper-server/pom.xml b/spring-cloud-skipper/spring-cloud-skipper-server/pom.xml index 2b4673eb15..3c0305a5b1 100644 --- a/spring-cloud-skipper/spring-cloud-skipper-server/pom.xml +++ b/spring-cloud-skipper/spring-cloud-skipper-server/pom.xml @@ -12,6 +12,45 @@ 2.11.0-SNAPSHOT ../../spring-cloud-dataflow-parent + + + + com.fasterxml.jackson.core + jackson-core + 2.13.5 + + + com.fasterxml.jackson.core + jackson-databind + 2.13.5 + + + com.fasterxml.jackson.dataformat + jackson-dataformat-yaml + 2.13.5 + + + org.bouncycastle + bcprov-jdk18on + 1.76 + + + org.bouncycastle + bcpkix-jdk18on + 1.75 + + + org.bouncycastle + bcutil-jdk18on + 1.75 + + + org.mariadb.jdbc + mariadb-java-client + [3.1.2,) + + + org.springframework.boot @@ -63,22 +102,18 @@ org.bouncycastle bcprov-jdk18on - 1.76 org.bouncycastle bcpkix-jdk18on - 1.75 org.bouncycastle bcutil-jdk18on - 1.75 org.mariadb.jdbc mariadb-java-client - [3.1.2,) org.springframework.boot diff --git a/src/deploy/images/build-grafana-image.sh b/src/deploy/images/build-grafana-image.sh index 1b06bd52ea..80fd4474ba 100755 --- a/src/deploy/images/build-grafana-image.sh +++ b/src/deploy/images/build-grafana-image.sh @@ -6,5 +6,8 @@ pushd $PROJECT_DIR || exit SCDF_VER=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout) else SCDF_VER=$DATAFLOW_VERSION - docker build -f "src/grafana/prometheus/docker/grafana" "springcloud/spring-cloud-dataflow-grafana-prometheus:$SCDF_VER" + fi + pushd src/grafana/prometheus/docker/grafana || exit 1 + docker build -t "springcloud/spring-cloud-dataflow-grafana-prometheus:$SCDF_VER" . + popd || exit 1 popd || exit diff --git a/src/grafana/prometheus/docker/grafana/Dockerfile b/src/grafana/prometheus/docker/grafana/Dockerfile index 40fd7e6cba..c7c3e533f7 100644 --- a/src/grafana/prometheus/docker/grafana/Dockerfile +++ b/src/grafana/prometheus/docker/grafana/Dockerfile @@ -1,4 +1,4 @@ -FROM grafana/grafana:8.0.2 +FROM grafana/grafana:8.5.27 ADD ./provisioning /etc/grafana/provisioning ADD ./config.ini /etc/grafana/config.ini ADD ./dashboards /var/lib/grafana/dashboards