From 19f43f4902742925839d56cc5ea0ab64e57106b2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 18 Dec 2023 14:34:34 +0000
Subject: [PATCH] Bump logstash from 8.11.1 to 8.11.3 in
 /projects/person-search-index-from-delius/container (#2928)

* Bump logstash in /projects/person-search-index-from-delius/container

Bumps logstash from 8.11.1 to 8.11.3.

---
updated-dependencies:
- dependency-name: logstash
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update Trivy suppressions following Logstash upgrade

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Marcus Aspin <maspin@unilink.com>
---
 .../.trivyignore                              | 26 +++++--------------
 .../container/Dockerfile                      |  2 +-
 2 files changed, 8 insertions(+), 20 deletions(-)

diff --git a/projects/person-search-index-from-delius/.trivyignore b/projects/person-search-index-from-delius/.trivyignore
index 3f2076e9b3..680435198b 100644
--- a/projects/person-search-index-from-delius/.trivyignore
+++ b/projects/person-search-index-from-delius/.trivyignore
@@ -1,30 +1,18 @@
 
-# Reason: No parsing of untrusted HTML or XML
-# Package: org.jsoup:jsoup:1.7.2
-CVE-2021-37714
+# Reason: LDAP authentication not used + no untrusted username input
+# Package: org.apache.derby:derby:10.14.1.0
+# Reference: https://github.com/logstash-plugins/logstash-integration-jdbc/issues/147
+CVE-2022-46337 exp:2024-01-12
 
 # Reason: we don't use Maven
 # Package: org.apache.maven:maven-compat:3.3.9
 CVE-2021-26291
 
-# Reason: No parsing of untrusted uri
-# Package: uri:0.11.0
-CVE-2023-28755
-
-# Reason: No parsing of untrusted time
-# Package: time:0.1.0
-CVE-2023-28756
-
 # Reason: No parsing of untrusted uri
 # Package: org.codehaus.plexus:plexus-utils:3.0.22
 CVE-2022-4244
 
-# Reason: LDAP authentication not used + no untrusted username input
-# Package: org.apache.derby:derby:10.14.1.0
-# Reference: https://github.com/logstash-plugins/logstash-integration-jdbc/issues/147
-CVE-2022-46337 exp:2024-01-12
+# Reason: No parsing of untrusted HTML or XML
+# Package: org.jsoup:jsoup:1.7.2
+CVE-2021-37714
 
-# Reason: No parsing of untrusted YAML
-# Package: org.yaml:snakeyaml:1.33
-# Reference: https://github.com/elastic/logstash/issues/15088
-CVE-2022-1471 exp:2024-01-12
diff --git a/projects/person-search-index-from-delius/container/Dockerfile b/projects/person-search-index-from-delius/container/Dockerfile
index 2e97be6d53..3c6baf5855 100644
--- a/projects/person-search-index-from-delius/container/Dockerfile
+++ b/projects/person-search-index-from-delius/container/Dockerfile
@@ -4,7 +4,7 @@ COPY --chown=yq /pipelines /pipelines
 RUN find /pipelines -type f -name '*.yml' -exec sh -c 'f="$1"; yq -o=json "$f" > "${f%.yml}.json"' shell {} +;
 
 
-FROM logstash:8.11.1
+FROM logstash:8.11.3
 
 USER root
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]