Bump logstash from 8.13.0 to 8.13.4 in /projects/person-search-index-…

…from-delius/container (#3734) * Bump logstash in /projects/person-search-index-from-delius/container Bumps logstash from 8.13.0 to 8.13.4. --- updated-dependencies: - dependency-name: logstash dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Remove trivyignores - no longer needed --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Marcus Aspin <[email protected]>
ministryofjustice · May 14, 2024 · 9dc555d · 9dc555d
1 parent e45f1e8
commit 9dc555d
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 19 deletions.
diff --git a/projects/person-search-index-from-delius/.trivyignore b/projects/person-search-index-from-delius/.trivyignore
@@ -1,21 +1,3 @@
-
-# Reason: LDAP authentication not used + no untrusted username input
-# Package: org.apache.derby:derby:10.14.1.0
-# Reference: https://github.com/logstash-plugins/logstash-integration-jdbc/issues/147
-CVE-2022-46337
-
-# Reason: we don't use Maven
-# Package: org.apache.maven:maven-compat:3.3.9
-CVE-2021-26291
-
-# Reason: No parsing of untrusted uri
-# Package: org.codehaus.plexus:plexus-utils:3.0.22
-CVE-2022-4244
-
-# Reason: No parsing of untrusted HTML or XML
-# Package: org.jsoup:jsoup:1.7.2
-CVE-2021-37714
-
 # Reason: No parsing of untrusted JSON
 # Package: net.minidev:json-smart:2.4.8
 CVE-2023-1370 exp:2024-06-01
diff --git a/projects/person-search-index-from-delius/container/Dockerfile b/projects/person-search-index-from-delius/container/Dockerfile
@@ -4,7 +4,7 @@ COPY --chown=yq /pipelines /pipelines
 RUN find /pipelines -type f -name '*.yml' -exec sh -c 'f="$1"; yq -o=json "$f" > "${f%.yml}.json"' shell {} +;
 
 
-FROM logstash:8.13.0
+FROM logstash:8.13.4
 
 USER root
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]