From 9dc555d1dc8b5bd5f340a80a9c75f4b501dc8ace Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 14 May 2024 10:54:47 +0100 Subject: [PATCH] Bump logstash from 8.13.0 to 8.13.4 in /projects/person-search-index-from-delius/container (#3734) * Bump logstash in /projects/person-search-index-from-delius/container Bumps logstash from 8.13.0 to 8.13.4. --- updated-dependencies: - dependency-name: logstash dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] * Remove trivyignores - no longer needed --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Marcus Aspin --- .../.trivyignore | 18 ------------------ .../container/Dockerfile | 2 +- 2 files changed, 1 insertion(+), 19 deletions(-) diff --git a/projects/person-search-index-from-delius/.trivyignore b/projects/person-search-index-from-delius/.trivyignore index fc29b9761a..cc3e09b3e4 100644 --- a/projects/person-search-index-from-delius/.trivyignore +++ b/projects/person-search-index-from-delius/.trivyignore @@ -1,21 +1,3 @@ - -# Reason: LDAP authentication not used + no untrusted username input -# Package: org.apache.derby:derby:10.14.1.0 -# Reference: https://github.com/logstash-plugins/logstash-integration-jdbc/issues/147 -CVE-2022-46337 - -# Reason: we don't use Maven -# Package: org.apache.maven:maven-compat:3.3.9 -CVE-2021-26291 - -# Reason: No parsing of untrusted uri -# Package: org.codehaus.plexus:plexus-utils:3.0.22 -CVE-2022-4244 - -# Reason: No parsing of untrusted HTML or XML -# Package: org.jsoup:jsoup:1.7.2 -CVE-2021-37714 - # Reason: No parsing of untrusted JSON # Package: net.minidev:json-smart:2.4.8 CVE-2023-1370 exp:2024-06-01 diff --git a/projects/person-search-index-from-delius/container/Dockerfile b/projects/person-search-index-from-delius/container/Dockerfile index 51e1e6a0f8..312de121fd 100644 --- a/projects/person-search-index-from-delius/container/Dockerfile +++ b/projects/person-search-index-from-delius/container/Dockerfile @@ -4,7 +4,7 @@ COPY --chown=yq /pipelines /pipelines RUN find /pipelines -type f -name '*.yml' -exec sh -c 'f="$1"; yq -o=json "$f" > "${f%.yml}.json"' shell {} +; -FROM logstash:8.13.0 +FROM logstash:8.13.4 USER root SHELL ["/bin/bash", "-o", "pipefail", "-c"]