#69 Fix dependabot warnings (#70)

* #69: Upgrade java dependencies * Update package lock file * #69: Fix issues reported by ossindex
exasol · May 9, 2023 · f0fa514 · f0fa514
1 parent 0362758
commit f0fa514
Show file tree

Hide file tree

Showing 11 changed files with 483 additions and 291 deletions.
diff --git a/.github/workflows/ci-build.yml b/.github/workflows/ci-build.yml
@@ -33,7 +33,7 @@ jobs:
         run: ./tools/package_connector.sh
 
       - name: Upload unsigned connectors
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         with:
           name: Unsigned Exasol Tableau Connectors
           path: target/exasol_*.taco
@@ -49,17 +49,17 @@ jobs:
           CODE_SIGNING_CERTIFICATE_PASSWORD: ${{ secrets.CODE_SIGNING_CERTIFICATE_PASSWORD }}
 
       - name: Upload signed connectors
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         with:
           name: Signed Exasol Tableau Connectors
           path: target/tableau-exasol-connector-*.taco
 
       - name: Set up JDK 11
         uses: actions/setup-java@v3
         with:
-          distribution: 'temurin'
+          distribution: "temurin"
           java-version: 11
-          cache: 'maven'
+          cache: "maven"
 
       - name: Project Keeper Verify
         run: mvn --batch-mode -DtrimStackTrace=false --projects . test com.exasol:project-keeper-maven-plugin:verify
diff --git a/.project-keeper.yml b/.project-keeper.yml
@@ -28,4 +28,3 @@ excludes:
   - "E-PK-CORE-17: Missing required file: '.github/workflows/release_droid_prepare_original_checksum.yml'"
   - "E-PK-CORE-17: Missing required file: '.github/workflows/release_droid_print_quick_checksum.yml'"
   - "E-PK-CORE-18: Outdated content: '.github/workflows/release_droid_upload_github_release_assets.yml'"
-  - regex: "E-PK-CORE-53: The dependencies.md file has outdated content.*"
diff --git a/dependencies.md b/dependencies.md
diff --git a/doc/changes/changes_1.0.4.md b/doc/changes/changes_1.0.4.md
@@ -4,9 +4,80 @@ Code name:
 
 ## Summary
 
+This release fixes CVE-2022-45688 in test dependency `org.json:json`.
+
 ## Features
 
 ## Refactoring
 
 * #66: Configured JavaScript test module for Project Keeper
 
+## Security
+
+* #69: Fixed vulnerability in test dependency
+
+## Dependency Updates
+
+### JDBC Kerberos Setup Tests
+
+#### Runtime Dependency Updates
+
+* Updated `com.exasol:exasol-jdbc:7.1.16` to `7.1.19`
+
+#### Test Dependency Updates
+
+* Updated `org.junit.jupiter:junit-jupiter:5.9.1` to `5.9.3`
+
+#### Plugin Dependency Updates
+
+* Updated `com.exasol:error-code-crawler-maven-plugin:1.2.2` to `1.2.3`
+* Updated `com.exasol:project-keeper-maven-plugin:2.9.3` to `2.9.7`
+* Updated `org.apache.maven.plugins:maven-compiler-plugin:3.10.1` to `3.11.0`
+* Updated `org.apache.maven.plugins:maven-enforcer-plugin:3.1.0` to `3.3.0`
+* Updated `org.apache.maven.plugins:maven-surefire-plugin:3.0.0-M8` to `3.0.0`
+* Added `org.basepom.maven:duplicate-finder-maven-plugin:1.5.1`
+* Updated `org.codehaus.mojo:flatten-maven-plugin:1.3.0` to `1.4.1`
+* Updated `org.codehaus.mojo:versions-maven-plugin:2.14.2` to `2.15.0`
+* Updated `org.jacoco:jacoco-maven-plugin:0.8.8` to `0.8.9`
+
+### Tableau Server GUI Tests
+
+#### Test Dependency Updates
+
+* Updated `com.exasol:exasol-testcontainers:6.3.1` to `6.5.2`
+* Updated `com.exasol:test-db-builder-java:3.4.1` to `3.4.2`
+* Added `com.fasterxml.jackson.core:jackson-databind:2.15.0`
+* Added `commons-io:commons-io:2.11.0`
+* Updated `io.github.bonigarcia:webdrivermanager:5.3.1` to `5.3.2`
+* Added `org.bouncycastle:bcprov-jdk15on:1.70`
+* Updated `org.json:json:20220924` to `20230227`
+* Updated `org.junit.jupiter:junit-jupiter:5.9.1` to `5.9.3`
+* Updated `org.seleniumhq.selenium:selenium-java:4.7.0` to `4.9.1`
+* Updated `org.testcontainers:junit-jupiter:1.17.6` to `1.18.0`
+
+#### Plugin Dependency Updates
+
+* Updated `com.exasol:error-code-crawler-maven-plugin:1.2.2` to `1.2.3`
+* Updated `com.exasol:project-keeper-maven-plugin:2.9.3` to `2.9.7`
+* Updated `org.apache.maven.plugins:maven-compiler-plugin:3.10.1` to `3.11.0`
+* Updated `org.apache.maven.plugins:maven-enforcer-plugin:3.1.0` to `3.3.0`
+* Updated `org.apache.maven.plugins:maven-surefire-plugin:3.0.0-M8` to `3.0.0`
+* Added `org.basepom.maven:duplicate-finder-maven-plugin:1.5.1`
+* Updated `org.codehaus.mojo:exec-maven-plugin:3.0.0` to `3.1.0`
+* Updated `org.codehaus.mojo:flatten-maven-plugin:1.3.0` to `1.4.1`
+* Updated `org.codehaus.mojo:versions-maven-plugin:2.14.2` to `2.15.0`
+* Updated `org.jacoco:jacoco-maven-plugin:0.8.8` to `0.8.9`
+
+### Exasol Connector for Tableau
+
+#### Plugin Dependency Updates
+
+* Updated `com.exasol:error-code-crawler-maven-plugin:1.2.2` to `1.2.3`
+* Updated `com.exasol:project-keeper-maven-plugin:2.9.3` to `2.9.7`
+* Updated `org.apache.maven.plugins:maven-compiler-plugin:3.10.1` to `3.11.0`
+* Updated `org.apache.maven.plugins:maven-enforcer-plugin:3.1.0` to `3.3.0`
+* Updated `org.apache.maven.plugins:maven-surefire-plugin:3.0.0-M8` to `3.0.0`
+* Added `org.basepom.maven:duplicate-finder-maven-plugin:1.5.1`
+* Updated `org.codehaus.mojo:flatten-maven-plugin:1.3.0` to `1.4.1`
+* Updated `org.codehaus.mojo:versions-maven-plugin:2.14.2` to `2.15.0`
+* Updated `org.jacoco:jacoco-maven-plugin:0.8.8` to `0.8.9`