From 60d719744a0c94359c7da15e1d109bcabf6636f2 Mon Sep 17 00:00:00 2001 From: Amin Lajmi <76781027+mohamedlajmileanix@users.noreply.github.com> Date: Tue, 5 Mar 2024 15:39:03 +0100 Subject: [PATCH 1/2] CID-2409: fix vulnerabilities --- build.gradle.kts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/build.gradle.kts b/build.gradle.kts index 7e15541..1927e99 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -2,7 +2,7 @@ import com.expediagroup.graphql.plugin.gradle.tasks.GraphQLGenerateClientTask import org.jetbrains.kotlin.gradle.tasks.KotlinCompile plugins { - id("org.springframework.boot") version "3.2.0" + id("org.springframework.boot") version "3.2.3" id("io.spring.dependency-management") version "1.1.4" id("com.expediagroup.graphql") version "7.0.2" id("io.gitlab.arturbosch.detekt") version "1.23.4" @@ -80,4 +80,4 @@ configurations.all { force("ch.qos.logback:logback-core:1.4.14") force("ch.qos.logback:logback-classic:1.4.14") } -} \ No newline at end of file +} From a14c8bb8c74e2b53559d1c361c05bb4e173842a6 Mon Sep 17 00:00:00 2001 From: mohamedlajmileanix Date: Wed, 6 Mar 2024 14:15:14 +0100 Subject: [PATCH 2/2] CID-2409: Fix Snyk action --- .github/workflows/snyk-scan.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/workflows/snyk-scan.yml b/.github/workflows/snyk-scan.yml index 652b919..6b63bff 100644 --- a/.github/workflows/snyk-scan.yml +++ b/.github/workflows/snyk-scan.yml @@ -11,11 +11,10 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@master - - name: Get credentials - uses: leanix/secrets-action@master - with: - secret-store-credentials: ${{ secrets.INJECTED_SECRET_STORE_CREDENTIALS }} + - uses: snyk/actions/gradle@master with: command: monitor args: --all-projects --exclude=k8s -d --severity-threshold=high --remote-repo-url=leanix/vsm-sbom-booster --project-tags=Team=Cider + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}