feat(akhq): bump deps to remediate GHSA-j288-q9x7-2f5v and GHSA-xwmg-2g98-w7v9 and upgrade package

akhq.yaml

@@ -1,7 +1,7 @@
 package:
   name: akhq
-  version: 0.25.1
-  epoch: 4
+  version: 0.26.0
+  epoch: 0
   description: "Kafka GUI for Apache Kafka to manage topics, topics data, consumers group, schema registry, connect and more"
   copyright:
     - license: Apache-2.0
@@ -22,14 +22,15 @@ environment:
 pipeline:
   - uses: git-checkout
     with:
-      expected-commit: cf173a61e241ff6dd6c9bd14819c7487e216fdf6
+      expected-commit: a39a1d0d4af145e9cd4f72399f919bb36b9900a0
       repository: https://github.com/tchiotludo/akhq
       tag: ${{package.version}}
 
   - uses: patch
     with:
+      # includes patches for GHSA-pr98-23f8-jwxv, GHSA-6v67-2wr5-gvf4, GHSA-4g8c-wm8x-jfhw, GHSA-4g8c-wm8x-jfhw, GHSA-pq2g-wx69-c263, CVE-2025-48734, GHSA-j288-q9x7-2f5v and GHSA-xwmg-2g98-w7v9
       patches: |
-        cves-20250220.patch cves-20250530.patch
+        cves-20250714.patch
 
   - runs: |
       ./gradlew build -x test -x startTestKafkaCluster --parallel --no-daemon
@@ -48,6 +49,7 @@ pipeline:
       mkdir -p ${{targets.destdir}}/usr/local/bin/
       sed 's/\/app\/application.yml/\/usr\/share\/java\/akhq\/application.yml/g' docker/usr/local/bin/docker-entrypoint.sh > "${{targets.destdir}}"/usr/local/bin/docker-entrypoint.sh
       chmod 755 "${{targets.destdir}}"/usr/local/bin/docker-entrypoint.sh
+      sed -i 's/exec.*/exec \"\$@\"/' "${{targets.destdir}}"/usr/local/bin/docker-entrypoint.sh
 
   - uses: strip
 

akhq/cves-20250220.patch → akhq/cves-20250714.patch

@@ -1,41 +1,23 @@
-From 1b33eb3f589cc110522b6a0da7e9c4eeb40cbdd8 Mon Sep 17 00:00:00 2001
-From: Kyle Steere <kyle.steere@chainguard.dev>
-Date: Mon, 13 Jan 2025 07:47:28 -0600
-Subject: [PATCH] fix: requests patch
-
-fixes GHSA-pr98-23f8-jwxv and GHSA-6v67-2wr5-gvf4
-
-Signed-off-by: Kyle Steere <kyle.steere@chainguard.dev>
-
-fixed GHSA-4g8c-wm8x-jfhw
-
-Signed-off-by: Kyle Steere <kyle.steere@chainguard.dev>
-
-fix GHSA-4g8c-wm8x-jfhw, GHSA-pq2g-wx69-c263
-
-Signed-off-by: Kyle Steere <kyle.steere@chainguard.dev>
----
- build.gradle      | 11 +++++++++--
- gradle.properties |  7 ++++++-
- 2 files changed, 15 insertions(+), 3 deletions(-)
-
 diff --git a/build.gradle b/build.gradle
-index d9d4fa7a..f8107bb8 100644
+index 6b2e9464..795fa607 100644
 --- a/build.gradle
 +++ b/build.gradle
-@@ -49,6 +49,11 @@ configurations.all {
+@@ -49,6 +49,14 @@ configurations.all {
          force("com.fasterxml.jackson.core:jackson-databind:" + jacksonVersion)
          force("com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:" + jacksonVersion)
          force("com.fasterxml.jackson.module:jackson-module-scala_" + kafkaScalaVersion + ":" + jacksonVersion)
++        force("commons-beanutils:commons-beanutils:" + beansVersion)
 +        force("io.vertx:vertx-core:" + vertxVersion)
 +        force("org.apache.commons:commons-compress:" + commonsCompressVersion)
 +        force("io.netty:netty-handler:" + nettyVersion)
 +        force("org.eclipse.jetty:jetty-http:" + jettyHttpVersion)
 +        force("net.minidev:json-smart:2.5.2")
++        force("org.apache.commons:commons-lang3:" + lang3Version)
++        force("com.nimbusds:nimbus-jose-jwt:" + nimbusJoseJwtVersion)
      }
  }
-
-@@ -93,7 +98,7 @@ dependencies {
+ 
+@@ -93,7 +101,7 @@ dependencies {
      implementation("io.micronaut:micronaut-http-server-netty")
      implementation("io.micronaut:micronaut-jackson-databind")
      implementation("io.swagger.core.v3:swagger-annotations")
@@ -44,39 +26,39 @@ index d9d4fa7a..f8107bb8 100644
      runtimeOnly("org.yaml:snakeyaml")
      implementation("io.micronaut.security:micronaut-security-annotations")
      implementation("io.micronaut.security:micronaut-security-jwt")
-@@ -136,7 +141,7 @@ dependencies {
-     implementation 'com.fasterxml.jackson.datatype:jackson-datatype-jsr310'
-
-     // avro
--    implementation 'org.apache.avro:avro:1.11.3'
-+    implementation 'org.apache.avro:avro:1.12.0'
-
-     // jackson-module-scala
-     implementation group: 'com.fasterxml.jackson.module', name: 'jackson-module-scala_2.13', version: '2.17.1'
-@@ -173,6 +178,8 @@ dependencies {
-     implementation group: 'io.projectreactor', name: 'reactor-core', version: '3.6.7'
-
+@@ -174,6 +182,8 @@ dependencies {
+     implementation group: 'io.projectreactor', name: 'reactor-core', version: '3.7.6'
+
      implementation 'io.jsonwebtoken:jjwt-impl:0.12.6'
 +
 +    implementation 'io.netty:netty-common:4.1.118.Final'
  }
-
+ 
  /**********************************************************************************************************************\
+@@ -295,4 +305,4 @@ shadowJar {
+
+ processResources.dependsOn ":client:installFrontend"
+ processResources.dependsOn ":client:assembleFrontend"
+-processResources.dependsOn ":client:copyClientResources"
++processResources.dependsOn ":client:copyClientResources"
+\ No newline at end of file
 diff --git a/gradle.properties b/gradle.properties
-index ae531b3b..7a70b71d 100644
+index ae531b3b..362fbd59 100644
 --- a/gradle.properties
 +++ b/gradle.properties
-@@ -3,4 +3,9 @@ confluentVersion=7.4.4
+@@ -3,4 +3,12 @@ confluentVersion=7.4.4
  kafkaVersion=3.6.2
  kafkaScalaVersion=2.13
  lombokVersion=1.18.32
 -jacksonVersion=2.17.1
 \ No newline at end of file
 +jacksonVersion=2.17.1
++lang3Version=3.18.0
++nimbusJoseJwtVersion=10.0.2
 +logbackVersion=1.5.16
 +commonsCompressVersion=1.26.0
 +vertxVersion=4.4.8
 +nettyVersion=4.1.118.Final
 +jettyHttpVersion=12.0.12
---
-2.43.0
++beansVersion=1.11.0
+\ No newline at end of file