[Snyk] Security upgrade com.google.http-client:google-http-client-jackson2 from 1.42.3 to 1.45.0 #9242
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…8483) * fix(jans-cli-tui): retreive access_token_signing_alg_values_supported from auth server Signed-off-by: Mustafa Baser <[email protected]> * feat(jans-cli-tui): Transaction Token properties for clients Signed-off-by: Mustafa Baser <[email protected]> --------- Signed-off-by: Mustafa Baser <[email protected]>
Fix indentation for JAVA_OPTIONS in deployments. Signed-off-by: saernz <[email protected]> Co-authored-by: saernz <[email protected]> Co-authored-by: Mohammad Abudayyeh <[email protected]>
…3547864782656a to 31a54ee7ebcacc03a09ea97a7e5465a47b84aea5 (#8472) chore(deps): bump dorny/test-reporter Bumps [dorny/test-reporter](https://github.com/dorny/test-reporter) from 1e3a380fe6f25600635b111ddb3547864782656a to 31a54ee7ebcacc03a09ea97a7e5465a47b84aea5. - [Release notes](https://github.com/dorny/test-reporter/releases) - [Changelog](https://github.com/dorny/test-reporter/blob/main/CHANGELOG.md) - [Commits](dorny/test-reporter@1e3a380...31a54ee) --- updated-dependencies: - dependency-name: dorny/test-reporter dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Mohammad Abudayyeh <[email protected]>
* feat(cloud-native): add support for keycloak scheduler Signed-off-by: iromli <[email protected]> * feat(cloud-native): add configurable logging Signed-off-by: iromli <[email protected]> * feat: add charts for kc-scheduler Signed-off-by: iromli <[email protected]> * refactor(cloud-native): simplify logging configuration for job Signed-off-by: iromli <[email protected]> * chore: add symlink to main entrypoint.sh Signed-off-by: iromli <[email protected]> * ci: add docker-jans-kc-scheduler to workflow and dependabot list Signed-off-by: iromli <[email protected]> * docs: add docker-jans-kc-scheduler docs Signed-off-by: iromli <[email protected]> * fix: add missing HostAliases for Helm charts Signed-off-by: iromli <[email protected]> * fix: add hostAliases only if FQDN not registered Signed-off-by: iromli <[email protected]> * fix: enable FILE appender-ref to avoid logback status warning Signed-off-by: iromli <[email protected]> * chore: update kc-jans-scheduler Signed-off-by: iromli <[email protected]> * docs: update reference to docker-jans-kc-scheduler docs Signed-off-by: iromli <[email protected]> * fix(charts): ensure kc-scheduler cronjob is enabled only when kc-scheduler and saml are enabled Signed-off-by: iromli <[email protected]> --------- Signed-off-by: iromli <[email protected]> Co-authored-by: Mohammad Abudayyeh <[email protected]>
* chore(deps): bump docker/build-push-action from 5.1.0 to 5.3.0 Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 5.1.0 to 5.3.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@4a13e50...2cdde99) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * ci: docker_build_image.yml Signed-off-by: Mohammad Abudayyeh <[email protected]> --------- Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Mohammad Abudayyeh <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Mohammad Abudayyeh <[email protected]>
…ll-in-one/app (#8434) chore(deps): bump marshmallow in /docker-jans-all-in-one/app Bumps [marshmallow](https://github.com/marshmallow-code/marshmallow) from 3.21.1 to 3.21.2. - [Changelog](https://github.com/marshmallow-code/marshmallow/blob/dev/CHANGELOG.rst) - [Commits](marshmallow-code/marshmallow@3.21.1...3.21.2) --- updated-dependencies: - dependency-name: marshmallow dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Mohammad Abudayyeh <[email protected]>
…onfigurator (#8435) chore(deps): bump marshmallow in /docker-jans-configurator Bumps [marshmallow](https://github.com/marshmallow-code/marshmallow) from 3.21.1 to 3.21.2. - [Changelog](https://github.com/marshmallow-code/marshmallow/blob/dev/CHANGELOG.rst) - [Commits](marshmallow-code/marshmallow@3.21.1...3.21.2) --- updated-dependencies: - dependency-name: marshmallow dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Mohammad Abudayyeh <[email protected]>
) Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.6.1 to 2.7.1. - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](step-security/harden-runner@eb238b5...a4aa98b) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
test: fix docker loadtesting Signed-off-by: moabu <[email protected]>
…ided (#8503) * feat(config-api): asset directory mapping logic Signed-off-by: pujavs <[email protected]> * feat(config-api): asset service path Signed-off-by: pujavs <[email protected]> * feat(config-api): asset service path Signed-off-by: pujavs <[email protected]> * fix(config-api): sync with main Signed-off-by: pujavs <[email protected]> * fix(config-api): asset mgt wip Signed-off-by: pujavs <[email protected]> * feat(config-api): asset mgt service changes Signed-off-by: pujavs <[email protected]> --------- Signed-off-by: pujavs <[email protected]>
* docs: add network traffic notes * docs: add network traffic notes Signed-off-by: Amro Misbah <[email protected]> * docs: add external communication Signed-off-by: Amro Misbah <[email protected]> * docs: add jans-saml instructions Signed-off-by: Amro Misbah <[email protected]> * docs: postgres backend option Signed-off-by: Amro Misbah <[email protected]> --------- Signed-off-by: Amro Misbah <[email protected]> Co-authored-by: Mohammad Abudayyeh <[email protected]>
…ec (#8471) * feat(jans-auth-server): upgrade tx_token implementation to latest spec #7903 Signed-off-by: YuriyZ <[email protected]> * feat(jans-auth-server): token type update #7903 Signed-off-by: YuriyZ <[email protected]> * feat(jans-auth-server): added convenient base64url decode method #7903 Signed-off-by: YuriyZ <[email protected]> * feat(jans-auth-server): added token_type=N_A #7903 Signed-off-by: YuriyZ <[email protected]> * feat(jans-auth-server): updated transaction token tests #7903 Signed-off-by: YuriyZ <[email protected]> * feat(jans-auth-server): added request context and request details to token request #7903 Signed-off-by: YuriyZ <[email protected]> * feat(jans-auth-server): corrected docs according to latest tx token spec #7903 Signed-off-by: YuriyZ <[email protected]> --------- Signed-off-by: YuriyZ <[email protected]>
fix: update how external uids are retrieved #8478 Signed-off-by: jgomer2001 <[email protected]>
fix: update authenticate method for step 1 #8480 Signed-off-by: jgomer2001 <[email protected]> Co-authored-by: Mohammad Abudayyeh <[email protected]>
Signed-off-by: shekhar16 <[email protected]>
* fix(config-api): removing not used dependency Signed-off-by: pujavs <[email protected]> * fix(config-api): removing not used dependency Signed-off-by: pujavs <[email protected]> * fix(config-api): resolve conflict Signed-off-by: pujavs <[email protected]> --------- Signed-off-by: pujavs <[email protected]>
* chore: update chore image used Signed-off-by: moabu <[email protected]> * fix: enforce python libs installation without using venv Signed-off-by: iromli <[email protected]> * ci: fix loadtest image Signed-off-by: moabu <[email protected]> --------- Signed-off-by: moabu <[email protected]> Signed-off-by: iromli <[email protected]> Co-authored-by: iromli <[email protected]>
Signed-off-by: iromli <[email protected]>
…ovided (#8511) * feat(cloud-native): save asset on server based on the service list provided Signed-off-by: iromli <[email protected]> * chore: update assets and artifacts Signed-off-by: iromli <[email protected]> * chore: remove unused dependencies Signed-off-by: iromli <[email protected]> --------- Signed-off-by: iromli <[email protected]>
…wt and as separate attribute in persistence #8512 (#8516) * feat(jans-auth-server): added short uuid with length = 22 #8512 Signed-off-by: YuriyZ <[email protected]> * feat(jans-auth-server): added reference_id to token schema #8512 Signed-off-by: YuriyZ <[email protected]> * feat(jans-auth-server): propagate reference_id to token and grant objects #8512 Signed-off-by: YuriyZ <[email protected]> * feat(jans-auth-server): generate and keep jti in execution context #8512 Signed-off-by: YuriyZ <[email protected]> --------- Signed-off-by: YuriyZ <[email protected]>
Signed-off-by: shekhar16 <[email protected]>
…for new fields (#8530) * fix(config-api): user attribute validation error handling Signed-off-by: pujavs <[email protected]> * fix(config-api): user attribute validation error handling Signed-off-by: pujavs <[email protected]> * fix(config-api): user attribute validation error handling Signed-off-by: pujavs <[email protected]> * fix: added new IDP attributes Signed-off-by: pujavs <[email protected]> * fix: added new IDP attributes Signed-off-by: pujavs <[email protected]> * fix(config-api): idp default values set Signed-off-by: pujavs <[email protected]> * fix(config-api): idp metadata default values issue#8384 Signed-off-by: pujavs <[email protected]> * feat: idp metadata default value and removing filepath in document-store Signed-off-by: pujavs <[email protected]> * feat: idp metadata default value and removing filepath in document-store Signed-off-by: pujavs <[email protected]> * fix: assetmgt and idp changes Signed-off-by: pujavs <[email protected]> * fix: assetmgt and idp changes Signed-off-by: pujavs <[email protected]> --------- Signed-off-by: pujavs <[email protected]>
…encies (#8544) * docs: install `mkdocs-include-markdown-plugin` along with dependencies Signed-off-by: ossdhaval <[email protected]> * docs: put dependencies in correct category Signed-off-by: ossdhaval <[email protected]> * docs: add the `mkdocs-include-markdown-plugin` to the mkdocs config Signed-off-by: ossdhaval <[email protected]> --------- Signed-off-by: ossdhaval <[email protected]>
* fix(config-api): user attribute validation error handling Signed-off-by: pujavs <[email protected]> * fix(config-api): user attribute validation error handling Signed-off-by: pujavs <[email protected]> * fix(config-api): user attribute validation error handling Signed-off-by: pujavs <[email protected]> * fix: added new IDP attributes Signed-off-by: pujavs <[email protected]> * fix: added new IDP attributes Signed-off-by: pujavs <[email protected]> * fix(config-api): idp default values set Signed-off-by: pujavs <[email protected]> * fix(config-api): idp metadata default values issue#8384 Signed-off-by: pujavs <[email protected]> * feat: idp metadata default value and removing filepath in document-store Signed-off-by: pujavs <[email protected]> * feat: idp metadata default value and removing filepath in document-store Signed-off-by: pujavs <[email protected]> * fix: assetmgt and idp changes Signed-off-by: pujavs <[email protected]> * fix: assetmgt and idp changes Signed-off-by: pujavs <[email protected]> * fix(config-api): validation for imp fields of asset mgt Signed-off-by: pujavs <[email protected]> --------- Signed-off-by: pujavs <[email protected]>
…8538) Signed-off-by: Mustafa Baser <[email protected]>
* feat(jans-config-api): regenerate lock swagger api Signed-off-by: Yuriy Movchan <[email protected]> * feat(jans-lock): reffactor to add statistics support Signed-off-by: Yuriy Movchan <[email protected]> * feat(jans-lock): reffactor code to reuse in message-hub Signed-off-by: Yuriy Movchan <[email protected]> --------- Signed-off-by: Yuriy Movchan <[email protected]> Co-authored-by: Yuriy M <[email protected]>
Signed-off-by: Mustafa Baser <[email protected]>
Signed-off-by: Yuriy Movchan <[email protected]>
…8502) * Improved Monolith behavior during restarts (see #8414) - restart (or stop then start): CMD in Dockerfile will now clean the jetty temp directory to prevent disk size grow - down then up: added scripts (down.sh and up.sh) that create a post installation image on a down and use it on a later up such that only first up runs the installation script - clean: added clean.sh script to remove all docker artifacts (allows for a fresh start) - Guidelines: Updated README.md and Guiding echoes in startjanssenmonolithdemo.sh - host mounted log files: The log files are now mounted on the host to improve access to them and being capable to delete them easily * ci: update automation script to use up script Signed-off-by: Mohammad Abudayyeh <[email protected]> * Incorperated Reviewer Requests: - rm after && in command hint - starting up in detached mode - stating bash explicitly for executing the scripts - added missing fi Signed-off-by: Markus Knecht [email protected] * Fixed miss typed names (JANNSEN -> JANSSEN) Signed-off-by: Markus Knecht <[email protected]> --------- Signed-off-by: Mohammad Abudayyeh <[email protected]> Signed-off-by: Markus Knecht [email protected] Signed-off-by: Markus Knecht <[email protected]> Co-authored-by: Mohammad Abudayyeh <[email protected]>
…ges #9031 (#9190) * feat(jans-auth-server): added X-Frame-Options header support to AS pages #9031 Signed-off-by: YuriyZ <[email protected]> * docs(jans-auth-server): added docs for X-Frame-Options header support #9031 Signed-off-by: YuriyZ <[email protected]> --------- Signed-off-by: YuriyZ <[email protected]>
Signed-off-by: pujavs <[email protected]>
…ytes in logs (#9143) * fix(docker-jans-config-api): calling assets API produces unreadable bytes in logs Signed-off-by: iromli <[email protected]> * chore: update jans-config-api-server Signed-off-by: iromli <[email protected]> --------- Signed-off-by: iromli <[email protected]> Signed-off-by: Isman Firmansyah <[email protected]>
fix: do not remove shared source files #9153 Signed-off-by: jgomer2001 <[email protected]>
Signed-off-by: Amro Misbah <[email protected]> Co-authored-by: Mohammad Abudayyeh <[email protected]>
…/benchmarking/docker-jans-loadtesting-jmeter (#9170) chore(deps): bump blazemeter/taurus Bumps blazemeter/taurus from 1.16.32 to 1.16.33. --- updated-dependencies: - dependency-name: blazemeter/taurus dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Mohammad Abudayyeh <[email protected]>
Signed-off-by: YuriyZ <[email protected]>
Signed-off-by: shekhar16 <[email protected]> Co-authored-by: Dhaval D <[email protected]>
* chore(release): release 1.1.4 Signed-off-by: moabu <[email protected]> * chore: update dockerbuilds Signed-off-by: moabu <[email protected]> * fix(jans-auth): sync test file profile with setup (#9196) * feat: allow access to values stored in cache from templates (#9194) * fix(jans-auth): fix test data (#9201) * fix(jans-auth): fix test data #9201 (#9202) * fix(jans-auth): sync test file profile with setup Signed-off-by: Yuriy Movchan <[email protected]> * fix(jans-auth): sync test file profile with setup Signed-off-by: Yuriy Movchan <[email protected]> * fix(jans-auth): sync test file profile with setup Signed-off-by: Yuriy Movchan <[email protected]> --------- Signed-off-by: Yuriy Movchan <[email protected]> * fix(jans-auth-server): missed chain call in header filter (release 1.1.4) (#9206) fix(jans-auth-server): missed chain call in header filter Signed-off-by: YuriyZ <[email protected]> Co-authored-by: Mohammad Abudayyeh <[email protected]> * chore: update dockerbuilds Signed-off-by: moabu <[email protected]> * fix(jans-auth): fix test data (#9211) * fix(jans-auth): sync test file profile with setup Signed-off-by: Yuriy Movchan <[email protected]> * fix(jans-auth): sync test file profile with setup Signed-off-by: Yuriy Movchan <[email protected]> * fix(jans-auth): sync test file profile with setup Signed-off-by: Yuriy Movchan <[email protected]> --------- Signed-off-by: Yuriy Movchan <[email protected]> * docs(jans): fixing typos and wrong urls (#9210) Signed-off-by: Amro Misbah <[email protected]> Co-authored-by: Mohammad Abudayyeh <[email protected]> --------- Signed-off-by: moabu <[email protected]> Signed-off-by: Yuriy Movchan <[email protected]> Signed-off-by: YuriyZ <[email protected]> Signed-off-by: Amro Misbah <[email protected]> Co-authored-by: Yuriy Movchan <[email protected]> Co-authored-by: Jose Gonzalez <[email protected]> Co-authored-by: YuriyZ <[email protected]> Co-authored-by: Amro Misbah <[email protected]>
Signed-off-by: moabu <[email protected]>
chore: release 1.1.5 SNAPSHOT Signed-off-by: moabu <[email protected]>
* feat: parameterize acr for casa #8848 Signed-off-by: jgomer2001 <[email protected]> * chore: remove wrong annotation #8848 Signed-off-by: jgomer2001 <[email protected]> --------- Signed-off-by: jgomer2001 <[email protected]>
* chore: remove unmaintained SMPP extension #8846 Signed-off-by: jgomer2001 <[email protected]> * chore: misc updates #8848 Signed-off-by: jgomer2001 <[email protected]> * feat: add module with agama project #8846 --------- Signed-off-by: jgomer2001 <[email protected]>
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-7569538
DryRun Security SummaryThe provided code change updates the Expand for full summarySummary: The provided code change is an update to the The Files Changed:
Code AnalysisWe ran
Riskiness🟢 Risk threshold not exceeded. |
mo-auto
added
comp-jans-auth-server
moabu
requested review from
duttarnab,
jgomer2001,
devrimyatar,
moabu and
iromli
as code owners
moabu
force-pushed
the
snyk-fix-08f3c3e4faf1630ef188aa5fca300c4e
branch
from
fe6982c to
87b2fb1
Compare
moabu
force-pushed
the
snyk-fix-08f3c3e4faf1630ef188aa5fca300c4e
branch
from
87b2fb1 to
c5ddb6b
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to fix 1 vulnerabilities in the maven dependencies of this project.
Snyk changed the following file(s):
jans-auth-server/common/pom.xmlVulnerabilities that will be fixed with an upgrade:
SNYK-JAVA-COMFASTERXMLJACKSONCORE-7569538
1.42.3->1.45.0No Known ExploitImportant
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Denial of Service (DoS)