From 81b724c72d7a9db751e5231bf28c1d296afdb836 Mon Sep 17 00:00:00 2001 From: Particular Bot Date: Mon, 18 Mar 2024 08:43:26 -0500 Subject: [PATCH] CVE-2022-48282: Bump MongoDB.Driver to non-vulnerable version (#603) * Updates for .NET 8 * Bump minimum MongoDB client version * Update mongodb action --------- Co-authored-by: internalautomation[bot] <85681268+internalautomation[bot]@users.noreply.github.com> Co-authored-by: David Boike Co-authored-by: Daniel Marbach --- .github/workflows/ci.yml | 14 +++++++++----- .github/workflows/release.yml | 14 +++++++++----- ...rviceBus.Storage.MongoDB.AcceptanceTests.csproj | 10 +++++----- ...Bus.Storage.MongoDB.NoTx.AcceptanceTests.csproj | 10 +++++----- ...viceBus.Storage.MongoDB.PersistenceTests.csproj | 10 +++++----- .../NServiceBus.Storage.MongoDB.Tests.csproj | 10 +++++----- ...oDB.TransactionalSession.AcceptanceTests.csproj | 10 +++++----- ...orage.MongoDB.TransactionalSession.Tests.csproj | 8 ++++---- .../NServiceBus.Storage.MongoDB.csproj | 2 +- 9 files changed, 48 insertions(+), 40 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3d24f88d..bb523d6a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -8,6 +8,9 @@ on: workflow_dispatch: env: DOTNET_NOLOGO: true +defaults: + run: + shell: pwsh jobs: build: name: ${{ matrix.name }} @@ -22,29 +25,30 @@ jobs: fail-fast: false steps: - name: Checkout - uses: actions/checkout@v3.2.0 + uses: actions/checkout@v4.1.1 with: fetch-depth: 0 - name: Setup .NET SDK - uses: actions/setup-dotnet@v3.0.3 + uses: actions/setup-dotnet@v4.0.0 with: dotnet-version: | + 8.0.x 7.0.x 6.0.x - name: Build run: dotnet build src --configuration Release - name: Upload packages if: matrix.name == 'Windows' - uses: actions/upload-artifact@v3.1.1 + uses: actions/upload-artifact@v4.3.1 with: name: NuGet packages path: nugets/ retention-days: 7 - name: Setup MongoDB Server - uses: Particular/setup-mongodb-action@v1.3.0 + uses: Particular/setup-mongodb-action@v1.4.0 with: connection-string-name: NServiceBusStorageMongoDB_ConnectionString mongodb-port: 27018 mongodb-replica-set: tr0 - name: Run tests - uses: Particular/run-tests-action@v1.4.0 + uses: Particular/run-tests-action@v1.7.0 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 024c7b38..018afa75 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -6,18 +6,21 @@ on: - '[0-9]+.[0-9]+.[0-9]+-*' env: DOTNET_NOLOGO: true +defaults: + run: + shell: pwsh jobs: release: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v3.2.0 + uses: actions/checkout@v4.1.1 with: fetch-depth: 0 - name: Setup .NET SDK - uses: actions/setup-dotnet@v3.0.3 + uses: actions/setup-dotnet@v4.0.0 with: - dotnet-version: 7.0.x + dotnet-version: 8.0.x - name: Build run: dotnet build src --configuration Release - name: Sign NuGet packages @@ -28,13 +31,14 @@ jobs: client-secret: ${{ secrets.AZURE_KEY_VAULT_CLIENT_SECRET }} certificate-name: ${{ secrets.AZURE_KEY_VAULT_CERTIFICATE_NAME }} - name: Publish artifacts - uses: actions/upload-artifact@v3.1.1 + uses: actions/upload-artifact@v4.3.1 with: name: nugets path: nugets/* retention-days: 1 - name: Deploy - uses: Particular/push-octopus-package-action@v1.0.0 + # Does not follow standard practice of targeting explicit versions because configuration is tightly coupled to Octopus Deploy configuration + uses: Particular/push-octopus-package-action@main with: octopus-deploy-api-key: ${{ secrets.OCTOPUS_DEPLOY_API_KEY }} diff --git a/src/NServiceBus.Storage.MongoDB.AcceptanceTests/NServiceBus.Storage.MongoDB.AcceptanceTests.csproj b/src/NServiceBus.Storage.MongoDB.AcceptanceTests/NServiceBus.Storage.MongoDB.AcceptanceTests.csproj index 8d12885a..8d88ba9e 100644 --- a/src/NServiceBus.Storage.MongoDB.AcceptanceTests/NServiceBus.Storage.MongoDB.AcceptanceTests.csproj +++ b/src/NServiceBus.Storage.MongoDB.AcceptanceTests/NServiceBus.Storage.MongoDB.AcceptanceTests.csproj @@ -1,7 +1,7 @@  - net472;net6.0;net7.0 + net481;net6.0;net7.0;net8.0 @@ -9,11 +9,11 @@ - - + + - - + + diff --git a/src/NServiceBus.Storage.MongoDB.NoTx.AcceptanceTests/NServiceBus.Storage.MongoDB.NoTx.AcceptanceTests.csproj b/src/NServiceBus.Storage.MongoDB.NoTx.AcceptanceTests/NServiceBus.Storage.MongoDB.NoTx.AcceptanceTests.csproj index 8d12885a..8d88ba9e 100644 --- a/src/NServiceBus.Storage.MongoDB.NoTx.AcceptanceTests/NServiceBus.Storage.MongoDB.NoTx.AcceptanceTests.csproj +++ b/src/NServiceBus.Storage.MongoDB.NoTx.AcceptanceTests/NServiceBus.Storage.MongoDB.NoTx.AcceptanceTests.csproj @@ -1,7 +1,7 @@  - net472;net6.0;net7.0 + net481;net6.0;net7.0;net8.0 @@ -9,11 +9,11 @@ - - + + - - + + diff --git a/src/NServiceBus.Storage.MongoDB.PersistenceTests/NServiceBus.Storage.MongoDB.PersistenceTests.csproj b/src/NServiceBus.Storage.MongoDB.PersistenceTests/NServiceBus.Storage.MongoDB.PersistenceTests.csproj index f944eccb..73decadb 100644 --- a/src/NServiceBus.Storage.MongoDB.PersistenceTests/NServiceBus.Storage.MongoDB.PersistenceTests.csproj +++ b/src/NServiceBus.Storage.MongoDB.PersistenceTests/NServiceBus.Storage.MongoDB.PersistenceTests.csproj @@ -1,7 +1,7 @@  - net472;net6.0;net7.0 + net481;net6.0;net7.0;net8.0 @@ -9,11 +9,11 @@ - - + + - - + + diff --git a/src/NServiceBus.Storage.MongoDB.Tests/NServiceBus.Storage.MongoDB.Tests.csproj b/src/NServiceBus.Storage.MongoDB.Tests/NServiceBus.Storage.MongoDB.Tests.csproj index 66600367..a46c8dd1 100644 --- a/src/NServiceBus.Storage.MongoDB.Tests/NServiceBus.Storage.MongoDB.Tests.csproj +++ b/src/NServiceBus.Storage.MongoDB.Tests/NServiceBus.Storage.MongoDB.Tests.csproj @@ -1,7 +1,7 @@  - net472;net6.0;net7.0 + net481;net6.0;net7.0;net8.0 10.0 @@ -10,12 +10,12 @@ - - + + - - + + diff --git a/src/NServiceBus.Storage.MongoDB.TransactionalSession.AcceptanceTests/NServiceBus.Storage.MongoDB.TransactionalSession.AcceptanceTests.csproj b/src/NServiceBus.Storage.MongoDB.TransactionalSession.AcceptanceTests/NServiceBus.Storage.MongoDB.TransactionalSession.AcceptanceTests.csproj index a234563d..c81a4edf 100644 --- a/src/NServiceBus.Storage.MongoDB.TransactionalSession.AcceptanceTests/NServiceBus.Storage.MongoDB.TransactionalSession.AcceptanceTests.csproj +++ b/src/NServiceBus.Storage.MongoDB.TransactionalSession.AcceptanceTests/NServiceBus.Storage.MongoDB.TransactionalSession.AcceptanceTests.csproj @@ -1,19 +1,19 @@  - net472;net6.0;net7.0 + net481;net6.0;net7.0;net8.0 10.0 NServiceBus.TransactionalSession.AcceptanceTests - - + + - - + + diff --git a/src/NServiceBus.Storage.MongoDB.TransactionalSession.Tests/NServiceBus.Storage.MongoDB.TransactionalSession.Tests.csproj b/src/NServiceBus.Storage.MongoDB.TransactionalSession.Tests/NServiceBus.Storage.MongoDB.TransactionalSession.Tests.csproj index 535d3a8e..67ad994e 100644 --- a/src/NServiceBus.Storage.MongoDB.TransactionalSession.Tests/NServiceBus.Storage.MongoDB.TransactionalSession.Tests.csproj +++ b/src/NServiceBus.Storage.MongoDB.TransactionalSession.Tests/NServiceBus.Storage.MongoDB.TransactionalSession.Tests.csproj @@ -1,14 +1,14 @@  - net472;net6.0;net7.0 + net481;net6.0;net7.0;net8.0 10.0 - - - + + + diff --git a/src/NServiceBus.Storage.MongoDB/NServiceBus.Storage.MongoDB.csproj b/src/NServiceBus.Storage.MongoDB/NServiceBus.Storage.MongoDB.csproj index bc18d91c..08b32de5 100644 --- a/src/NServiceBus.Storage.MongoDB/NServiceBus.Storage.MongoDB.csproj +++ b/src/NServiceBus.Storage.MongoDB/NServiceBus.Storage.MongoDB.csproj @@ -6,7 +6,7 @@ - +