Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Chore: Prepare TX 2412 E2E Tests #101

Merged
merged 25 commits into from
Oct 18, 2024
Merged

Chore: Prepare TX 2412 E2E Tests #101

merged 25 commits into from
Oct 18, 2024

Conversation

drcgjung
Copy link
Contributor

@drcgjung drcgjung commented Oct 9, 2024

WHAT

Contains all version and dependency updates necessary to enter the E2E phase of TX/CX 2412 release.
Also checked with latest TRGs and issues around that.

WHY

We need to mitigate new CVEs and care for the TRGs.

FURTHER NOTES

Closes #91

dependabot bot and others added 25 commits February 1, 2024 05:18
@dependabot
chore(deps): bump docker/metadata-action from 5.0.0 to 5.5.1
db036b8 
Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5.0.0 to 5.5.1.
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Commits](docker/metadata-action@96383f4...8e5442c)

---
updated-dependencies:
- dependency-name: docker/metadata-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
chore(deps): bump org.apache.maven.plugins:maven-jar-plugin
23a6fd5 
Bumps [org.apache.maven.plugins:maven-jar-plugin](https://github.com/apache/maven-jar-plugin) from 2.4 to 3.4.2.
- [Release notes](https://github.com/apache/maven-jar-plugin/releases)
- [Commits](apache/maven-jar-plugin@maven-jar-plugin-2.4...maven-jar-plugin-3.4.2)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-jar-plugin
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
chore(deps): bump junit.version from 5.10.2 to 5.10.3
fc7aecf 
Bumps `junit.version` from 5.10.2 to 5.10.3.

Updates `org.junit:junit-bom` from 5.10.2 to 5.10.3
- [Release notes](https://github.com/junit-team/junit5/releases)
- [Commits](junit-team/junit5@r5.10.2...r5.10.3)

Updates `org.junit.jupiter:junit-jupiter-params` from 5.10.2 to 5.10.3
- [Release notes](https://github.com/junit-team/junit5/releases)
- [Commits](junit-team/junit5@r5.10.2...r5.10.3)

---
updated-dependencies:
- dependency-name: org.junit:junit-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.junit.jupiter:junit-jupiter-params
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
chore(deps): bump org.apache.maven.plugins:maven-shade-plugin
6e01a9e 
Bumps [org.apache.maven.plugins:maven-shade-plugin](https://github.com/apache/maven-shade-plugin) from 3.5.0 to 3.6.0.
- [Release notes](https://github.com/apache/maven-shade-plugin/releases)
- [Commits](apache/maven-shade-plugin@maven-shade-plugin-3.5.0...maven-shade-plugin-3.6.0)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-shade-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
chore(deps): bump actions/cache from 4.0.1 to 4.0.2
27fa94d 
Bumps [actions/cache](https://github.com/actions/cache) from 4.0.1 to 4.0.2.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@ab5e6d0...0c45773)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
chore(deps): bump org.apache.maven.plugins:maven-checkstyle-plugin
30ed878 
Bumps [org.apache.maven.plugins:maven-checkstyle-plugin](https://github.com/apache/maven-checkstyle-plugin) from 3.3.1 to 3.5.0.
- [Commits](apache/maven-checkstyle-plugin@maven-checkstyle-plugin-3.3.1...maven-checkstyle-plugin-3.5.0)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-checkstyle-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
chore(deps): bump actions/setup-python from 5.1.0 to 5.2.0
031b6e6 
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5.1.0 to 5.2.0.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](actions/setup-python@82c7e63...f677139)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
chore(deps): bump actions/checkout from 4.1.1 to 4.2.0
7c3b3b4 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.1 to 4.2.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@b4ffde6...d632683)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
chore(deps): bump org.mockito:mockito-bom from 5.2.0 to 5.14.1
6b6e965 
Bumps [org.mockito:mockito-bom](https://github.com/mockito/mockito) from 5.2.0 to 5.14.1.
- [Release notes](https://github.com/mockito/mockito/releases)
- [Commits](mockito/mockito@v5.2.0...v5.14.1)

---
updated-dependencies:
- dependency-name: org.mockito:mockito-bom
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
chore(deps): bump github/codeql-action from 2.22.6 to 3.26.11
c95b39e 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.6 to 3.26.11.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@v2.22.6...6db8d63)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@drcgjung
chore: upgrade java reference version.
55b1d95
@drcgjung
Merge remote-tracking branch 'origin/dependabot/maven/main/org.mockit…
acc4f0c 
…o-mockito-bom-5.14.1' into feature/2412-release
@drcgjung
Merge remote-tracking branch 'origin/dependabot/github_actions/main/a…
f41f5b8 
…ctions/checkout-4.2.0' into feature/2412-release
@drcgjung
chore: upgrade some versions because of CVEs
a26078e
@drcgjung
Merge remote-tracking branch 'origin/dependabot/github_actions/main/a…
217879e 
…ctions/setup-python-5.2.0' into feature/2412-release
@drcgjung
Merge remote-tracking branch 'origin/dependabot/maven/main/org.apache…
3096710 
….maven.plugins-maven-checkstyle-plugin-3.5.0' into feature/2412-release
@drcgjung
Merge remote-tracking branch 'origin/dependabot/github_actions/main/a…
1948b1d 
…ctions/cache-4.0.2' into feature/2412-release
@drcgjung
Merge remote-tracking branch 'origin/dependabot/maven/main/junit.vers…
feb7f86 
…ion-5.10.3' into feature/2412-release
@drcgjung
Merge remote-tracking branch 'origin/dependabot/maven/main/org.apache…
d45eede 
….maven.plugins-maven-shade-plugin-3.6.0' into feature/2412-release
@drcgjung
Merge remote-tracking branch 'origin/dependabot/maven/main/org.apache…
a92ea78 
….maven.plugins-maven-jar-plugin-3.4.2' into feature/2412-release
@drcgjung
Merge remote-tracking branch 'origin/dependabot/github_actions/main/d…
90bb43e 
…ocker/metadata-action-5.5.1' into feature/2412-release
@drcgjung
chore: upgrade release/chart version
88e14d0
@drcgjung
chore: upgrade some versions and deps.
ec40dca
@drcgjung
chore: up deps.
2c1879e
@drcgjung
chore: add secret scanning workflow.
505c4f0
github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 9, 2024
View reviewed changes
.github/workflows/trufflehog.yml

- name: TruffleHog OSS
id: trufflehog
uses: trufflesecurity/trufflehog@main

Check warning

Code scanning / KICS

Unpinned Actions Full Length Commit SHA Warning

Action is not pinned to a full length commit SHA.
almadigabor
almadigabor approved these changes Oct 18, 2024
View reviewed changes
Copy link
Contributor

@almadigabor almadigabor left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@almadigabor almadigabor merged commit fb8374c into eclipse-tractusx:main Oct 18, 2024
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@almadigabor almadigabor almadigabor approved these changes

@obalandi obalandi Awaiting requested review from obalandi

Assignees

@almadigabor almadigabor

Labels
None yet
Projects
Knowledge Agent Kanban Board
Status: ✅ Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Trufflehog Update] Add Trufflehog secret scanning workflow
2 participants
@drcgjung @almadigabor