From f6d1eeb508f98995031bce7f68a7880f16c541ab Mon Sep 17 00:00:00 2001
From: Jaro Hartmann <jaro.hartmann@doubleslash.de>
Date: Wed, 10 Apr 2024 11:29:27 +0200
Subject: [PATCH 01/10] chore(deps):[#463] Bump io.minio:minio to 8.5.9

---
 irs-api/pom.xml          |  4 ----
 irs-common/pom.xml       |  4 ----
 irs-policy-store/pom.xml |  4 ----
 pom.xml                  | 18 +-----------------
 4 files changed, 1 insertion(+), 29 deletions(-)

diff --git a/irs-api/pom.xml b/irs-api/pom.xml
index 523462d8de..049bd3a511 100644
--- a/irs-api/pom.xml
+++ b/irs-api/pom.xml
@@ -46,10 +46,6 @@
             <groupId>io.minio</groupId>
             <artifactId>minio</artifactId>
         </dependency>
-        <dependency>
-            <groupId>org.xerial.snappy</groupId>
-            <artifactId>snappy-java</artifactId>
-        </dependency>
         <dependency>
             <groupId>com.squareup.okhttp3</groupId>
             <artifactId>okhttp</artifactId>
diff --git a/irs-common/pom.xml b/irs-common/pom.xml
index 3264382522..000443b682 100644
--- a/irs-common/pom.xml
+++ b/irs-common/pom.xml
@@ -67,10 +67,6 @@
             <groupId>io.minio</groupId>
             <artifactId>minio</artifactId>
         </dependency>
-        <dependency>
-            <groupId>org.xerial.snappy</groupId>
-            <artifactId>snappy-java</artifactId>
-        </dependency>
         <dependency>
             <groupId>com.squareup.okio</groupId>
             <artifactId>okio-jvm</artifactId>
diff --git a/irs-policy-store/pom.xml b/irs-policy-store/pom.xml
index ca68a217c8..d4f129367c 100644
--- a/irs-policy-store/pom.xml
+++ b/irs-policy-store/pom.xml
@@ -38,10 +38,6 @@
             <groupId>io.minio</groupId>
             <artifactId>minio</artifactId>
         </dependency>
-        <dependency>
-            <groupId>org.xerial.snappy</groupId>
-            <artifactId>snappy-java</artifactId>
-        </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-security</artifactId>
diff --git a/pom.xml b/pom.xml
index 899ad7b3bf..ea85514358 100644
--- a/pom.xml
+++ b/pom.xml
@@ -83,7 +83,7 @@
         <json-unit-assertj.version>2.36.1</json-unit-assertj.version>
         <gatling.version>3.9.5</gatling.version>
         <resilience4j.version>2.1.0</resilience4j.version>
-        <minio.version>8.5.6</minio.version>
+        <minio.version>8.5.9</minio.version>
         <rest-assured.version>5.4.0</rest-assured.version>
         <awaitility.version>4.2.0</awaitility.version>
         <jsonassert.version>1.5.1</jsonassert.version>
@@ -136,22 +136,6 @@
                 <groupId>io.minio</groupId>
                 <artifactId>minio</artifactId>
                 <version>${minio.version}</version>
-                <exclusions>
-                    <exclusion>
-                        <groupId>org.bouncycastle</groupId>
-                        <artifactId>bcprov-jdk15on</artifactId>
-                    </exclusion>
-                    <exclusion>
-                        <artifactId>snappy-java</artifactId>
-                        <groupId>org.xerial.snappy</groupId>
-                    </exclusion>
-                </exclusions>
-            </dependency>
-            <!-- Update snappy-java manually to avoid vulnerability CVE-2023-43642; can be removed after Minio updates their dependency -->
-            <dependency>
-                <groupId>org.xerial.snappy</groupId>
-                <artifactId>snappy-java</artifactId>
-                <version>${snappy-java.version}</version>
             </dependency>
         </dependencies>
     </dependencyManagement>

From 513b00b15eb766a821d4c5f1adc968998d546a31 Mon Sep 17 00:00:00 2001
From: Jaro Hartmann <jaro.hartmann@doubleslash.de>
Date: Wed, 10 Apr 2024 11:30:26 +0200
Subject: [PATCH 02/10] chore(deps):[#463] Manually update
 org.apache.commons:commons-compress to 1.26.1

---
 irs-testing/pom.xml | 12 ++++++++++++
 pom.xml             |  1 +
 2 files changed, 13 insertions(+)

diff --git a/irs-testing/pom.xml b/irs-testing/pom.xml
index 7370be9eca..1f6821218c 100644
--- a/irs-testing/pom.xml
+++ b/irs-testing/pom.xml
@@ -103,6 +103,18 @@
         <dependency>
             <groupId>org.testcontainers</groupId>
             <artifactId>testcontainers</artifactId>
+            <exclusions>
+                <exclusion>
+                    <artifactId>commons-compress</artifactId>
+                    <groupId>org.apache.commons</groupId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <!-- Update commons-compress manually to avoid vulnerability CVE-2024-26308, CVE-2024-25710; can be removed after testcontainers updates their dependency -->
+        <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-compress</artifactId>
+            <version>${commons-compress.version}</version>
         </dependency>
         <dependency>
             <groupId>org.testcontainers</groupId>
diff --git a/pom.xml b/pom.xml
index ea85514358..da33f6f13c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -123,6 +123,7 @@
         <maven-gpg-plugin.version>3.1.0</maven-gpg-plugin.version>
         <license-tool-plugin.version>1.1.0</license-tool-plugin.version>
         <snappy-java.version>1.1.10.5</snappy-java.version>
+        <commons-compress.version>1.26.1</commons-compress.version>
     </properties>
 
     <dependencyManagement>

From ae60c03e69d1442ed5a5742102e8217d3fb689fc Mon Sep 17 00:00:00 2001
From: Jaro Hartmann <jaro.hartmann@doubleslash.de>
Date: Wed, 10 Apr 2024 13:52:28 +0200
Subject: [PATCH 03/10] chore(deps):[#463] Update dependencies

---
 DEPENDENCIES | 81 ++++++++++++++++++++++++++++------------------------
 pom.xml      | 22 +++++++-------
 2 files changed, 55 insertions(+), 48 deletions(-)

diff --git a/DEPENDENCIES b/DEPENDENCIES
index 11b5ddd80f..4eafbb6309 100644
--- a/DEPENDENCIES
+++ b/DEPENDENCIES
@@ -11,15 +11,15 @@ maven/mavencentral/com.apicatalog/titanium-json-ld/1.3.2, Apache-2.0, approved,
 maven/mavencentral/com.carrotsearch.thirdparty/simple-xml-safe/2.7.1, Apache-2.0, approved, clearlydefined
 maven/mavencentral/com.damnhandy/handy-uri-templates/2.1.8, Apache-2.0, approved, clearlydefined
 maven/mavencentral/com.eatthepath/fast-uuid/0.2.0, MIT, approved, clearlydefined
-maven/mavencentral/com.fasterxml.jackson.core/jackson-annotations/2.15.2, Apache-2.0, approved, #7947
 maven/mavencentral/com.fasterxml.jackson.core/jackson-annotations/2.15.4, Apache-2.0, approved, #7947
-maven/mavencentral/com.fasterxml.jackson.core/jackson-core/2.15.2, MIT AND Apache-2.0, approved, #7932
+maven/mavencentral/com.fasterxml.jackson.core/jackson-annotations/2.16.1, Apache-2.0, approved, #11606
 maven/mavencentral/com.fasterxml.jackson.core/jackson-core/2.15.4, MIT AND Apache-2.0, approved, #7932
+maven/mavencentral/com.fasterxml.jackson.core/jackson-core/2.16.1, Apache-2.0 AND MIT, approved, #11602
 maven/mavencentral/com.fasterxml.jackson.core/jackson-databind/2.15.1, Apache-2.0, approved, #7934
-maven/mavencentral/com.fasterxml.jackson.core/jackson-databind/2.15.2, Apache-2.0, approved, #7934
 maven/mavencentral/com.fasterxml.jackson.core/jackson-databind/2.15.4, Apache-2.0, approved, #7934
-maven/mavencentral/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml/2.15.1, Apache-2.0, approved, #8802
+maven/mavencentral/com.fasterxml.jackson.core/jackson-databind/2.16.1, Apache-2.0, approved, #11605
 maven/mavencentral/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml/2.15.4, Apache-2.0, approved, #8802
+maven/mavencentral/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml/2.16.2, Apache-2.0, approved, #11855
 maven/mavencentral/com.fasterxml.jackson.datatype/jackson-datatype-jakarta-jsonp/2.15.2, Apache-2.0, approved, #9179
 maven/mavencentral/com.fasterxml.jackson.datatype/jackson-datatype-jakarta-jsonp/2.15.4, Apache-2.0, approved, #9179
 maven/mavencentral/com.fasterxml.jackson.datatype/jackson-datatype-jdk8/2.15.4, Apache-2.0, approved, #8808
@@ -30,19 +30,19 @@ maven/mavencentral/com.fasterxml.jackson.module/jackson-module-parameter-names/2
 maven/mavencentral/com.fasterxml/classmate/1.5.1, Apache-2.0, approved, clearlydefined
 maven/mavencentral/com.github.ben-manes.caffeine/caffeine/3.1.8, Apache-2.0, approved, clearlydefined
 maven/mavencentral/com.github.docker-java/docker-java-api/3.3.0, Apache-2.0, approved, #10346
-maven/mavencentral/com.github.docker-java/docker-java-api/3.3.3, Apache-2.0, approved, #10346
+maven/mavencentral/com.github.docker-java/docker-java-api/3.3.6, Apache-2.0, approved, #10346
 maven/mavencentral/com.github.docker-java/docker-java-transport-zerodep/3.3.0, Apache-2.0 AND (Apache-2.0 AND BSD-3-Clause), approved, #7946
-maven/mavencentral/com.github.docker-java/docker-java-transport-zerodep/3.3.3, Apache-2.0 AND (Apache-2.0 AND BSD-3-Clause), approved, #7946
+maven/mavencentral/com.github.docker-java/docker-java-transport-zerodep/3.3.6, Apache-2.0 AND (Apache-2.0 AND BSD-3-Clause), approved, #7946
 maven/mavencentral/com.github.docker-java/docker-java-transport/3.3.0, Apache-2.0, approved, #7942
-maven/mavencentral/com.github.docker-java/docker-java-transport/3.3.3, Apache-2.0, approved, #7942
+maven/mavencentral/com.github.docker-java/docker-java-transport/3.3.6, Apache-2.0, approved, #7942
 maven/mavencentral/com.github.mifmif/generex/1.0.2, Apache-2.0, approved, clearlydefined
 maven/mavencentral/com.github.scopt/scopt_2.13/3.7.1, MIT, approved, clearlydefined
 maven/mavencentral/com.github.stephenc.jcip/jcip-annotations/1.0-1, Apache-2.0, approved, CQ21949
 maven/mavencentral/com.google.code.findbugs/jsr305/3.0.2, Apache-2.0, approved, #20
-maven/mavencentral/com.google.errorprone/error_prone_annotations/2.18.0, Apache-2.0, approved, clearlydefined
 maven/mavencentral/com.google.errorprone/error_prone_annotations/2.21.1, Apache-2.0, approved, #9834
-maven/mavencentral/com.google.guava/failureaccess/1.0.1, Apache-2.0, approved, CQ22654
-maven/mavencentral/com.google.guava/guava/32.0.1-jre, Apache-2.0 AND CC0-1.0 AND CC-PDDC, approved, #8772
+maven/mavencentral/com.google.errorprone/error_prone_annotations/2.23.0, Apache-2.0, approved, #11083
+maven/mavencentral/com.google.guava/failureaccess/1.0.2, Apache-2.0, approved, CQ22654
+maven/mavencentral/com.google.guava/guava/33.0.0-jre, Apache-2.0 AND CC0-1.0, approved, #12173
 maven/mavencentral/com.google.guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava, Apache-2.0, approved, CQ22657
 maven/mavencentral/com.google.j2objc/j2objc-annotations/2.8, Apache-2.0, approved, clearlydefined
 maven/mavencentral/com.ibm.icu/icu4j/74.2, , approved, #11936
@@ -55,7 +55,9 @@ maven/mavencentral/com.softwaremill.quicklens/quicklens_2.13/1.9.3, Apache-2.0,
 maven/mavencentral/com.squareup.okhttp3/okhttp-dnsoverhttps/4.10.0, Apache-2.0, approved, clearlydefined
 maven/mavencentral/com.squareup.okhttp3/okhttp-dnsoverhttps/4.11.0, Apache-2.0, approved, clearlydefined
 maven/mavencentral/com.squareup.okhttp3/okhttp/4.10.0, Apache-2.0 AND MPL-2.0, approved, #3057
+maven/mavencentral/com.squareup.okhttp3/okhttp/4.12.0, Apache-2.0, approved, #11156
 maven/mavencentral/com.squareup.okio/okio-jvm/3.5.0, Apache-2.0, approved, #9851
+maven/mavencentral/com.squareup.okio/okio/3.6.0, Apache-2.0, approved, #11155
 maven/mavencentral/com.tdunning/t-digest/3.1, Apache-2.0, approved, clearlydefined
 maven/mavencentral/com.typesafe.akka/akka-actor_2.13/2.6.20, Apache-2.0, approved, clearlydefined
 maven/mavencentral/com.typesafe.akka/akka-slf4j_2.13/2.6.20, Apache-2.0, approved, clearlydefined
@@ -65,11 +67,14 @@ maven/mavencentral/com.vaadin.external.google/android-json/0.0.20131108.vaadin1,
 maven/mavencentral/com.vdurmont/semver4j/3.1.0, MIT, approved, clearlydefined
 maven/mavencentral/commons-beanutils/commons-beanutils/1.9.4, Apache-2.0, approved, CQ12654
 maven/mavencentral/commons-codec/commons-codec/1.15, Apache-2.0 AND BSD-3-Clause AND LicenseRef-Public-Domain, approved, CQ22641
+maven/mavencentral/commons-codec/commons-codec/1.16.1, Apache-2.0 AND (Apache-2.0 AND BSD-3-Clause), approved, #9157
 maven/mavencentral/commons-collections/commons-collections/3.2.2, Apache-2.0, approved, CQ10385
 maven/mavencentral/commons-digester/commons-digester/2.1, Apache-2.0, approved, clearlydefined
-maven/mavencentral/commons-io/commons-io/2.14.0, Apache-2.0, approved, #10768
+maven/mavencentral/commons-io/commons-io/2.15.1, Apache-2.0, approved, #11244
+maven/mavencentral/commons-io/commons-io/2.16.1, Apache-2.0, approved, #14190
 maven/mavencentral/commons-logging/commons-logging/1.2, Apache-2.0, approved, CQ10162
-maven/mavencentral/commons-validator/commons-validator/1.7, Apache-2.0, approved, clearlydefined
+maven/mavencentral/commons-logging/commons-logging/1.3.0, Apache-2.0, approved, #11783
+maven/mavencentral/commons-validator/commons-validator/1.8.0, Apache-2.0, approved, #11891
 maven/mavencentral/dev.failsafe/failsafe-okhttp/3.3.2, Apache-2.0, approved, #9178
 maven/mavencentral/dev.failsafe/failsafe/3.3.2, Apache-2.0, approved, #9268
 maven/mavencentral/dk.brics.automaton/automaton/1.11-8, BSD-2-Clause, approved, clearlydefined
@@ -129,7 +134,7 @@ maven/mavencentral/io.micrometer/micrometer-commons/1.11.10, Apache-2.0 AND (Apa
 maven/mavencentral/io.micrometer/micrometer-core/1.11.10, Apache-2.0 AND (Apache-2.0 AND MIT), approved, #9238
 maven/mavencentral/io.micrometer/micrometer-observation/1.11.10, Apache-2.0, approved, #9242
 maven/mavencentral/io.micrometer/micrometer-registry-prometheus/1.11.4, Apache-2.0, approved, #9805
-maven/mavencentral/io.minio/minio/8.5.6, Apache-2.0, approved, #9097
+maven/mavencentral/io.minio/minio/8.5.9, Apache-2.0, approved, #9097
 maven/mavencentral/io.netty.incubator/netty-incubator-transport-classes-io_uring/0.0.21.Final, Apache-2.0, approved, #9622
 maven/mavencentral/io.netty.incubator/netty-incubator-transport-native-io_uring/0.0.21.Final, GPL-2.0-only WITH Linux-syscall-note OR MIT AND Apache-2.0 AND MIT, approved, #9649
 maven/mavencentral/io.netty/netty-buffer/4.1.107.Final, Apache-2.0, approved, CQ21842
@@ -170,10 +175,10 @@ maven/mavencentral/io.rest-assured/rest-assured/5.4.0, Apache-2.0, approved, #12
 maven/mavencentral/io.rest-assured/xml-path/5.3.2, Apache-2.0, approved, #9267
 maven/mavencentral/io.rest-assured/xml-path/5.4.0, Apache-2.0, approved, #12038
 maven/mavencentral/io.suzaku/boopickle_2.13/1.3.3, Apache-2.0, approved, clearlydefined
-maven/mavencentral/io.swagger.core.v3/swagger-annotations-jakarta/2.2.15, Apache-2.0, approved, #5947
-maven/mavencentral/io.swagger.core.v3/swagger-annotations/2.2.16, Apache-2.0, approved, #11362
-maven/mavencentral/io.swagger.core.v3/swagger-core-jakarta/2.2.15, Apache-2.0, approved, #5929
-maven/mavencentral/io.swagger.core.v3/swagger-models-jakarta/2.2.15, Apache-2.0, approved, #5919
+maven/mavencentral/io.swagger.core.v3/swagger-annotations-jakarta/2.2.21, Apache-2.0, approved, #5947
+maven/mavencentral/io.swagger.core.v3/swagger-annotations/2.2.18, Apache-2.0, approved, #11362
+maven/mavencentral/io.swagger.core.v3/swagger-core-jakarta/2.2.21, Apache-2.0, approved, #5929
+maven/mavencentral/io.swagger.core.v3/swagger-models-jakarta/2.2.21, Apache-2.0, approved, #5919
 maven/mavencentral/jakarta.activation/jakarta.activation-api/2.1.3, EPL-2.0 OR BSD-3-Clause OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jaf
 maven/mavencentral/jakarta.annotation/jakarta.annotation-api/2.1.1, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.ca
 maven/mavencentral/jakarta.inject/jakarta.inject-api/2.0.1, Apache-2.0, approved, ee4j.cdi
@@ -191,22 +196,24 @@ maven/mavencentral/net.bytebuddy/byte-buddy-agent/1.14.12, Apache-2.0, approved,
 maven/mavencentral/net.bytebuddy/byte-buddy-agent/1.14.4, Apache-2.0, approved, #7164
 maven/mavencentral/net.bytebuddy/byte-buddy/1.12.21, Apache-2.0 AND BSD-3-Clause, approved, #1811
 maven/mavencentral/net.bytebuddy/byte-buddy/1.14.12, Apache-2.0 AND BSD-3-Clause, approved, #7163
-maven/mavencentral/net.datafaker/datafaker/1.9.0, Apache-2.0, approved, #8797
+maven/mavencentral/net.datafaker/datafaker/2.1.0, , restricted, clearlydefined
 maven/mavencentral/net.debasishg/redisclient_2.13/3.42, Apache-2.0, approved, clearlydefined
 maven/mavencentral/net.java.dev.jna/jna/5.12.1, Apache-2.0 OR LGPL-2.1-or-later, approved, #3217
-maven/mavencentral/net.javacrumbs.json-unit/json-unit-assertj/2.36.1, Apache-2.0, approved, clearlydefined
-maven/mavencentral/net.javacrumbs.json-unit/json-unit-core/2.36.1, Apache-2.0, approved, clearlydefined
-maven/mavencentral/net.javacrumbs.json-unit/json-unit-json-path/2.36.1, Apache-2.0, approved, clearlydefined
+maven/mavencentral/net.java.dev.jna/jna/5.13.0, Apache-2.0 AND LGPL-2.1-or-later, approved, #6709
+maven/mavencentral/net.javacrumbs.json-unit/json-unit-assertj/3.2.7, Apache-2.0, approved, clearlydefined
+maven/mavencentral/net.javacrumbs.json-unit/json-unit-core/3.2.7, Apache-2.0, approved, clearlydefined
+maven/mavencentral/net.javacrumbs.json-unit/json-unit-json-path/3.2.7, Apache-2.0, approved, clearlydefined
 maven/mavencentral/net.jimblackler.jsonschemafriend/core/0.12.4, Apache-2.0, approved, #10911
 maven/mavencentral/net.jimblackler.jsonschemafriend/extra/0.12.4, Apache-2.0, approved, #10910
 maven/mavencentral/net.jimblackler/jsonschemafriend/0.12.4, Apache-2.0, approved, #10912
 maven/mavencentral/net.jodah/typetools/0.6.3, Apache-2.0, approved, clearlydefined
 maven/mavencentral/net.minidev/accessors-smart/2.4.11, Apache-2.0, approved, #7515
-maven/mavencentral/net.minidev/accessors-smart/2.4.9, Apache-2.0, approved, #7515
-maven/mavencentral/net.minidev/json-smart/2.4.10, Apache-2.0, approved, #3288
+maven/mavencentral/net.minidev/accessors-smart/2.5.1, Apache-2.0, approved, clearlydefined
 maven/mavencentral/net.minidev/json-smart/2.4.11, Apache-2.0, approved, #3288
+maven/mavencentral/net.minidev/json-smart/2.5.1, Apache-2.0, approved, clearlydefined
 maven/mavencentral/net.sf.saxon/Saxon-HE/10.6, MPL-2.0 AND W3C, approved, #7945
-maven/mavencentral/org.apache.commons/commons-compress/1.24.0, Apache-2.0 AND BSD-3-Clause AND bzip2-1.0.6 AND LicenseRef-Public-Domain, approved, #10368
+maven/mavencentral/org.apache.commons/commons-compress/1.26.0, Apache-2.0 AND (Apache-2.0 AND BSD-3-Clause), approved, #13288
+maven/mavencentral/org.apache.commons/commons-compress/1.26.1, Apache-2.0 AND (Apache-2.0 AND BSD-3-Clause), approved, #13288
 maven/mavencentral/org.apache.commons/commons-lang3/3.12.0, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.apache.commons/commons-pool2/2.11.1, Apache-2.0, approved, CQ23795
 maven/mavencentral/org.apache.groovy/groovy-json/4.0.20, Apache-2.0, approved, #7411
@@ -228,12 +235,12 @@ maven/mavencentral/org.aspectj/aspectjweaver/1.9.21, Apache-2.0 AND BSD-3-Clause
 maven/mavencentral/org.assertj/assertj-core/3.24.2, Apache-2.0, approved, #6161
 maven/mavencentral/org.awaitility/awaitility/4.2.0, Apache-2.0, approved, #14178
 maven/mavencentral/org.bouncycastle/bcpkix-jdk18on/1.76, MIT, approved, #9825
-maven/mavencentral/org.bouncycastle/bcprov-jdk18on/1.74, MIT AND CC0-1.0, approved, #9091
 maven/mavencentral/org.bouncycastle/bcprov-jdk18on/1.76, MIT AND CC0-1.0, approved, #9827
+maven/mavencentral/org.bouncycastle/bcprov-jdk18on/1.77, MIT AND CC0-1.0, approved, #11595
 maven/mavencentral/org.bouncycastle/bcutil-jdk18on/1.76, MIT, approved, #9828
 maven/mavencentral/org.ccil.cowan.tagsoup/tagsoup/1.2.1, Apache-2.0, approved, clearlydefined
-maven/mavencentral/org.checkerframework/checker-qual/3.33.0, MIT, approved, clearlydefined
 maven/mavencentral/org.checkerframework/checker-qual/3.37.0, MIT, approved, clearlydefined
+maven/mavencentral/org.checkerframework/checker-qual/3.41.0, MIT, approved, #12032
 maven/mavencentral/org.eclipse.edc/aggregate-service-spi/0.2.1, Apache-2.0, approved, technology.edc
 maven/mavencentral/org.eclipse.edc/asset-spi/0.2.1, Apache-2.0, approved, technology.edc
 maven/mavencentral/org.eclipse.edc/catalog-spi/0.2.1, Apache-2.0, approved, technology.edc
@@ -371,11 +378,11 @@ maven/mavencentral/org.jboss.logging/jboss-logging/3.4.3.Final, Apache-2.0, appr
 maven/mavencentral/org.jboss.logging/jboss-logging/3.5.3.Final, Apache-2.0, approved, #9471
 maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-common/1.8.22, Apache-2.0, approved, #8910
 maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-common/1.9.0, Apache-2.0, approved, #14186
+maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-jdk7/1.8.21, Apache-2.0, approved, #8807
 maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-jdk7/1.8.22, Apache-2.0, approved, #8807
-maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-jdk7/1.9.0, Apache-2.0, approved, #14193
+maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-jdk8/1.8.21, Apache-2.0, approved, #8919
 maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-jdk8/1.8.22, Apache-2.0, approved, #8875
-maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-jdk8/1.9.0, Apache-2.0, approved, #14191
-maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib/1.6.20, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib/1.8.21, Apache-2.0, approved, #8865
 maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib/1.8.22, Apache-2.0, approved, #8865
 maven/mavencentral/org.jetbrains/annotations/13.0, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.jetbrains/annotations/17.0.0, Apache-2.0, approved, clearlydefined
@@ -384,7 +391,7 @@ maven/mavencentral/org.jodd/jodd-lagarto/6.0.6, BSD-2-Clause, approved, clearlyd
 maven/mavencentral/org.jodd/jodd-util/6.1.0, BSD-2-Clause, approved, clearlydefined
 maven/mavencentral/org.jruby.jcodings/jcodings/1.0.58, MIT, approved, CQ10635
 maven/mavencentral/org.jruby.joni/joni/2.2.1, MIT, approved, #8771
-maven/mavencentral/org.jsoup/jsoup/1.16.1, MIT, approved, #8462
+maven/mavencentral/org.jsoup/jsoup/1.17.2, MIT AND Apache-2.0, approved, #11785
 maven/mavencentral/org.junit.jupiter/junit-jupiter-api/5.9.2, EPL-2.0, approved, #3133
 maven/mavencentral/org.junit.jupiter/junit-jupiter-api/5.9.3, EPL-2.0, approved, #3133
 maven/mavencentral/org.junit.jupiter/junit-jupiter-engine/5.9.2, EPL-2.0, approved, #3125
@@ -423,9 +430,9 @@ maven/mavencentral/org.simpleflatmapper/sfm-util/8.2.3, MIT, approved, clearlyde
 maven/mavencentral/org.skyscreamer/jsonassert/1.5.1, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.slf4j/jul-to-slf4j/2.0.12, MIT, approved, #7698
 maven/mavencentral/org.slf4j/slf4j-api/2.0.12, MIT, approved, #5915
-maven/mavencentral/org.springdoc/springdoc-openapi-starter-common/2.2.0, Apache-2.0, approved, clearlydefined
-maven/mavencentral/org.springdoc/springdoc-openapi-starter-webmvc-api/2.2.0, Apache-2.0, approved, clearlydefined
-maven/mavencentral/org.springdoc/springdoc-openapi-starter-webmvc-ui/2.2.0, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.springdoc/springdoc-openapi-starter-common/2.5.0, , restricted, clearlydefined
+maven/mavencentral/org.springdoc/springdoc-openapi-starter-webmvc-api/2.5.0, , restricted, clearlydefined
+maven/mavencentral/org.springdoc/springdoc-openapi-starter-webmvc-ui/2.5.0, , restricted, clearlydefined
 maven/mavencentral/org.springframework.boot/spring-boot-actuator-autoconfigure/3.1.10, Apache-2.0, approved, #9348
 maven/mavencentral/org.springframework.boot/spring-boot-actuator/3.1.10, Apache-2.0, approved, #9342
 maven/mavencentral/org.springframework.boot/spring-boot-autoconfigure/3.1.10, Apache-2.0, approved, #9341
@@ -465,13 +472,13 @@ maven/mavencentral/org.springframework/spring-test/6.0.18, Apache-2.0, approved,
 maven/mavencentral/org.springframework/spring-web/6.0.18, Apache-2.0, approved, #5942
 maven/mavencentral/org.springframework/spring-webmvc/6.0.18, Apache-2.0, approved, #5944
 maven/mavencentral/org.testcontainers/junit-jupiter/1.18.3, MIT, approved, #7941
-maven/mavencentral/org.testcontainers/junit-jupiter/1.19.1, MIT, approved, #10344
+maven/mavencentral/org.testcontainers/junit-jupiter/1.19.7, MIT, approved, #10344
 maven/mavencentral/org.testcontainers/testcontainers/1.18.3, MIT, approved, #7938
-maven/mavencentral/org.testcontainers/testcontainers/1.19.1, Apache-2.0 AND MIT, approved, #10347
+maven/mavencentral/org.testcontainers/testcontainers/1.19.7, Apache-2.0 AND MIT, approved, #10347
 maven/mavencentral/org.typelevel/spire-macros_2.13/0.17.0, MIT, approved, clearlydefined
 maven/mavencentral/org.unbescape/unbescape/1.1.6.RELEASE, Apache-2.0, approved, CQ18904
-maven/mavencentral/org.webjars/swagger-ui/5.2.0, Apache-2.0, approved, #10221
-maven/mavencentral/org.wiremock/wiremock-standalone/3.3.1, MIT AND Apache-2.0, approved, #12941
+maven/mavencentral/org.webjars/swagger-ui/5.13.0, , restricted, clearlydefined
+maven/mavencentral/org.wiremock/wiremock-standalone/3.5.2, , restricted, clearlydefined
 maven/mavencentral/org.xerial.snappy/snappy-java/1.1.10.5, Apache-2.0 AND (Apache-2.0 AND BSD-3-Clause), approved, #9098
 maven/mavencentral/org.xmlunit/xmlunit-core/2.9.1, Apache-2.0, approved, #6272
 maven/mavencentral/org.yaml/snakeyaml/1.33, Apache-2.0, approved, clearlydefined
diff --git a/pom.xml b/pom.xml
index da33f6f13c..80dddafb21 100644
--- a/pom.xml
+++ b/pom.xml
@@ -77,10 +77,10 @@
 
         <!-- Dependencies -->
         <springboot.version>3.1.10</springboot.version>
-        <springdoc.version>2.2.0</springdoc.version>
+        <springdoc.version>2.5.0</springdoc.version>
         <micrometer.version>1.11.4</micrometer.version>
-        <datafaker.version>1.9.0</datafaker.version>
-        <json-unit-assertj.version>2.36.1</json-unit-assertj.version>
+        <datafaker.version>2.1.0</datafaker.version>
+        <json-unit-assertj.version>3.2.7</json-unit-assertj.version>
         <gatling.version>3.9.5</gatling.version>
         <resilience4j.version>2.1.0</resilience4j.version>
         <minio.version>8.5.9</minio.version>
@@ -90,21 +90,21 @@
         <junit-bom.version>5.9.2</junit-bom.version>
         <cucumber-bom.version>7.11.1</cucumber-bom.version>
         <snakeyaml.version>2.0</snakeyaml.version>
-        <commons-validator.version>1.7</commons-validator.version>
-        <swagger-annotations.version>2.2.16</swagger-annotations.version>
+        <commons-validator.version>1.8.0</commons-validator.version>
+        <swagger-annotations.version>2.2.18</swagger-annotations.version>
         <edc.version>0.2.1</edc.version>
         <okio-jvm.version>3.5.0</okio-jvm.version>
         <bc-jdk18on.version>1.76</bc-jdk18on.version>
-        <wiremock-standalone.version>3.3.1</wiremock-standalone.version>
-        <jsoup.version>1.16.1</jsoup.version>
+        <wiremock-standalone.version>3.5.2</wiremock-standalone.version>
+        <jsoup.version>1.17.2</jsoup.version>
         <jsonschemafriend.version>0.12.4</jsonschemafriend.version>
-        <commons-io.version>2.14.0</commons-io.version>
+        <commons-io.version>2.16.1</commons-io.version>
         <commons-lang3.version>3.12.0</commons-lang3.version>
-        <okhttp.version>4.10.0</okhttp.version>
+        <okhttp.version>4.12.0</okhttp.version>
         <jackson-databind.version>2.15.1</jackson-databind.version>
         <junit-jupiter-engine.version>5.9.2</junit-jupiter-engine.version>
-        <json-smart.version>2.4.10</json-smart.version>
-        <testcontainers-bom.version>1.19.1</testcontainers-bom.version>
+        <json-smart.version>2.5.1</json-smart.version>
+        <testcontainers-bom.version>1.19.7</testcontainers-bom.version>
 
         <!-- Plugins -->
         <findsecbugs-plugin.version>1.12.0</findsecbugs-plugin.version>

From 0a24a51596dbec4192a83a2b8af24bec6f5135ce Mon Sep 17 00:00:00 2001
From: Jaro Hartmann <jaro.hartmann@doubleslash.de>
Date: Wed, 10 Apr 2024 14:24:19 +0200
Subject: [PATCH 04/10] chore(deps):[#463] Revert dependency update

---
 pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index 80dddafb21..c65ebb9902 100644
--- a/pom.xml
+++ b/pom.xml
@@ -77,9 +77,9 @@
 
         <!-- Dependencies -->
         <springboot.version>3.1.10</springboot.version>
-        <springdoc.version>2.5.0</springdoc.version>
+        <springdoc.version>2.2.0</springdoc.version>
         <micrometer.version>1.11.4</micrometer.version>
-        <datafaker.version>2.1.0</datafaker.version>
+        <datafaker.version>1.9.0</datafaker.version>
         <json-unit-assertj.version>3.2.7</json-unit-assertj.version>
         <gatling.version>3.9.5</gatling.version>
         <resilience4j.version>2.1.0</resilience4j.version>

From 736b8e63e4805120858af84fd136880d9652f062 Mon Sep 17 00:00:00 2001
From: Jaro Hartmann <jaro.hartmann@doubleslash.de>
Date: Wed, 10 Apr 2024 14:25:19 +0200
Subject: [PATCH 05/10] chore(deps):[#463] Manually update nimbus-jose-jwt to
 fix CVE

---
 DEPENDENCIES    | 22 +++++++++++-----------
 irs-api/pom.xml | 10 ++++++++++
 2 files changed, 21 insertions(+), 11 deletions(-)

diff --git a/DEPENDENCIES b/DEPENDENCIES
index 4eafbb6309..8fd1e3d811 100644
--- a/DEPENDENCIES
+++ b/DEPENDENCIES
@@ -18,8 +18,8 @@ maven/mavencentral/com.fasterxml.jackson.core/jackson-core/2.16.1, Apache-2.0 AN
 maven/mavencentral/com.fasterxml.jackson.core/jackson-databind/2.15.1, Apache-2.0, approved, #7934
 maven/mavencentral/com.fasterxml.jackson.core/jackson-databind/2.15.4, Apache-2.0, approved, #7934
 maven/mavencentral/com.fasterxml.jackson.core/jackson-databind/2.16.1, Apache-2.0, approved, #11605
+maven/mavencentral/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml/2.15.1, Apache-2.0, approved, #8802
 maven/mavencentral/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml/2.15.4, Apache-2.0, approved, #8802
-maven/mavencentral/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml/2.16.2, Apache-2.0, approved, #11855
 maven/mavencentral/com.fasterxml.jackson.datatype/jackson-datatype-jakarta-jsonp/2.15.2, Apache-2.0, approved, #9179
 maven/mavencentral/com.fasterxml.jackson.datatype/jackson-datatype-jakarta-jsonp/2.15.4, Apache-2.0, approved, #9179
 maven/mavencentral/com.fasterxml.jackson.datatype/jackson-datatype-jdk8/2.15.4, Apache-2.0, approved, #8808
@@ -49,7 +49,7 @@ maven/mavencentral/com.ibm.icu/icu4j/74.2, , approved, #11936
 maven/mavencentral/com.jayway.jsonpath/json-path/2.9.0, Apache-2.0, approved, clearlydefined
 maven/mavencentral/com.nimbusds/content-type/2.2, Apache-2.0, approved, clearlydefined
 maven/mavencentral/com.nimbusds/lang-tag/1.7, Apache-2.0, approved, clearlydefined
-maven/mavencentral/com.nimbusds/nimbus-jose-jwt/9.24.4, Apache-2.0, approved, clearlydefined
+maven/mavencentral/com.nimbusds/nimbus-jose-jwt/9.37.3, Apache-2.0, approved, #11701
 maven/mavencentral/com.nimbusds/oauth2-oidc-sdk/9.43.3, Apache-2.0, approved, clearlydefined
 maven/mavencentral/com.softwaremill.quicklens/quicklens_2.13/1.9.3, Apache-2.0, approved, #9635
 maven/mavencentral/com.squareup.okhttp3/okhttp-dnsoverhttps/4.10.0, Apache-2.0, approved, clearlydefined
@@ -175,10 +175,10 @@ maven/mavencentral/io.rest-assured/rest-assured/5.4.0, Apache-2.0, approved, #12
 maven/mavencentral/io.rest-assured/xml-path/5.3.2, Apache-2.0, approved, #9267
 maven/mavencentral/io.rest-assured/xml-path/5.4.0, Apache-2.0, approved, #12038
 maven/mavencentral/io.suzaku/boopickle_2.13/1.3.3, Apache-2.0, approved, clearlydefined
-maven/mavencentral/io.swagger.core.v3/swagger-annotations-jakarta/2.2.21, Apache-2.0, approved, #5947
+maven/mavencentral/io.swagger.core.v3/swagger-annotations-jakarta/2.2.15, Apache-2.0, approved, #5947
 maven/mavencentral/io.swagger.core.v3/swagger-annotations/2.2.18, Apache-2.0, approved, #11362
-maven/mavencentral/io.swagger.core.v3/swagger-core-jakarta/2.2.21, Apache-2.0, approved, #5929
-maven/mavencentral/io.swagger.core.v3/swagger-models-jakarta/2.2.21, Apache-2.0, approved, #5919
+maven/mavencentral/io.swagger.core.v3/swagger-core-jakarta/2.2.15, Apache-2.0, approved, #5929
+maven/mavencentral/io.swagger.core.v3/swagger-models-jakarta/2.2.15, Apache-2.0, approved, #5919
 maven/mavencentral/jakarta.activation/jakarta.activation-api/2.1.3, EPL-2.0 OR BSD-3-Clause OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jaf
 maven/mavencentral/jakarta.annotation/jakarta.annotation-api/2.1.1, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.ca
 maven/mavencentral/jakarta.inject/jakarta.inject-api/2.0.1, Apache-2.0, approved, ee4j.cdi
@@ -196,7 +196,7 @@ maven/mavencentral/net.bytebuddy/byte-buddy-agent/1.14.12, Apache-2.0, approved,
 maven/mavencentral/net.bytebuddy/byte-buddy-agent/1.14.4, Apache-2.0, approved, #7164
 maven/mavencentral/net.bytebuddy/byte-buddy/1.12.21, Apache-2.0 AND BSD-3-Clause, approved, #1811
 maven/mavencentral/net.bytebuddy/byte-buddy/1.14.12, Apache-2.0 AND BSD-3-Clause, approved, #7163
-maven/mavencentral/net.datafaker/datafaker/2.1.0, , restricted, clearlydefined
+maven/mavencentral/net.datafaker/datafaker/1.9.0, Apache-2.0, approved, #8797
 maven/mavencentral/net.debasishg/redisclient_2.13/3.42, Apache-2.0, approved, clearlydefined
 maven/mavencentral/net.java.dev.jna/jna/5.12.1, Apache-2.0 OR LGPL-2.1-or-later, approved, #3217
 maven/mavencentral/net.java.dev.jna/jna/5.13.0, Apache-2.0 AND LGPL-2.1-or-later, approved, #6709
@@ -430,9 +430,9 @@ maven/mavencentral/org.simpleflatmapper/sfm-util/8.2.3, MIT, approved, clearlyde
 maven/mavencentral/org.skyscreamer/jsonassert/1.5.1, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.slf4j/jul-to-slf4j/2.0.12, MIT, approved, #7698
 maven/mavencentral/org.slf4j/slf4j-api/2.0.12, MIT, approved, #5915
-maven/mavencentral/org.springdoc/springdoc-openapi-starter-common/2.5.0, , restricted, clearlydefined
-maven/mavencentral/org.springdoc/springdoc-openapi-starter-webmvc-api/2.5.0, , restricted, clearlydefined
-maven/mavencentral/org.springdoc/springdoc-openapi-starter-webmvc-ui/2.5.0, , restricted, clearlydefined
+maven/mavencentral/org.springdoc/springdoc-openapi-starter-common/2.2.0, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.springdoc/springdoc-openapi-starter-webmvc-api/2.2.0, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.springdoc/springdoc-openapi-starter-webmvc-ui/2.2.0, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.springframework.boot/spring-boot-actuator-autoconfigure/3.1.10, Apache-2.0, approved, #9348
 maven/mavencentral/org.springframework.boot/spring-boot-actuator/3.1.10, Apache-2.0, approved, #9342
 maven/mavencentral/org.springframework.boot/spring-boot-autoconfigure/3.1.10, Apache-2.0, approved, #9341
@@ -477,8 +477,8 @@ maven/mavencentral/org.testcontainers/testcontainers/1.18.3, MIT, approved, #793
 maven/mavencentral/org.testcontainers/testcontainers/1.19.7, Apache-2.0 AND MIT, approved, #10347
 maven/mavencentral/org.typelevel/spire-macros_2.13/0.17.0, MIT, approved, clearlydefined
 maven/mavencentral/org.unbescape/unbescape/1.1.6.RELEASE, Apache-2.0, approved, CQ18904
-maven/mavencentral/org.webjars/swagger-ui/5.13.0, , restricted, clearlydefined
-maven/mavencentral/org.wiremock/wiremock-standalone/3.5.2, , restricted, clearlydefined
+maven/mavencentral/org.webjars/swagger-ui/5.2.0, Apache-2.0, approved, #10221
+maven/mavencentral/org.wiremock/wiremock-standalone/3.5.2, MIT AND Apache-2.0, approved, #14258
 maven/mavencentral/org.xerial.snappy/snappy-java/1.1.10.5, Apache-2.0 AND (Apache-2.0 AND BSD-3-Clause), approved, #9098
 maven/mavencentral/org.xmlunit/xmlunit-core/2.9.1, Apache-2.0, approved, #6272
 maven/mavencentral/org.yaml/snakeyaml/1.33, Apache-2.0, approved, clearlydefined
diff --git a/irs-api/pom.xml b/irs-api/pom.xml
index 049bd3a511..f5fc91b2b0 100644
--- a/irs-api/pom.xml
+++ b/irs-api/pom.xml
@@ -96,8 +96,18 @@
                     <artifactId>json-smart</artifactId>
                     <groupId>net.minidev</groupId>
                 </exclusion>
+                <exclusion>
+                    <artifactId>nimbus-jose-jwt</artifactId>
+                    <groupId>com.nimbusds</groupId>
+                </exclusion>
             </exclusions>
         </dependency>
+        <!-- Update nimbus-jose-jwt manually to avoid vulnerability CVE-2023-52428; can be removed after Spring updates their dependency -->
+        <dependency>
+            <groupId>com.nimbusds</groupId>
+            <artifactId>nimbus-jose-jwt</artifactId>
+            <version>9.37.3</version>
+        </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-security</artifactId>

From d60149045203650c8eadb005e50bc4667bd0a2d2 Mon Sep 17 00:00:00 2001
From: Jaro Hartmann <jaro.hartmann@doubleslash.de>
Date: Wed, 10 Apr 2024 14:35:13 +0200
Subject: [PATCH 06/10] chore(ci):[#463] Fix quality check scan issue

---
 Dockerfile | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index ad62273994..f795367e8e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -51,14 +51,11 @@ RUN --mount=type=cache,target=/root/.m2 mvn -B clean package -pl :$BUILD_TARGET
 # Copy the jar and build image
 FROM eclipse-temurin:17-jre-alpine AS irs-api
 
-ARG UID=10000
-ARG GID=3000
-
 WORKDIR /app
 
 COPY --chmod=755 --from=maven /build/irs-api/target/irs-api-*-exec.jar app.jar
 
-USER ${UID}:${GID}
+USER 10000:3000
 
 ENTRYPOINT ["java", "-Djava.util.logging.config.file=./logging.properties", "-jar", "app.jar"]
 

From e55f33efde5094c53784646dc6df78632bcec2da Mon Sep 17 00:00:00 2001
From: Jaro Hartmann <jaro.hartmann@doubleslash.de>
Date: Wed, 10 Apr 2024 14:36:48 +0200
Subject: [PATCH 07/10] chore(workflows):[#463] Cleanup trivyignore

---
 .config/.trivyignore | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.config/.trivyignore b/.config/.trivyignore
index 9102906970..3f8a9914b4 100644
--- a/.config/.trivyignore
+++ b/.config/.trivyignore
@@ -1,8 +1,8 @@
 # Only relevant if UNWRAP_SINGLE_VALUE_ARRAYS is activated, which is not the case here.
-CVE-2022-42003
+#CVE-2022-42003
 
 # HttpInvokerServiceExporter is not loaded as a bean in the IRS.
-CVE-2016-1000027
+#CVE-2016-1000027
 
 # Vulnerability method not in IRS codebase (Files.createTempDir from guava). https://github.com/google/guava/issues/2575
-CVE-2023-2976
\ No newline at end of file
+#CVE-2023-2976

From 7f748b83fa373363e165ee461df107e903d347b2 Mon Sep 17 00:00:00 2001
From: Jaro Hartmann <jaro.hartmann@doubleslash.de>
Date: Wed, 10 Apr 2024 14:41:00 +0200
Subject: [PATCH 08/10] chore(workflows):[#463] Cleanup trivyignore

---
 .github/workflows/trivy-image-scan.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/trivy-image-scan.yml b/.github/workflows/trivy-image-scan.yml
index 0acd9c7e1a..28cc0e7678 100644
--- a/.github/workflows/trivy-image-scan.yml
+++ b/.github/workflows/trivy-image-scan.yml
@@ -60,6 +60,7 @@ jobs:
           output: "trivy-results2.sarif"
           exit-code: "1"
           severity: "CRITICAL,HIGH"
+          hide-progress: false
           trivyignores: .config/.trivyignore
 
       - name: Upload Trivy scan results to GitHub Security tab

From 969dbaf8134c93b20345353bfc0dbf2c16180113 Mon Sep 17 00:00:00 2001
From: Jaro Hartmann <jaro.hartmann@doubleslash.de>
Date: Wed, 10 Apr 2024 14:44:32 +0200
Subject: [PATCH 09/10] chore(workflows):[#463] Cleanup trivyignore

---
 .config/.trivyignore | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/.config/.trivyignore b/.config/.trivyignore
index 3f8a9914b4..e69de29bb2 100644
--- a/.config/.trivyignore
+++ b/.config/.trivyignore
@@ -1,8 +0,0 @@
-# Only relevant if UNWRAP_SINGLE_VALUE_ARRAYS is activated, which is not the case here.
-#CVE-2022-42003
-
-# HttpInvokerServiceExporter is not loaded as a bean in the IRS.
-#CVE-2016-1000027
-
-# Vulnerability method not in IRS codebase (Files.createTempDir from guava). https://github.com/google/guava/issues/2575
-#CVE-2023-2976

From d4977cd822ef1b904e118c4bfe6d2a4ef745335e Mon Sep 17 00:00:00 2001
From: Jaro Hartmann <jaro.hartmann@doubleslash.de>
Date: Wed, 10 Apr 2024 14:56:00 +0200
Subject: [PATCH 10/10] chore(workflows):[#463] Cleanup trivyignore

---
 .github/workflows/trivy-image-scan.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/trivy-image-scan.yml b/.github/workflows/trivy-image-scan.yml
index 28cc0e7678..0acd9c7e1a 100644
--- a/.github/workflows/trivy-image-scan.yml
+++ b/.github/workflows/trivy-image-scan.yml
@@ -60,7 +60,6 @@ jobs:
           output: "trivy-results2.sarif"
           exit-code: "1"
           severity: "CRITICAL,HIGH"
-          hide-progress: false
           trivyignores: .config/.trivyignore
 
       - name: Upload Trivy scan results to GitHub Security tab