Skip to content

Commit

Permalink
Merge pull request #168 from adityagajbhiye9/release-24-08
Browse files Browse the repository at this point in the history 
chore dependabot issues fixes.
  • Loading branch information
@almadigabor
almadigabor authored Jul 30, 2024
2 parents bbcc3f0 + 60d152b commit 643422d
Show file tree
Hide file tree
Showing 5 changed files with 11 additions and 5 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/dependencies.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ jobs:
if: steps.dependencies-changed.outputs.changed == 'true'

- name: Upload DEPENDENCIES file
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
path: DEPENDENCIES
if: steps.dependencies-changed.outputs.changed == 'true'
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/trivy-scan.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ jobs:

steps:
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.20.0
uses: aquasecurity/trivy-action@0.24.0

Check warning on line 46 in .github/workflows/trivy-scan.yml

View workflow job for this annotation

GitHub Actions / Analyze

[LOW] Unpinned Actions Full Length Commit SHA 

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
with:
image-ref: "tractusx/managed-simple-data-exchanger-frontend:latest" # Pull image from Docker Hub and run Trivy vulnerability scanner
format: "sarif"
Expand Down
8 changes: 7 additions & 1 deletion CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,11 @@
# Changelog

New features, fixed bugs, known defects and other noteworthy changes to each release of the Simple Data Exchanger Frontend.

## [2.4.2] - 2024-07-30
- dependabot issues fix for release 24.08.
- docker build image updated to latest.

## [2.4.1] - 2024-05-24
- Bumped version for release 24.05 to match with backend version .

Expand Down Expand Up @@ -270,7 +275,8 @@ New features, fixed bugs, known defects and other noteworthy changes to each rel
- Compliance with Catena-X Guidelines
- Integration with Digital Twin registry service.

[unreleased]: https://github.com/eclipse-tractusx/managed-simple-data-exchanger-frontend/compare/v2.4.1...main
[unreleased]: https://github.com/eclipse-tractusx/managed-simple-data-exchanger-frontend/compare/v2.4.2...main
[2.4.2]: https://github.com/eclipse-tractusx/managed-simple-data-exchanger-frontend/compare/v2.4.1...v2.4.2
[2.4.1]: https://github.com/eclipse-tractusx/managed-simple-data-exchanger-frontend/compare/v2.4.0...v2.4.1
[2.4.0]: https://github.com/eclipse-tractusx/managed-simple-data-exchanger-frontend/compare/v2.3.7...v2.3.8
[2.3.7]: https://github.com/eclipse-tractusx/managed-simple-data-exchanger-frontend/compare/v2.3.6...v2.3.7
Expand Down
2 changes: 1 addition & 1 deletion Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@
# SPDX-License-Identifier: Apache-2.0
################################################################################
# => Build container
FROM node:18.19.0-alpine3.18 as builder
FROM node:18.20.4-alpine3.20 as builder

WORKDIR /app

Expand Down
2 changes: 1 addition & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "managed-simple-data-exchanger-frontend",
"version": "2.4.1",
"version": "2.4.2",
"description": "Managed Simple Data Exchanger Frontend",
"license": "Apache-2.0",
"type": "module",
Expand Down

0 comments on commit 643422d

Please sign in to comment.