Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump dependencies to resolve Dependabot alerts #788

Merged
merged 5 commits into from
Aug 22, 2024
Merged

Bump dependencies to resolve Dependabot alerts #788

merged 5 commits into from
Aug 22, 2024

Conversation

jeohist
Copy link
Contributor

@jeohist jeohist commented Aug 18, 2024
edited
Loading

Security updates:

  • Update Python to 3.10.14
  • Update certifi to 2024.7.4 (drops GlobalTrust)
  • Update urllib3 to 2.2.2

Minor updates:

  • Update pip-tools to 7.4.1
  • Update pip to 24.2
  • Update Java 11 to 11.0.23
  • Update Java 21 to 21.0.3

Pipeline updates:

  • Use maintained GitHub Actions for our release process
  • Use proper Mendix CDN location for Python

jeohist and others added 5 commits August 21, 2024 09:37
@jeohist
Replace deprecated release actions
9c98c96 
Use `softprops/action-gh-release` instead.
@dependabot @jeohist
Bump urllib3 from 2.2.1 to 2.2.2
9e8b316 
Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.2.1 to 2.2.2.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.2.1...2.2.2)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot @jeohist
Bump certifi from 2024.6.2 to 2024.7.4
2fbfc0f 
Bumps [certifi](https://github.com/certifi/python-certifi) from 2024.6.2 to 2024.7.4.
- [Commits](certifi/python-certifi@2024.06.02...2024.07.04)

---
updated-dependencies:
- dependency-name: certifi
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@jeohist
Update to Python 3.10.14, update CDN location
7c0fe40 
Also updates pip / pip-tools
@jeohist
Update Java dependencies
ecf7470
djvdorp
djvdorp approved these changes Aug 22, 2024
View reviewed changes
Copy link
Contributor

@djvdorp djvdorp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes look good to me, will proceed with manual testing.

@djvdorp
Copy link
Contributor

djvdorp commented Aug 22, 2024

@jeohist test app staged and running fine with this buildpack branch, not seeing anything off from the logs of it either ✅

@djvdorp djvdorp merged commit 27e2ae5 into develop Aug 22, 2024
27 checks passed
@djvdorp djvdorp deleted the security branch August 22, 2024 12:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@djvdorp djvdorp djvdorp approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jeohist @djvdorp