Skip to content

Commit 1557f2d

Browse files
mocsharpmocsharp
authored
* Address CVE-2024-38229, CVE-2024-35264 - Updated `libcom_err` version in `CallbackApp.Dockerfile` from 1.47.0-r5 to 1.47.2-r1. - Modified GitHub workflows to use updated action versions, including `actions/checkout@v4`, `gittools/actions/gitreleasemanager/[email protected]`, and various CodeQL and license scanning actions. - Updated package references across multiple projects to newer versions, including `Monai.Deploy.Messaging` (2.0.4), `MongoDB.Driver` (2.30.0), and `Microsoft.AspNetCore.Mvc.NewtonsoftJson` (8.0.14). - Updated test project dependencies to the latest versions for improved stability and performance. - Ensured consistency in package versions across the codebase. Signed-off-by: Victor Chang <[email protected]> * Update `libcom_err` version in `CallbackApp.Dockerfile` from 1.47.2-r1 to 1.47.1-r1 for compatibility reasons. Signed-off-by: Victor Chang <[email protected]> * Update dependencies for System.IO.Abstractions and related packages to version 21.3.1 in documentation and test project. - Updated version references in `dependency_decisions.yml` and `third-party-licenses.md` to reflect the new version 21.3.1 for `System.IO.Abstractions`, `System.IO.Abstractions.TestingHelpers`, and `System.IO.Abstractions.Wrappers`. - Modified the test project file to use the updated `System.IO.Abstractions.TestingHelpers` version 21.3.1. Signed-off-by: Victor Chang <[email protected]> * Update changelog Signed-off-by: Victor Chang <[email protected]> * Optimize Dockerfile by cleaning up APK cache after installing dependencies to reduce image size. Signed-off-by: Victor Chang <[email protected]> --------- Signed-off-by: Victor Chang <[email protected]>
1 parent 150e36d commit 1557f2d

File tree

56 files changed

+132278
-30245
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

56 files changed

+132278
-30245
lines changed

.github/.gitversion.yml

+15-8
Original file line numberDiff line numberDiff line change
@@ -12,22 +12,29 @@
1212
# See the License for the specific language governing permissions and
1313
# limitations under the License.
1414

15-
next-version: 0.1.5
15+
workflow: GitHubFlow/v1
1616
assembly-versioning-scheme: MajorMinorPatchTag
17+
assembly-file-versioning-scheme: MajorMinorPatchTag
1718
mode: ContinuousDelivery
1819
branches:
1920
main:
20-
tag: ''
21+
label: ''
22+
regex: ^main$
2123
release:
22-
regex: ^release/(?!2022)
23-
tag: rc
24+
label: rc
25+
regex: ^releases?[/-](?<BranchName>.+)
2426
develop:
25-
tag: beta
27+
label: beta
28+
increment: Patch
29+
regex: ^develop$
2630
feature:
27-
tag: alpha.{BranchName}
31+
label: alpha.{BranchName}
32+
regex: ^features?[/-](?<BranchName>.+)
2833
pull-request:
29-
tag: pr
30-
34+
label: pr
35+
increment: Patch
36+
regex: ^(pull|pull\-requests|pr)[/-]
37+
3138
ignore:
3239
sha: []
3340
merge-message-formats: {}

.github/workflows/build.yml

+17-15
Original file line numberDiff line numberDiff line change
@@ -45,16 +45,18 @@ jobs:
4545
security-events: write
4646
steps:
4747
- name: Checkout repository
48-
uses: actions/checkout@v3
48+
uses: actions/checkout@v4
4949
with:
5050
fetch-depth: 0
5151

52-
- name: Install GitVersion
53-
run: dotnet tool install --global GitVersion.Tool
52+
- name: Setup GitVersion
53+
uses: gittools/actions/gitversion/[email protected]
54+
with:
55+
versionSpec: '6.0.5'
5456

5557
- name: Determine Version
5658
id: gitversion
57-
uses: gittools/actions/gitversion/execute@v0.10.2
59+
uses: gittools/actions/gitversion/execute@v3.1.11
5860
with:
5961
useConfigFile: true
6062
updateAssemblyInfo: true
@@ -147,16 +149,16 @@ jobs:
147149
env:
148150
SEMVER: ${{ needs.build-and-deploy.outputs.semVer }}
149151
steps:
150-
- uses: actions/checkout@v3
152+
- uses: actions/checkout@v4
151153
with:
152154
fetch-depth: 0
153155

154-
- uses: actions/setup-dotnet@v3
156+
- uses: actions/setup-dotnet@v4
155157
with:
156158
dotnet-version: "8.0.x"
157159

158160
- name: Enable NuGet cache
159-
uses: actions/cache@v4.0.2
161+
uses: actions/cache@v4.2.3
160162
with:
161163
path: ~/.nuget/packages
162164
key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }}
@@ -193,7 +195,7 @@ jobs:
193195
Get-ChildItem ~\release -Recurse
194196
195197
- name: Upload docs
196-
uses: actions/upload-artifact@v3.1.2
198+
uses: actions/upload-artifact@v4.6.2
197199
with:
198200
name: artifacts
199201
path: ~/release
@@ -208,11 +210,11 @@ jobs:
208210
MAJORMINORPATCH: ${{ needs.build-and-deploy.outputs.majorMinorPatch }}
209211

210212
steps:
211-
- uses: actions/checkout@v3
213+
- uses: actions/checkout@v4
212214
with:
213215
fetch-depth: 0
214216

215-
- uses: actions/download-artifact@v3
217+
- uses: actions/download-artifact@v4
216218
id: download
217219

218220
- name: List artifacts
@@ -226,12 +228,12 @@ jobs:
226228
msg: ${{ github.repository }}
227229

228230
- name: Install GitReleaseManager
229-
uses: gittools/actions/gitreleasemanager/setup@v0.10.2
231+
uses: gittools/actions/gitreleasemanager/setup@v3.1.11
230232
with:
231-
versionSpec: "0.13.x"
233+
versionSpec: '0.18.x'
232234

233235
- name: Create release with GitReleaseManager
234-
uses: gittools/actions/gitreleasemanager/create@v0.10.2
236+
uses: gittools/actions/gitreleasemanager/create@v3.1.11
235237
with:
236238
token: ${{ secrets.GITHUB_TOKEN }}
237239
owner: ${{ steps.repo.outputs._0 }}
@@ -242,7 +244,7 @@ jobs:
242244
artifacts/mwm-docs-${{ env.SEMVER }}.zip
243245
244246
- name: Publish release with GitReleaseManager
245-
uses: gittools/actions/gitreleasemanager/publish@v0.10.2
247+
uses: gittools/actions/gitreleasemanager/publish@v3.1.11
246248
if: ${{ contains(github.ref, 'refs/heads/main') }}
247249
with:
248250
token: ${{ secrets.GITHUB_TOKEN }}
@@ -251,7 +253,7 @@ jobs:
251253
tagName: ${{ env.MAJORMINORPATCH }}
252254

253255
- name: Close release with GitReleaseManager
254-
uses: gittools/actions/gitreleasemanager/close@v0.10.2
256+
uses: gittools/actions/gitreleasemanager/close@v3.1.11
255257
if: ${{ contains(github.ref, 'refs/heads/main') }}
256258
with:
257259
token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/codeql.yml

+5-5
Original file line numberDiff line numberDiff line change
@@ -37,25 +37,25 @@ jobs:
3737

3838
steps:
3939
- name: Checkout repository
40-
uses: actions/checkout@v3
40+
uses: actions/checkout@v4
4141
with:
4242
fetch-depth: 0
4343

4444
- name: Install Dotnet
45-
uses: actions/setup-dotnet@v3
45+
uses: actions/setup-dotnet@v4
4646
with:
4747
dotnet-version: ${{ env.DOTNET_VERSION }}
4848

4949
- name: Enable NuGet cache
50-
uses: actions/cache@v4.0.2
50+
uses: actions/cache@v4.2.3
5151
with:
5252
path: ~/.nuget/packages
5353
key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }}
5454
restore-keys: |
5555
${{ runner.os }}-nuget
5656
5757
- name: Initialize CodeQL
58-
uses: github/codeql-action/init@v2
58+
uses: github/codeql-action/init@v3
5959
with:
6060
languages: csharp
6161

@@ -68,4 +68,4 @@ jobs:
6868
working-directory: ./src
6969

7070
- name: Perform CodeQL Analysis
71-
uses: github/codeql-action/analyze@v2
71+
uses: github/codeql-action/analyze@v3

.github/workflows/license-scanning.yml

+3-3
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ jobs:
2626
runs-on: ubuntu-latest
2727
steps:
2828
- name: Checkout repository
29-
uses: actions/checkout@v3
29+
uses: actions/checkout@v4
3030
with:
3131
fetch-depth: 0
3232

@@ -40,12 +40,12 @@ jobs:
4040
run: gem install license_finder
4141

4242
- name: Install Dotnet
43-
uses: actions/setup-dotnet@v3
43+
uses: actions/setup-dotnet@v4
4444
with:
4545
dotnet-version: ${{ env.DOTNET_VERSION }}
4646

4747
- name: Enable NuGet cache
48-
uses: actions/cache@v4.0.2
48+
uses: actions/cache@v4.2.3
4949
with:
5050
path: ~/.nuget/packages
5151
key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }}

.github/workflows/nightly.yml

+1-1
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,7 @@ jobs:
3838
security-events: write
3939
steps:
4040
- name: Checkout repository
41-
uses: actions/checkout@v3
41+
uses: actions/checkout@v4
4242
with:
4343
fetch-depth: 0
4444

.github/workflows/security.yml

+4-4
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ jobs:
2626
runs-on: ubuntu-latest
2727
steps:
2828
- name: Checkout code
29-
uses: actions/checkout@v3
29+
uses: actions/checkout@v4
3030
with:
3131
fetch-depth: 0
3232

@@ -42,17 +42,17 @@ jobs:
4242
runs-on: ubuntu-latest
4343
steps:
4444
- name: Checkout repository
45-
uses: actions/checkout@v3
45+
uses: actions/checkout@v4
4646
with:
4747
fetch-depth: 0
4848

4949
- name: Install Dotnet
50-
uses: actions/setup-dotnet@v3
50+
uses: actions/setup-dotnet@v4
5151
with:
5252
dotnet-version: ${{ env.DOTNET_VERSION }}
5353

5454
- name: Enable NuGet cache
55-
uses: actions/cache@v4.0.2
55+
uses: actions/cache@v4.2.3
5656
with:
5757
path: ~/.nuget/packages
5858
key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }}

.github/workflows/test.yml

+16-16
Original file line numberDiff line numberDiff line change
@@ -29,17 +29,17 @@ jobs:
2929
runs-on: ubuntu-latest
3030
steps:
3131
- name: Checkout repository
32-
uses: actions/checkout@v3
32+
uses: actions/checkout@v4
3333
with:
3434
fetch-depth: 0
3535

3636
- name: Install Dotnet
37-
uses: actions/setup-dotnet@v3
37+
uses: actions/setup-dotnet@v4
3838
with:
3939
dotnet-version: ${{ env.DOTNET_VERSION }}
4040

4141
- name: Enable NuGet cache
42-
uses: actions/cache@v4.0.2
42+
uses: actions/cache@v4.2.3
4343
with:
4444
path: ~/.nuget/packages
4545
key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }}
@@ -62,7 +62,7 @@ jobs:
6262
working-directory: ./tests
6363

6464
- name: Archive code coverage results
65-
uses: actions/upload-artifact@v3.1.2
65+
uses: actions/upload-artifact@v4.6.2
6666
with:
6767
name: code-coverage-reports
6868
path: ./tests/**/coverage.opencover.xml
@@ -100,20 +100,20 @@ jobs:
100100

101101
steps:
102102
- name: Checkout repository
103-
uses: actions/checkout@v3
103+
uses: actions/checkout@v4
104104
with:
105105
fetch-depth: 0
106106

107107
- name: Install Dotnet
108-
uses: actions/setup-dotnet@v3
108+
uses: actions/setup-dotnet@v4
109109
with:
110110
dotnet-version: ${{ env.DOTNET_VERSION }}
111111

112112
- name: Install LivingDoc CLI
113113
run: dotnet tool install --global SpecFlow.Plus.LivingDoc.CLI
114114

115115
- name: Enable NuGet cache
116-
uses: actions/cache@v4.0.2
116+
uses: actions/cache@v4.2.3
117117
with:
118118
path: ~/.nuget/packages
119119
key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }}
@@ -139,7 +139,7 @@ jobs:
139139

140140
- name: Publish report
141141
if: always()
142-
uses: actions/upload-artifact@v3.1.2
142+
uses: actions/upload-artifact@v4.6.2
143143
with:
144144
name: WorkflowExecutorIntegrationTestReport
145145
path: ./tests/IntegrationTests/WorkflowExecutor.IntegrationTests/bin/Debug/net8.0/LivingDoc.html
@@ -177,20 +177,20 @@ jobs:
177177

178178
steps:
179179
- name: Checkout repository
180-
uses: actions/checkout@v3
180+
uses: actions/checkout@v4
181181
with:
182182
fetch-depth: 0
183183

184184
- name: Install Dotnet
185-
uses: actions/setup-dotnet@v3
185+
uses: actions/setup-dotnet@v4
186186
with:
187187
dotnet-version: ${{ env.DOTNET_VERSION }}
188188

189189
- name: Install LivingDoc CLI
190190
run: dotnet tool install --global SpecFlow.Plus.LivingDoc.CLI
191191

192192
- name: Enable NuGet cache
193-
uses: actions/cache@v4.0.2
193+
uses: actions/cache@v4.2.3
194194
with:
195195
path: ~/.nuget/packages
196196
key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }}
@@ -216,7 +216,7 @@ jobs:
216216

217217
- name: Publish report
218218
if: always()
219-
uses: actions/upload-artifact@v3.1.2
219+
uses: actions/upload-artifact@v4.6.2
220220
with:
221221
name: TaskManagerIntegrationTestReport
222222
path: ./tests/IntegrationTests/TaskManager.IntegrationTests/bin/Debug/net8.0/LivingDoc.html
@@ -232,17 +232,17 @@ jobs:
232232
distribution: 'zulu' # Alternative distribution options are available.
233233

234234
- name: Checkout repository
235-
uses: actions/checkout@v3
235+
uses: actions/checkout@v4
236236
with:
237237
fetch-depth: 0
238238

239239
- name: Install Dotnet
240-
uses: actions/setup-dotnet@v3
240+
uses: actions/setup-dotnet@v4
241241
with:
242242
dotnet-version: ${{ env.DOTNET_VERSION }}
243243

244244
- name: Enable NuGet cache
245-
uses: actions/cache@v4.0.2
245+
uses: actions/cache@v4.2.3
246246
with:
247247
path: ~/.nuget/packages
248248
key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }}
@@ -269,7 +269,7 @@ jobs:
269269
working-directory: ./src
270270

271271
- name: Download code coverage from unit tests
272-
uses: actions/download-artifact@v3
272+
uses: actions/download-artifact@v4
273273
with:
274274
name: code-coverage-reports
275275

CallbackApp.Dockerfile

+4-2
Original file line numberDiff line numberDiff line change
@@ -11,8 +11,10 @@
1111

1212
FROM python:3.10-alpine
1313

14-
RUN apk update && apk upgrade
15-
RUN apk add libcom_err=1.47.0-r5
14+
RUN apk update && \
15+
apk upgrade && \
16+
apk add libcom_err=1.47.1-r1 && \
17+
rm -rf /var/cache/apk/*
1618
WORKDIR /app
1719
COPY src/TaskManager/CallbackApp/app.py ./
1820
COPY src/TaskManager/CallbackApp/requirements.txt ./

0 commit comments

Comments
 (0)