From 7e23ad3642e5016b3b756105729835b2b2042300 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Sun, 2 Mar 2025 20:03:27 +0100
Subject: [PATCH] chore(deps): update all non-major dependencies (#182)

* chore(deps): update all non-major dependencies

* downgrade benchmark .net

* trivy fail only on high/critical

* false pos

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: chgl <chgl@users.noreply.github.com>
---
 .config/dotnet-tools.json                     |  2 +-
 .mega-linter.yml                              |  2 +-
 .trivyignore                                  |  3 +++
 Dockerfile                                    |  6 ++---
 compose.yaml                                  |  4 ++--
 src/Vfps.Benchmarks/Vfps.Benchmarks.csproj    |  2 +-
 .../Vfps.IntegrationTests.csproj              | 10 ++++-----
 src/Vfps.StressTests/Vfps.StressTests.csproj  |  6 ++---
 src/Vfps.Tests/Vfps.Tests.csproj              | 12 +++++-----
 src/Vfps/Vfps.csproj                          | 22 +++++++++----------
 10 files changed, 36 insertions(+), 33 deletions(-)

diff --git a/.config/dotnet-tools.json b/.config/dotnet-tools.json
index 3e661d0..9723acb 100644
--- a/.config/dotnet-tools.json
+++ b/.config/dotnet-tools.json
@@ -3,7 +3,7 @@
   "isRoot": true,
   "tools": {
     "dotnet-outdated-tool": {
-      "version": "4.6.4",
+      "version": "4.6.7",
       "commands": ["dotnet-outdated"]
     },
     "csharpier": {
diff --git a/.mega-linter.yml b/.mega-linter.yml
index f7dd191..d90273c 100644
--- a/.mega-linter.yml
+++ b/.mega-linter.yml
@@ -21,7 +21,7 @@ FILEIO_REPORTER: false
 # DISABLE_ERRORS: true # Uncomment if you want MegaLinter to detect errors but not block CI to pass
 
 REPOSITORY_TRIVY_ARGUMENTS:
-  - "--severity=MEDIUM,HIGH,CRITICAL"
+  - "--severity=HIGH,CRITICAL"
 
 REPOSITORY_CHECKOV_ARGUMENTS:
   - "--skip-path=tests/"
diff --git a/.trivyignore b/.trivyignore
index 376218d..48f3749 100644
--- a/.trivyignore
+++ b/.trivyignore
@@ -7,3 +7,6 @@ AVD-DS-0002
 
 # no update yet. blocking build.
 CVE-2023-4911
+
+# false positive, also covered by hadolint
+AVD-DS-0017
diff --git a/Dockerfile b/Dockerfile
index a1a0d5f..84167eb 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,6 @@
 # kics false positive "Missing User Instruction": <https://docs.kics.io/latest/queries/dockerfile-queries/fd54f200-402c-4333-a5a4-36ef6709af2f/>
 # kics-scan ignore-line
-FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/aspnet:9.0.1-noble-chiseled@sha256:2aae5a49d55c1d7eebabca26f60a5208071142884fdf26cc2f087ac52685c5c2 AS runtime
+FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/aspnet:9.0.2-noble-chiseled@sha256:ecaecad2614c3c946727a3fc22ef829771ce6527e9d82c639080771c2f67ea0a AS runtime
 WORKDIR /opt/vfps
 EXPOSE 8080/tcp 8081/tcp 8082/tcp
 USER 65534:65534
@@ -10,7 +10,7 @@ ENV DOTNET_ENVIRONMENT="Production" \
     ASPNETCORE_URLS="" \
     DOTNET_BUNDLE_EXTRACT_BASE_DIR=/tmp
 
-FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:9.0.102-noble@sha256:67aba0077ce07ea5974bf139a47a4a144bd8f7819a3d91faff02bca4919e9932 AS build
+FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:9.0.200-noble@sha256:12e2373b9ea6f904e0d255a54e65eae31d78ae542dc612baa01fe59198e3e22a AS build
 WORKDIR /build
 ENV DOTNET_CLI_TELEMETRY_OPTOUT=1 \
     PATH="/root/.dotnet/tools:${PATH}"
@@ -74,7 +74,7 @@ FROM build AS stress-test
 WORKDIR /opt/vfps-stress
 # https://github.com/hadolint/hadolint/pull/815 isn't yet in mega-linter
 # hadolint ignore=DL3022
-COPY --from=docker.io/bitnami/kubectl:1.32.1@sha256:96a29566b696a8cb64023b642b4cbdfe33b09da9ffe934b25e3acb04cd43a231 /opt/bitnami/kubectl/bin/kubectl /usr/bin/kubectl
+COPY --from=docker.io/bitnami/kubectl:1.32.2@sha256:9933302d768bbb344fedae9e6e1e452beaf63ae231f3f328272032455ea9aa1e /opt/bitnami/kubectl/bin/kubectl /usr/bin/kubectl
 
 COPY tests/chaos/chaos.yaml /tmp/
 COPY --from=build-stress-test /build/publish .
diff --git a/compose.yaml b/compose.yaml
index db1ed7c..4c52961 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -1,6 +1,6 @@
 services:
   postgresql:
-    image: docker.io/library/postgres:17.2@sha256:87ec5e0a167dc7d4831729f9e1d2ee7b8597dcc49ccd9e43cc5f89e808d2adae
+    image: docker.io/library/postgres:17.4@sha256:81f32a88ec561664634637dd446487efd5f9d90996304b96210078e90e5c8b21
     restart: unless-stopped
     deploy:
       resources:
@@ -20,7 +20,7 @@ services:
       - "127.0.0.1:35432:5432"
 
   jaeger:
-    image: docker.io/jaegertracing/all-in-one:1.65.0@sha256:12fa17a231abded2c3b5b715bd252a043678495c588cbe772173991fbdcdf7c8
+    image: docker.io/jaegertracing/all-in-one:1.66.0@sha256:9864182b4e01350fcc64631bdba5f4085f87daae9d477a04c25d9cb362e787a9
     restart: unless-stopped
     deploy:
       resources:
diff --git a/src/Vfps.Benchmarks/Vfps.Benchmarks.csproj b/src/Vfps.Benchmarks/Vfps.Benchmarks.csproj
index 98db389..19a77eb 100644
--- a/src/Vfps.Benchmarks/Vfps.Benchmarks.csproj
+++ b/src/Vfps.Benchmarks/Vfps.Benchmarks.csproj
@@ -6,7 +6,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="BenchmarkDotNet" Version="0.13.12" />
+    <PackageReference Include="BenchmarkDotNet" Version="0.13.2" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Vfps.IntegrationTests/Vfps.IntegrationTests.csproj b/src/Vfps.IntegrationTests/Vfps.IntegrationTests.csproj
index e2cfb64..e7d96fc 100644
--- a/src/Vfps.IntegrationTests/Vfps.IntegrationTests.csproj
+++ b/src/Vfps.IntegrationTests/Vfps.IntegrationTests.csproj
@@ -9,12 +9,12 @@
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
       <PrivateAssets>all</PrivateAssets>
     </PackageReference>
-    <PackageReference Include="FluentAssertions" Version="8.0.1" />
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.12.0" />
-    <PackageReference Include="Testcontainers" Version="4.1.0" />
-    <PackageReference Include="Testcontainers.PostgreSql" Version="4.1.0" />
+    <PackageReference Include="FluentAssertions" Version="8.1.1" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.13.0" />
+    <PackageReference Include="Testcontainers" Version="4.3.0" />
+    <PackageReference Include="Testcontainers.PostgreSql" Version="4.3.0" />
     <PackageReference Include="xunit" Version="2.9.3" />
-    <PackageReference Include="xunit.runner.visualstudio" Version="3.0.1">
+    <PackageReference Include="xunit.runner.visualstudio" Version="3.0.2">
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
       <PrivateAssets>all</PrivateAssets>
     </PackageReference>
diff --git a/src/Vfps.StressTests/Vfps.StressTests.csproj b/src/Vfps.StressTests/Vfps.StressTests.csproj
index 75b5d20..852303a 100644
--- a/src/Vfps.StressTests/Vfps.StressTests.csproj
+++ b/src/Vfps.StressTests/Vfps.StressTests.csproj
@@ -5,11 +5,11 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.12.0" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.13.0" />
     <PackageReference Include="xunit" Version="2.9.3" />
     <PackageReference Include="NBomber" Version="5.8.2" />
-    <PackageReference Include="FluentAssertions" Version="8.0.1" />
-    <PackageReference Include="xunit.runner.visualstudio" Version="3.0.1">
+    <PackageReference Include="FluentAssertions" Version="8.1.1" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="3.0.2">
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
       <PrivateAssets>all</PrivateAssets>
     </PackageReference>
diff --git a/src/Vfps.Tests/Vfps.Tests.csproj b/src/Vfps.Tests/Vfps.Tests.csproj
index 8c52cf2..1b2a908 100644
--- a/src/Vfps.Tests/Vfps.Tests.csproj
+++ b/src/Vfps.Tests/Vfps.Tests.csproj
@@ -15,13 +15,13 @@
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
     </PackageReference>
-    <PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" Version="9.0.1" />
-    <PackageReference Include="Microsoft.Data.Sqlite.Core" Version="9.0.1" />
-    <PackageReference Include="Microsoft.EntityFrameworkCore.Sqlite" Version="9.0.1" />
-    <PackageReference Include="FluentAssertions" Version="8.0.1" />
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.12.0" />
+    <PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" Version="9.0.2" />
+    <PackageReference Include="Microsoft.Data.Sqlite.Core" Version="9.0.2" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore.Sqlite" Version="9.0.2" />
+    <PackageReference Include="FluentAssertions" Version="8.1.1" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.13.0" />
     <PackageReference Include="xunit" Version="2.9.3" />
-    <PackageReference Include="xunit.runner.visualstudio" Version="3.0.1">
+    <PackageReference Include="xunit.runner.visualstudio" Version="3.0.2">
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
       <PrivateAssets>all</PrivateAssets>
     </PackageReference>
diff --git a/src/Vfps/Vfps.csproj b/src/Vfps/Vfps.csproj
index b790046..3baef2d 100644
--- a/src/Vfps/Vfps.csproj
+++ b/src/Vfps/Vfps.csproj
@@ -8,23 +8,23 @@
         <PackageReference Include="Grpc.AspNetCore" Version="2.67.0" />
         <PackageReference Include="Grpc.AspNetCore.HealthChecks" Version="2.67.0" />
         <PackageReference Include="Grpc.AspNetCore.Server.Reflection" Version="2.67.0" />
-        <PackageReference Include="Hl7.Fhir.R4" Version="5.11.2" />
-        <PackageReference Include="Microsoft.AspNetCore.Grpc.Swagger" Version="0.9.1" />
-        <PackageReference Include="Microsoft.EntityFrameworkCore" Version="9.0.1" />
-        <PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="9.0.1">
+        <PackageReference Include="Hl7.Fhir.R4" Version="5.11.4" />
+        <PackageReference Include="Microsoft.AspNetCore.Grpc.Swagger" Version="0.9.2" />
+        <PackageReference Include="Microsoft.EntityFrameworkCore" Version="9.0.2" />
+        <PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="9.0.2">
             <PrivateAssets>all</PrivateAssets>
             <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
         </PackageReference>
-        <PackageReference Include="Microsoft.Extensions.Diagnostics.HealthChecks.EntityFrameworkCore" Version="9.0.1" />
-        <PackageReference Include="Npgsql" Version="9.0.2" />
-        <PackageReference Include="Npgsql.EntityFrameworkCore.PostgreSQL" Version="9.0.3" />
-        <PackageReference Include="Microsoft.Data.Sqlite.Core" Version="9.0.1" />
-        <PackageReference Include="Microsoft.EntityFrameworkCore.Sqlite" Version="9.0.1" />
-        <PackageReference Include="Npgsql.OpenTelemetry" Version="9.0.2" />
+        <PackageReference Include="Microsoft.Extensions.Diagnostics.HealthChecks.EntityFrameworkCore" Version="9.0.2" />
+        <PackageReference Include="Npgsql" Version="9.0.3" />
+        <PackageReference Include="Npgsql.EntityFrameworkCore.PostgreSQL" Version="9.0.4" />
+        <PackageReference Include="Microsoft.Data.Sqlite.Core" Version="9.0.2" />
+        <PackageReference Include="Microsoft.EntityFrameworkCore.Sqlite" Version="9.0.2" />
+        <PackageReference Include="Npgsql.OpenTelemetry" Version="9.0.3" />
         <PackageReference Include="OpenTelemetry.Exporter.Jaeger" Version="1.5.1" />
         <PackageReference Include="OpenTelemetry.Exporter.OpenTelemetryProtocol" Version="1.11.1" />
         <PackageReference Include="OpenTelemetry.Extensions.Hosting" Version="1.11.1" />
-        <PackageReference Include="OpenTelemetry.Instrumentation.AspNetCore" Version="1.10.1" />
+        <PackageReference Include="OpenTelemetry.Instrumentation.AspNetCore" Version="1.11.0" />
         <PackageReference Include="prometheus-net.AspNetCore" Version="8.2.1" />
         <PackageReference Include="prometheus-net.AspNetCore.Grpc" Version="8.2.1" />
         <PackageReference Include="prometheus-net.AspNetCore.HealthChecks" Version="8.2.1" />