Merge branch 'master' into feat/add-java-commons

lensesio · Apr 26, 2024 · c028c6d · c028c6d
2 parents a04087f + de38391
commit c028c6d
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 6 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -231,7 +231,7 @@ jobs:
           format: 'HTML'
           args: >-
               --failOnCVSS 5
-              --suppression https://raw.githubusercontent.com/${{ github.event.pull_request.head.repo.owner.login }}/${{github.event.repository.name}}/${{ steps.branch_name.outputs.tag }}${{ steps.branch_name.outputs.current_branch }}/suppression.xml
+              --suppression https://raw.githubusercontent.com/${{ github.event.pull_request.head.repo.owner.login || github.event.repository.owner.login }}/${{ github.event.repository.name }}/${{ steps.branch_name.outputs.tag }}${{ steps.branch_name.outputs.current_branch }}/suppression.xml
       - name: Upload Test results
         uses: actions/upload-artifact@master
         with:

diff --git a/.github/workflows/java-build.yml b/.github/workflows/java-build.yml
@@ -126,7 +126,7 @@ jobs:
           format: 'HTML'
           args: >-
             --failOnCVSS 5
-            --suppression https://raw.githubusercontent.com/${{ github.event.pull_request.head.repo.owner.login }}/${{github.event.repository.name}}/${{ steps.branch_name.outputs.tag }}${{ steps.branch_name.outputs.current_branch }}/suppression.xml
+            --suppression https://raw.githubusercontent.com/${{ github.event.pull_request.head.repo.owner.login || github.event.repository.owner.login }}/${{github.event.repository.name}}/${{ steps.branch_name.outputs.tag }}${{ steps.branch_name.outputs.current_branch }}/suppression.xml
 
       - name: Upload Test results
         uses: actions/upload-artifact@master

diff --git a/project/Dependencies.scala b/project/Dependencies.scala
@@ -75,11 +75,11 @@ object Dependencies {
     val jerseyCommonVersion = "3.1.6"
 
     val calciteVersion = "1.34.0"
-    val awsSdkVersion  = "2.25.36"
+    val awsSdkVersion  = "2.25.38"
 
-    val azureDataLakeVersion = "12.18.3"
-    val azureIdentityVersion = "1.11.4"
-    val azureCoreVersion     = "1.47.0"
+    val azureDataLakeVersion = "12.18.4"
+    val azureIdentityVersion = "1.12.0"
+    val azureCoreVersion     = "1.48.0"
     val gcpStorageVersion    = "2.37.0"
 
     val jacksonVersion      = "2.17.0"

diff --git a/suppression.xml b/suppression.xml
@@ -103,4 +103,13 @@
         <packageUrl regex="true">^pkg:maven/org\.threeten/threetenbp@.*$</packageUrl>
         <vulnerabilityName>CVE-2024-23082</vulnerabilityName>
     </suppress>
+
+    <!-- Azure False Positive: https://github.com/jeremylong/DependencyCheck/issues/6100 -->
+    <suppress>
+        <notes><![CDATA[
+   file name: kafka-connect-azure-datalake-assembly-6.4-SNAPSHOT.jar (shaded: com.azure:azure-xml:1.0.0)
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/com\.azure/azure\-xml@.*$</packageUrl>
+        <cve>CVE-2023-36052</cve>
+    </suppress>
 </suppressions>