diff --git a/.github/dependabot.yml b/.github/dependabot.yml index dc0e75e76..2dc50cd87 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -10,7 +10,7 @@ updates: target-branch: "dep/dependency_upgrade_staging" open-pull-requests-limit: 30 schedule: - interval: "daily" + interval: "weekly" - package-ecosystem: "npm" # Look for `package.json` and `lock` files in the `cerberus-dashboard` directory directory: "/cerberus-dashboard" @@ -18,11 +18,11 @@ updates: open-pull-requests-limit: 30 # Check the npm registry for updates every day (weekdays) schedule: - interval: "daily" + interval: "weekly" - package-ecosystem: "github-actions" # Look for `package.json` and `lock` files in the `cerberus-dashboard` directory directory: "/" target-branch: "dep/dependency_upgrade_staging" # Check the npm registry for updates every day (weekdays) schedule: - interval: "daily" \ No newline at end of file + interval: "weekly" \ No newline at end of file diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 18160767d..e92bf07a8 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -34,7 +34,7 @@ jobs: verbose: true - name: Slack notification when master build fails if: ${{ failure() && github.ref == 'refs/heads/master'}} - uses: rtCamp/action-slack-notify@v2.1.0 + uses: rtCamp/action-slack-notify@v2.1.2 env: SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} SLACK_CHANNEL: cerberus-alerts diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b8b34a9f4..0f6398eb2 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -44,7 +44,7 @@ jobs: tag: ${{ github.ref }} - name: Slack notification when release fails if: ${{ failure() }} - uses: rtCamp/action-slack-notify@v2.1.0 + uses: rtCamp/action-slack-notify@v2.1.2 env: SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} SLACK_CHANNEL: cerberus-alerts diff --git a/build.gradle b/build.gradle index 0e62775d8..079459022 100644 --- a/build.gradle +++ b/build.gradle @@ -23,8 +23,8 @@ buildscript { versions = [ lombok: '1.18.18', resilience4j: '1.7.0', - awsSdkVersion: '1.11.946', - kork: '7.98.0', + awsSdkVersion: '1.11.948', + kork: '7.99.0', guava: '30.1-jre', springBoot: '2.4.2', ] @@ -50,7 +50,7 @@ buildscript { plugins { id "io.spring.dependency-management" version "1.0.11.RELEASE" - id "com.github.nbaztec.coveralls-jacoco" version "1.2.10" + id "com.github.nbaztec.coveralls-jacoco" version "1.2.11" id "com.github.spotbugs" version "4.6.0" } diff --git a/cerberus-core/build.gradle b/cerberus-core/build.gradle index 6c5142c77..4f26dca00 100644 --- a/cerberus-core/build.gradle +++ b/cerberus-core/build.gradle @@ -42,7 +42,7 @@ dependencies { configurations.all { resolutionStrategy { - force "org.jetbrains.kotlin:kotlin-stdlib-common:1.4.21-2" + force "org.jetbrains.kotlin:kotlin-stdlib-common:1.4.30" force "org.jetbrains.kotlin:kotlin-stdlib:1.4.21-2" } } diff --git a/dependency-check-supressions.xml b/dependency-check-supressions.xml index 350597e63..30c2b6e35 100644 --- a/dependency-check-supressions.xml +++ b/dependency-check-supressions.xml @@ -98,4 +98,11 @@ ^pkg:npm/immer@.*$ cpe:/a:immer_project:immer + + + ^pkg:npm/faye\-websocket@.*$ + CVE-2020-15133 + diff --git a/gradle.properties b/gradle.properties index d5913fdfd..dc0c92b66 100644 --- a/gradle.properties +++ b/gradle.properties @@ -14,5 +14,5 @@ # limitations under the License. # -version=4.10.1 +version=4.10.2 group=com.nike.cerberus