search

eclipse-tractusx / knowledge-agents-edc

EDC Extensions for CX-0084 (Federated Queries In Data Spaces)
Apache License 2.0
1 stars 4 forks source link

fix(az-vault): upgrade/patch vulnerable dependency of azure-identity #135

Closed drcgjung closed 11 months ago

drcgjung commented 11 months ago

WHAT

Patches reactor-netty-http to version 1.0.39 and updates DEPENDENCIES

WHY

reactor-netty-http 1.0.33 (a dependency of azure-identity 1.10) is vulnerable, clean version 1.0.39 not yet IP checked.

FURTHER NOTES

Before, this dependency was implicit (through azure-identity). Now it has to be IP checked unfortunately. Approval just went through. Could you please invoke veracode https://github.com/eclipse-tractusx/knowledge-agents-edc/actions/workflows/veracode.yml after the merge?

SebastianBezold commented 11 months ago

Hey @drcgjung,

here's the IP issue: https://gitlab.eclipse.org/eclipsefdn/emo-team/iplab/-/issues/11661 Rest looks good, so we can merge, as soon as the check is approved. Should we also include this in the current release branch?

drcgjung commented 11 months ago

Should we also include this in the current release branch?

I already integrated it into the #130

drcgjung commented 11 months ago

approval is there.