Skip to content

Commit d7d021e

Browse files
chglrenovate[bot]
andauthoredJan 14, 2024
chore(deps): aggregated dep updates (#125)
* chore(deps): update quay.io/keycloak/keycloak docker tag to v23 * chore(deps): update github-actions * chore(deps): update github-actions * chore(deps): update all non-major dependencies * chore(deps): update docker.io/library/postgres docker tag to v16 * ci: fail trivy only on high+critical * chore: updated snapshot name to work with latest verify * ci: dont verify base image signature --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
1 parent be90e7b commit d7d021e

26 files changed

+196
-189
lines changed
 

‎.config/dotnet-tools.json

+1-1
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
"isRoot": true,
44
"tools": {
55
"csharpier": {
6-
"version": "0.26.3",
6+
"version": "0.26.7",
77
"commands": ["dotnet-csharpier"]
88
},
99
"dotnet-outdated-tool": {

‎.gitattributes

+1-1
Original file line numberDiff line numberDiff line change
@@ -3,4 +3,4 @@
33
*.shellcheckrc text eol=lf
44
*Dockerfile text eol=lf
55

6-
*.verified.fhir.json text eol=lf working-tree-encoding=UTF-8
6+
*.verified.json text eol=lf working-tree-encoding=UTF-8

‎.github/workflows/chaos.yaml

+3-3
Original file line numberDiff line numberDiff line change
@@ -15,12 +15,12 @@ jobs:
1515
runs-on: ubuntu-22.04
1616
steps:
1717
- name: Checkout
18-
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
18+
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
1919
with:
2020
fetch-depth: 0
2121

2222
- name: Set up Docker Buildx
23-
uses: docker/setup-buildx-action@885d1462b80bc1c1c7f0b00334ad271f09369c55 # v2
23+
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
2424

2525
- name: Install Task
2626
uses: arduino/setup-task@e26d8975574116b0097a1161e0fe16ba75d84c1c # v1.0.3
@@ -38,7 +38,7 @@ jobs:
3838
3939
- name: Upload cluster dump
4040
if: always()
41-
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
41+
uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0
4242
with:
4343
name: kind-cluster-dump.txt
4444
path: |

‎.github/workflows/ci.yaml

+14-13
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ permissions: read-all
1212

1313
jobs:
1414
build:
15-
uses: miracum/.github/.github/workflows/standard-build.yaml@1dd4350bc909156d8af0f1997efcb0f3225dad85 # v1.1.0
15+
uses: miracum/.github/.github/workflows/standard-build.yaml@99ea726a6aea9d5e055cadc81cd46527ea6c8d83 # v1.5.4
1616
permissions:
1717
contents: read
1818
id-token: write
@@ -35,15 +35,15 @@ jobs:
3535
pull-requests: write
3636
steps:
3737
- name: "Checkout code"
38-
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
38+
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
3939
with:
4040
persist-credentials: false
4141

4242
- name: Download image
43-
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
43+
uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1
4444
if: ${{ github.event_name == 'pull_request' }}
4545
with:
46-
name: container-image
46+
name: ${{ needs.build.outputs.image-slug }}
4747
path: /tmp
4848

4949
- name: Load image
@@ -54,9 +54,9 @@ jobs:
5454
docker image ls
5555
5656
- name: Download test image
57-
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
57+
uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1
5858
with:
59-
name: test-image
59+
name: ${{ needs.build.outputs.image-slug }}-test
6060
path: /tmp
6161

6262
- name: Load test image
@@ -103,7 +103,7 @@ jobs:
103103
pull-requests: write
104104
steps:
105105
- name: Checkout
106-
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
106+
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
107107

108108
- name: install iter8 cli
109109
env:
@@ -120,9 +120,9 @@ jobs:
120120
cluster_name: kind
121121

122122
- name: Download image
123-
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
123+
uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1
124124
with:
125-
name: container-image
125+
name: ${{ needs.build.outputs.image-slug }}
126126
path: /tmp
127127

128128
- name: Load image into KinD
@@ -179,7 +179,7 @@ jobs:
179179

180180
- name: Upload report
181181
if: always()
182-
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
182+
uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0
183183
with:
184184
name: iter8-report.html
185185
path: |
@@ -193,14 +193,14 @@ jobs:
193193
194194
- name: Upload cluster dump
195195
if: always()
196-
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
196+
uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0
197197
with:
198198
name: kind-cluster-dump.txt
199199
path: |
200200
kind-cluster-dump.txt
201201
202202
lint:
203-
uses: miracum/.github/.github/workflows/standard-lint.yaml@1dd4350bc909156d8af0f1997efcb0f3225dad85 # v1.1.0
203+
uses: miracum/.github/.github/workflows/standard-lint.yaml@99ea726a6aea9d5e055cadc81cd46527ea6c8d83 # v1.5.4
204204
permissions:
205205
contents: read
206206
pull-requests: write
@@ -211,11 +211,12 @@ jobs:
211211
enable-validate-gradle-wrapper: false
212212
codeql-languages: '["csharp"]'
213213
enable-codeql: true
214+
enable-verify-base-image-signature: false
214215
secrets:
215216
github-token: ${{ secrets.GITHUB_TOKEN }}
216217

217218
release:
218-
uses: miracum/.github/.github/workflows/standard-release.yaml@1dd4350bc909156d8af0f1997efcb0f3225dad85 # v1.1.0
219+
uses: miracum/.github/.github/workflows/standard-release.yaml@99ea726a6aea9d5e055cadc81cd46527ea6c8d83 # v1.5.4
219220
needs:
220221
- build
221222
- test

‎.github/workflows/schedule.yaml

+1-1
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ permissions: read-all
1010

1111
jobs:
1212
schedule:
13-
uses: miracum/.github/.github/workflows/standard-schedule.yaml@1dd4350bc909156d8af0f1997efcb0f3225dad85 # v1.1.0
13+
uses: miracum/.github/.github/workflows/standard-schedule.yaml@99ea726a6aea9d5e055cadc81cd46527ea6c8d83 # v1.5.4
1414
permissions:
1515
contents: read
1616
issues: write

‎.github/workflows/scorecards.yaml

+4-4
Original file line numberDiff line numberDiff line change
@@ -33,12 +33,12 @@ jobs:
3333

3434
steps:
3535
- name: "Checkout code"
36-
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
36+
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
3737
with:
3838
persist-credentials: false
3939

4040
- name: "Run analysis"
41-
uses: ossf/scorecard-action@483ef80eb98fb506c348f7d62e28055e49fe2398 # v2.3.0
41+
uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
4242
with:
4343
results_file: results.sarif
4444
results_format: sarif
@@ -60,14 +60,14 @@ jobs:
6060
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
6161
# format to the repository Actions tab.
6262
- name: "Upload artifact"
63-
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
63+
uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0
6464
with:
6565
name: SARIF file
6666
path: results.sarif
6767
retention-days: 5
6868

6969
# Upload the results to GitHub's code scanning dashboard.
7070
- name: "Upload to code-scanning"
71-
uses: github/codeql-action/upload-sarif@ddccb873888234080b77e9bc2d4764d5ccaaccf9 # v2.21.9
71+
uses: github/codeql-action/upload-sarif@e5f05b81d5b6ff8cfa111c80c22c5fd02a384118 # v3.23.0
7272
with:
7373
sarif_file: results.sarif

‎.mega-linter.yml

+1-1
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@ BASH_SHFMT_ARGUMENTS:
2323
- "--indent=2"
2424

2525
REPOSITORY_TRIVY_ARGUMENTS:
26-
- "--severity=MEDIUM,HIGH,CRITICAL"
26+
- "--severity=HIGH,CRITICAL"
2727

2828
REPOSITORY_CHECKOV_ARGUMENTS:
2929
- "--skip-path=tests/iter8"

‎.releaserc.json

+2-2
Original file line numberDiff line numberDiff line change
@@ -60,8 +60,8 @@
6060
},
6161
{
6262
"files": ["Dockerfile"],
63-
"from": "VERSION=.*",
64-
"to": "VERSION=${nextRelease.version}",
63+
"from": "ARG VERSION=.*",
64+
"to": "ARG VERSION=${nextRelease.version}",
6565
"results": [
6666
{
6767
"file": "Dockerfile",

‎Dockerfile

+3-3
Original file line numberDiff line numberDiff line change
@@ -1,14 +1,14 @@
11
# kics false positive "Missing User Instruction": <https://docs.kics.io/latest/queries/dockerfile-queries/fd54f200-402c-4333-a5a4-36ef6709af2f/>
22
# kics-scan ignore-line
3-
FROM mcr.microsoft.com/dotnet/aspnet:8.0.0-jammy-chiseled@sha256:2f9b3da0c3de6b0db88a0f53356dd7022ce983609a3255aeefaf617c5ed32fa7 AS runtime
3+
FROM mcr.microsoft.com/dotnet/aspnet:8.0.1-jammy-chiseled@sha256:fd65dd3a9fef62b12873e1f3db1d0cf4bffd3984c1656971a2bfcaab14224b67 AS runtime
44
WORKDIR /opt/fhir-pseudonymizer
55
EXPOSE 8080/tcp 8081/tcp
66
USER 65532:65532
77
ENV ASPNETCORE_ENVIRONMENT="Production" \
88
DOTNET_CLI_TELEMETRY_OPTOUT=1 \
99
ASPNETCORE_URLS="http://*:8080"
1010

11-
FROM mcr.microsoft.com/dotnet/sdk:8.0.100-jammy@sha256:7aacf0debfa3c612176a76c7d0be817e588b7cb5ca8f74e20484bb66e6ef1f79 AS build
11+
FROM mcr.microsoft.com/dotnet/sdk:8.0.101-jammy@sha256:76ef2395f453da03a90be9a9643cf75da3365503c9cde7bde7a98bee8f61900f AS build
1212
ENV DOTNET_CLI_TELEMETRY_OPTOUT=1
1313
WORKDIR /build
1414
COPY src/Directory.Build.props .
@@ -57,7 +57,7 @@ WORKDIR /opt/fhir-pseudonymizer-stress
5757

5858
# https://github.com/hadolint/hadolint/pull/815 isn't yet in mega-linter
5959
# hadolint ignore=DL3022
60-
COPY --from=docker.io/bitnami/kubectl:1.28.3@sha256:0defec793112fa610a850a991ed4ad849c853c54fb2136b95bcdf41ff6f96c38 /opt/bitnami/kubectl/bin/kubectl /usr/bin/kubectl
60+
COPY --from=docker.io/bitnami/kubectl:1.29.0@sha256:121fa926a1304f34439082df44b0bdbe6eee583760abd2ae67949a2987322fe9 /opt/bitnami/kubectl/bin/kubectl /usr/bin/kubectl
6161

6262
COPY tests/chaos/chaos.yaml /tmp/
6363
COPY --from=build-stress-test /build/publish .

‎compose.dev.yaml

+4-4
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
services:
22
jaeger:
3-
image: docker.io/jaegertracing/all-in-one:1.50@sha256:d589499a01e1e2f9d302db8e210af09688076fd8a93278fa024824a755c1a0f1
3+
image: docker.io/jaegertracing/all-in-one:1.53@sha256:60e65bfffe1f66aee96d6fc8b6bf65afd42016be5dcc09d2e15d8462f7d9409c
44
restart: unless-stopped
55
deploy:
66
resources:
@@ -21,7 +21,7 @@ services:
2121
- "127.0.0.1:16686:16686"
2222

2323
vfps-db:
24-
image: docker.io/library/postgres:15.4@sha256:d1168ad5397bf9c94cc417c530469805a8767ed585481d93f174461ac8557e3a
24+
image: docker.io/library/postgres:16.1@sha256:49c276fa02e3d61bd9b8db81dfb4784fe814f50f778dce5980a03817438293e3
2525
restart: unless-stopped
2626
deploy:
2727
resources:
@@ -41,7 +41,7 @@ services:
4141
POSTGRES_DB: vfps
4242

4343
vfps:
44-
image: ghcr.io/miracum/vfps:v1.3.0@sha256:16d723600764eeebb49c88c4bfdf2bd7f84e3d5f9602c25b307bf52cf50e7e37
44+
image: ghcr.io/miracum/vfps:v1.3.2@sha256:3f53189024ab609b3b25f08b8270f9880a2d710d68e46d2d7a5e6258085de3d4
4545
restart: unless-stopped
4646
deploy:
4747
resources:
@@ -101,7 +101,7 @@ services:
101101
- ./hack/mocks:/config:ro
102102

103103
keycloak:
104-
image: quay.io/keycloak/keycloak:22.0.5@sha256:bfa8852e52c279f0857fe8da239c0ad6bbd2cc07793a28a6770f7e24c1e25444
104+
image: quay.io/keycloak/keycloak:23.0.4@sha256:4281aa5007b370de736969d991e0b63b45c389319f08948e834418b950c07155
105105
restart: unless-stopped
106106
profiles:
107107
- keycloak

‎src/FhirPseudonymizer.StressTests/FhirPseudonymizer.StressTests.csproj

+3-3
Original file line numberDiff line numberDiff line change
@@ -6,11 +6,11 @@
66
</PropertyGroup>
77

88
<ItemGroup>
9-
<PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" Version="8.0.0" />
9+
<PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" Version="8.0.1" />
1010
<PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.8.0" />
1111
<PackageReference Include="NBomber.Http" Version="5.0.1" />
12-
<PackageReference Include="xunit" Version="2.6.2" />
13-
<PackageReference Include="xunit.runner.visualstudio" Version="2.5.4">
12+
<PackageReference Include="xunit" Version="2.6.5" />
13+
<PackageReference Include="xunit.runner.visualstudio" Version="2.5.6">
1414
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
1515
<PrivateAssets>all</PrivateAssets>
1616
</PackageReference>

‎src/FhirPseudonymizer.Tests/FhirPseudonymizer.Tests.csproj

+5-5
Original file line numberDiff line numberDiff line change
@@ -7,13 +7,13 @@
77

88
<ItemGroup>
99
<PackageReference Include="coverlet.msbuild" Version="6.0.0" />
10-
<PackageReference Include="FakeItEasy" Version="8.0.0" />
10+
<PackageReference Include="FakeItEasy" Version="8.1.0" />
1111
<PackageReference Include="FluentAssertions" Version="6.12.0" />
12-
<PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" Version="8.0.0" />
12+
<PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" Version="8.0.1" />
1313
<PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.8.0" />
14-
<PackageReference Include="Verify.Xunit" Version="22.8.0" />
15-
<PackageReference Include="xunit" Version="2.6.2" />
16-
<PackageReference Include="xunit.runner.visualstudio" Version="2.5.4">
14+
<PackageReference Include="Verify.Xunit" Version="22.11.5" />
15+
<PackageReference Include="xunit" Version="2.6.5" />
16+
<PackageReference Include="xunit.runner.visualstudio" Version="2.5.6">
1717
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
1818
<PrivateAssets>all</PrivateAssets>
1919
</PackageReference>

‎src/FhirPseudonymizer.Tests/IntegrationTests.cs

+2-2
Original file line numberDiff line numberDiff line change
@@ -228,7 +228,7 @@ public async Task PostDeIdentify_WithCryptoHashKeySetViaAppSettingsConfig_Should
228228
var parameters = new Parameters().Add("resource", input);
229229
var response = await fhirClient.WholeSystemOperationAsync("de-identify", parameters);
230230

231-
await Verify(response.ToJson(new() { Pretty = true }), "fhir.json")
231+
await Verify(response.ToJson(new() { Pretty = true }), "json")
232232
.UseDirectory("Snapshots");
233233
}
234234

@@ -271,7 +271,7 @@ public async Task PostDeIdentify_WithShouldAddSecurityTagSetToFalse_ShouldNotAdd
271271
var parameters = new Parameters().Add("resource", input);
272272
var response = await fhirClient.WholeSystemOperationAsync("de-identify", parameters);
273273

274-
await Verify(response.ToJson(new() { Pretty = true }), "fhir.json")
274+
await Verify(response.ToJson(new() { Pretty = true }), "json")
275275
.UseDirectory("Snapshots");
276276
}
277277
}

‎src/FhirPseudonymizer.Tests/SnapshotTests.cs

+1-1
Original file line numberDiff line numberDiff line change
@@ -63,6 +63,6 @@ string resourcePath
6363
$"{Path.GetFileNameWithoutExtension(anonymizationConfigFilePath)}-{Path.GetFileNameWithoutExtension(resourcePath)}"
6464
);
6565

66-
await Verify(json, "fhir.json", settings);
66+
await Verify(json, "json", settings);
6767
}
6868
}

‎src/FhirPseudonymizer/FhirPseudonymizer.csproj

+17-17
Original file line numberDiff line numberDiff line change
@@ -7,35 +7,35 @@
77
</PropertyGroup>
88

99
<ItemGroup>
10-
<PackageReference Include="Duende.AccessTokenManagement" Version="2.0.3" />
10+
<PackageReference Include="Duende.AccessTokenManagement" Version="2.1.0" />
1111
<PackageReference Include="AspNetCore.Authentication.ApiKey" Version="8.0.0" />
1212
<PackageReference Include="FhirParametersGenerator" Version="0.5.0" />
13-
<PackageReference Include="Google.Protobuf" Version="3.25.1" />
14-
<PackageReference Include="Grpc.Net.Client" Version="2.59.0" />
15-
<PackageReference Include="Grpc.Net.ClientFactory" Version="2.59.0" />
16-
<PackageReference Include="Grpc.Tools" Version="2.59.0">
13+
<PackageReference Include="Google.Protobuf" Version="3.25.2" />
14+
<PackageReference Include="Grpc.Net.Client" Version="2.60.0" />
15+
<PackageReference Include="Grpc.Net.ClientFactory" Version="2.60.0" />
16+
<PackageReference Include="Grpc.Tools" Version="2.60.0">
1717
<PrivateAssets>all</PrivateAssets>
1818
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
1919
</PackageReference>
20-
<PackageReference Include="Hl7.Fhir.R4" Version="5.4.0" />
21-
<PackageReference Include="Hl7.Fhir.Base" Version="5.4.0" />
22-
<PackageReference Include="prometheus-net.AspNetCore" Version="8.2.0" />
23-
<PackageReference Include="prometheus-net" Version="8.2.0" />
24-
<PackageReference Include="prometheus-net.AspNetCore.Grpc" Version="8.2.0" />
25-
<PackageReference Include="prometheus-net.AspNetCore.HealthChecks" Version="8.2.0" />
20+
<PackageReference Include="Hl7.Fhir.R4" Version="5.5.0" />
21+
<PackageReference Include="Hl7.Fhir.Base" Version="5.5.0" />
22+
<PackageReference Include="prometheus-net.AspNetCore" Version="8.2.1" />
23+
<PackageReference Include="prometheus-net" Version="8.2.1" />
24+
<PackageReference Include="prometheus-net.AspNetCore.Grpc" Version="8.2.1" />
25+
<PackageReference Include="prometheus-net.AspNetCore.HealthChecks" Version="8.2.1" />
2626
<PackageReference Include="Semver" Version="3.0.0-beta.1" />
2727
<PackageReference Include="Swashbuckle.AspNetCore" Version="6.5.0" />
28-
<PackageReference Include="Microsoft.Extensions.Http.Polly" Version="8.0.0" />
28+
<PackageReference Include="Microsoft.Extensions.Http.Polly" Version="8.0.1" />
2929
<PackageReference Include="Ensure.That" Version="10.1.0" />
3030
<PackageReference Include="MathNet.Numerics" Version="5.0.0" />
3131
<PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
32-
<PackageReference Include="OpenTelemetry" Version="1.6.0" />
32+
<PackageReference Include="OpenTelemetry" Version="1.7.0" />
3333
<PackageReference Include="OpenTelemetry.Exporter.Jaeger" Version="1.5.1" />
34-
<PackageReference Include="OpenTelemetry.Exporter.OpenTelemetryProtocol" Version="1.6.0" />
35-
<PackageReference Include="OpenTelemetry.Extensions.Hosting" Version="1.6.0" />
34+
<PackageReference Include="OpenTelemetry.Exporter.OpenTelemetryProtocol" Version="1.7.0" />
35+
<PackageReference Include="OpenTelemetry.Extensions.Hosting" Version="1.7.0" />
3636
<PackageReference Include="OpenTelemetry.Instrumentation.GrpcNetClient" Version="1.6.0-beta.3" />
37-
<PackageReference Include="OpenTelemetry.Instrumentation.Http" Version="1.6.0-rc.1" />
38-
<PackageReference Include="OpenTelemetry.Instrumentation.AspNetCore" Version="1.6.0-rc.1" />
37+
<PackageReference Include="OpenTelemetry.Instrumentation.Http" Version="1.7.0" />
38+
<PackageReference Include="OpenTelemetry.Instrumentation.AspNetCore" Version="1.7.0" />
3939
<PackageReference Include="YamlDotNet" Version="13.7.1" />
4040
</ItemGroup>
4141

‎src/FhirPseudonymizer/packages.lock.json

+134-128
Large diffs are not rendered by default.

0 commit comments

Comments
 (0)
Please sign in to comment.