sonarqube-10/10.6.0.92116-r0: fix GHSA-xfrj-6vvc-3xm2/GHSA-gvpg-vgmx-…

…xg6w/GHSA-8xfc-gm6g-vgpv/GHSA-5jpm-x58v-624v/GHSA-v435-xc8x-wvr9/GHSA-4q22-422g-m4pj/GHSA-493p-pfq6-5258/GHSA-3f7h-mf4q-vrm4/
wolfi-dev · Sep 20, 2024 · c8cdddb · c8cdddb
1 parent 0cc3a54
commit c8cdddb
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 1 deletion.
diff --git a/sonarqube-10.yaml b/sonarqube-10.yaml
@@ -1,7 +1,7 @@
 package:
   name: sonarqube-10
   version: 10.6.0.92116
-  epoch: 0
+  epoch: 1
   description: SonarQube is an open source platform for continuous inspection of code quality
   copyright:
     - license: LGPL-3.0-or-later
@@ -40,6 +40,8 @@ pipeline:
       tag: ${{package.version}}
       expected-commit: 37e0ed33d0d419ec8f366490f64a427e24827886
 
+  - uses: maven/pombump
+
   - name: build
     runs: |
       ./gradlew build -x test -DbuildNumber=${{vars.build-number}} # skipping tests as some tests fail, seemingly due to filesystem particularities

diff --git a/sonarqube-10/pombump-deps.yaml b/sonarqube-10/pombump-deps.yaml
@@ -0,0 +1,25 @@
+patches:
+    - groupId: com.fasterxml.woodstox
+      artifactId: woodstox-core
+      version: 5.4.0
+    - groupId: net.minidev
+      artifactId: json-smart
+      version: 2.4.9
+    - groupId: org.elasticsearch
+      artifactId: elasticsearch
+      version: 8.14.0
+    - groupId: org.bouncycastle
+      artifactId: bcprov-jdk18on
+      version: "1.78"
+    - groupId: io.netty
+      artifactId: netty-codec-http
+      version: 4.1.108.Final
+    - groupId: org.bouncycastle
+      artifactId: bc-fips
+      version: 1.0.2.5
+    - groupId: com.nimbusds
+      artifactId: nimbus-jose-jwt
+      version: 9.37.2
+    - groupId: org.apache.santuario
+      artifactId: xmlsec
+      version: 2.2.6