From 80e6415d59eca38e43766994e8c6eac1c898e677 Mon Sep 17 00:00:00 2001 From: Ruairidh MacLeod Date: Wed, 20 Nov 2024 13:31:40 +0000 Subject: [PATCH 1/8] add dotnet-sdk to dependabot config --- .github/dependabot.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index e45d8a518..afaea1c55 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -20,3 +20,9 @@ updates: interval: weekly reviewers: - SMI/reviewers + - package-ecosystem: "dotnet-sdk" + directory: "/" + schedule: + interval: weekly + reviewers: + - SMI/reviewers From d55467f4bbd88a599988eb02f2c5257358aa13ba Mon Sep 17 00:00:00 2001 From: Ruairidh MacLeod Date: Wed, 20 Nov 2024 13:33:06 +0000 Subject: [PATCH 2/8] Create 2007-meta.md --- news/2007-meta.md | 1 + 1 file changed, 1 insertion(+) create mode 100644 news/2007-meta.md diff --git a/news/2007-meta.md b/news/2007-meta.md new file mode 100644 index 000000000..711a48967 --- /dev/null +++ b/news/2007-meta.md @@ -0,0 +1 @@ +Enable Dependabot updates for dotnet-sdk From b6a899268b4a4625d4e726415faaab917300da31 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 20 Nov 2024 13:46:23 +0000 Subject: [PATCH 3/8] Bump codecov/codecov-action from 5.0.2 to 5.0.4 Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 5.0.2 to 5.0.4. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/v5.0.2...v5.0.4) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 8640b7790..3468fa3dd 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -101,7 +101,7 @@ jobs: "$cov" - name: upload coverage to codecov if: ${{ matrix.os == 'linux' }} - uses: codecov/codecov-action@v5.0.2 + uses: codecov/codecov-action@v5.0.4 with: token: ${{ secrets.CODECOV_TOKEN }} directory: coverage/ From 41a680a1cbaf9770e469f2fd5cbfe399878c186b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 20 Nov 2024 13:46:26 +0000 Subject: [PATCH 4/8] Bump com.rabbitmq:amqp-client Bumps [com.rabbitmq:amqp-client](https://github.com/rabbitmq/rabbitmq-java-client) from 5.22.0 to 5.23.0. - [Release notes](https://github.com/rabbitmq/rabbitmq-java-client/releases) - [Commits](https://github.com/rabbitmq/rabbitmq-java-client/compare/v5.22.0...v5.23.0) --- updated-dependencies: - dependency-name: com.rabbitmq:amqp-client dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- src/common/com.smi.microservices.parent/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/common/com.smi.microservices.parent/pom.xml b/src/common/com.smi.microservices.parent/pom.xml index 1cb155dac..3cd1a1e3d 100644 --- a/src/common/com.smi.microservices.parent/pom.xml +++ b/src/common/com.smi.microservices.parent/pom.xml @@ -153,7 +153,7 @@ com.rabbitmq amqp-client - 5.22.0 + 5.23.0 From 7e143bb03685f072aa774acb91ae9be87fe94e53 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 20 Nov 2024 13:47:53 +0000 Subject: [PATCH 5/8] Bump Microsoft.CodeCoverage from 17.11.1 to 17.12.0 Bumps [Microsoft.CodeCoverage](https://github.com/microsoft/vstest) from 17.11.1 to 17.12.0. - [Release notes](https://github.com/microsoft/vstest/releases) - [Changelog](https://github.com/microsoft/vstest/blob/main/docs/releases.md) - [Commits](https://github.com/microsoft/vstest/compare/v17.11.1...v17.12.0) --- updated-dependencies: - dependency-name: Microsoft.CodeCoverage dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- Directory.Packages.props | 2 +- tests/SmiServices.IntegrationTests/packages.lock.json | 8 ++++---- tests/SmiServices.UnitTests/packages.lock.json | 6 +++--- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/Directory.Packages.props b/Directory.Packages.props index fa002c320..3dddfe182 100644 --- a/Directory.Packages.props +++ b/Directory.Packages.props @@ -33,7 +33,7 @@ - + diff --git a/tests/SmiServices.IntegrationTests/packages.lock.json b/tests/SmiServices.IntegrationTests/packages.lock.json index 947d28907..71e46822d 100644 --- a/tests/SmiServices.IntegrationTests/packages.lock.json +++ b/tests/SmiServices.IntegrationTests/packages.lock.json @@ -28,9 +28,9 @@ }, "Microsoft.CodeCoverage": { "type": "Direct", - "requested": "[17.11.1, )", - "resolved": "17.11.1", - "contentHash": "nPJqrcA5iX+Y0kqoT3a+pD/8lrW/V7ayqnEJQsTonSoPz59J8bmoQhcSN4G8+UJ64Hkuf0zuxnfuj2lkHOq4cA==" + "requested": "[17.12.0, )", + "resolved": "17.12.0", + "contentHash": "4svMznBd5JM21JIG2xZKGNanAHNXplxf/kQDFfLHXQ3OnpJkayRK/TjacFjA+EYmoyuNXHo/sOETEfcYtAzIrA==" }, "Microsoft.NET.Test.Sdk": { "type": "Direct", @@ -913,7 +913,7 @@ "dependencies": { "HIC.BadMedicine.Dicom": "[0.1.1, )", "HIC.RDMP.Plugin.Test": "[8.3.0, )", - "Microsoft.CodeCoverage": "[17.11.1, )", + "Microsoft.CodeCoverage": "[17.12.0, )", "Microsoft.NET.Test.Sdk": "[17.11.1, )", "Moq": "[4.20.72, )", "NLog": "[5.3.4, )", diff --git a/tests/SmiServices.UnitTests/packages.lock.json b/tests/SmiServices.UnitTests/packages.lock.json index 4acdd0416..5286d0a4b 100644 --- a/tests/SmiServices.UnitTests/packages.lock.json +++ b/tests/SmiServices.UnitTests/packages.lock.json @@ -28,9 +28,9 @@ }, "Microsoft.CodeCoverage": { "type": "Direct", - "requested": "[17.11.1, )", - "resolved": "17.11.1", - "contentHash": "nPJqrcA5iX+Y0kqoT3a+pD/8lrW/V7ayqnEJQsTonSoPz59J8bmoQhcSN4G8+UJ64Hkuf0zuxnfuj2lkHOq4cA==" + "requested": "[17.12.0, )", + "resolved": "17.12.0", + "contentHash": "4svMznBd5JM21JIG2xZKGNanAHNXplxf/kQDFfLHXQ3OnpJkayRK/TjacFjA+EYmoyuNXHo/sOETEfcYtAzIrA==" }, "Microsoft.NET.Test.Sdk": { "type": "Direct", From 81eb91a41af7c0a7fa048322d46ef2e1687eacec Mon Sep 17 00:00:00 2001 From: Ruairidh MacLeod Date: Wed, 20 Nov 2024 14:23:18 +0000 Subject: [PATCH 6/8] add dependency on System.Private.Uri to resolve CVE This was surfaced when attempting to upgrade to .NET 9 SDK. See https://github.com/dotnet/announcements/issues/113 --- Directory.Packages.props | 1 + src/SmiServices/SmiServices.csproj | 1 + src/SmiServices/packages.lock.json | 69 +++++++++--------- .../packages.lock.json | 70 ++++++++++--------- .../SmiServices.UnitTests/packages.lock.json | 70 ++++++++++--------- 5 files changed, 112 insertions(+), 99 deletions(-) diff --git a/Directory.Packages.props b/Directory.Packages.props index 3dddfe182..c88a0bf65 100644 --- a/Directory.Packages.props +++ b/Directory.Packages.props @@ -28,6 +28,7 @@ + diff --git a/src/SmiServices/SmiServices.csproj b/src/SmiServices/SmiServices.csproj index 83bc82d52..90a27eccb 100644 --- a/src/SmiServices/SmiServices.csproj +++ b/src/SmiServices/SmiServices.csproj @@ -25,6 +25,7 @@ + diff --git a/src/SmiServices/packages.lock.json b/src/SmiServices/packages.lock.json index 53c4e2e87..93e9bf137 100644 --- a/src/SmiServices/packages.lock.json +++ b/src/SmiServices/packages.lock.json @@ -217,6 +217,16 @@ "TestableIO.System.IO.Abstractions.Wrappers": "21.1.3" } }, + "System.Private.Uri": { + "type": "Direct", + "requested": "[4.3.2, )", + "resolved": "4.3.2", + "contentHash": "o1+7RJnu3Ik3PazR7Z7tJhjPdE000Eq2KGLLWhqJJKXj04wrS8lwb1OFtDF9jzXXADhUuZNJZlPc98uwwqmpFA==", + "dependencies": { + "Microsoft.NETCore.Platforms": "1.1.1", + "Microsoft.NETCore.Targets": "1.1.3" + } + }, "YamlDotNet": { "type": "Direct", "requested": "[16.2.0, )", @@ -569,13 +579,13 @@ }, "Microsoft.NETCore.Platforms": { "type": "Transitive", - "resolved": "1.1.0", - "contentHash": "kz0PEW2lhqygehI/d6XsPCQzD7ff7gUJaVGPVETX611eadGsA3A877GdSlU0LRVMCTH/+P3o2iDTak+S08V2+A==" + "resolved": "1.1.1", + "contentHash": "TMBuzAHpTenGbGgk0SMTwyEkyijY/Eae4ZGsFNYJvAr/LDn1ku3Etp3FPxChmDp5HHF3kzJuoaa08N0xjqAJfQ==" }, "Microsoft.NETCore.Targets": { "type": "Transitive", - "resolved": "1.1.0", - "contentHash": "aOZA3BWfz9RXjpzt0sRJJMjAscAUm3Hoa4UWAfceV9UTYxgwZ1lZt5nO2myFf+/jetYQo4uTP7zS8sJY67BBxg==" + "resolved": "1.1.3", + "contentHash": "3Wrmi0kJDzClwAC+iBdUBpEKmEle8FQNsCs77fkiOIw/9oYA07bL1EZNX0kQ2OMN3xpwvl0vAtOCYY3ndDNlhQ==" }, "Microsoft.SqlServer.Server": { "type": "Transitive", @@ -1037,6 +1047,17 @@ } }, "net8.0/linux-x64": { + "System.Private.Uri": { + "type": "Direct", + "requested": "[4.3.2, )", + "resolved": "4.3.2", + "contentHash": "o1+7RJnu3Ik3PazR7Z7tJhjPdE000Eq2KGLLWhqJJKXj04wrS8lwb1OFtDF9jzXXADhUuZNJZlPc98uwwqmpFA==", + "dependencies": { + "Microsoft.NETCore.Platforms": "1.1.1", + "Microsoft.NETCore.Targets": "1.1.3", + "runtime.unix.System.Private.Uri": "4.3.0" + } + }, "Magick.NET-Q16-AnyCPU": { "type": "Transitive", "resolved": "13.9.1", @@ -1336,16 +1357,6 @@ "System.CodeDom": "8.0.0" } }, - "System.Private.Uri": { - "type": "Transitive", - "resolved": "4.3.0", - "contentHash": "I4SwANiUGho1esj4V4oSlPllXjzCZDE+5XXso2P03LW2vOda2Enzh8DWOxwN6hnrJyp314c7KuVu31QYhRzOGg==", - "dependencies": { - "Microsoft.NETCore.Platforms": "1.1.0", - "Microsoft.NETCore.Targets": "1.1.0", - "runtime.unix.System.Private.Uri": "4.3.0" - } - }, "System.Reflection": { "type": "Transitive", "resolved": "4.3.0", @@ -1535,6 +1546,17 @@ } }, "net8.0/osx-arm64": { + "System.Private.Uri": { + "type": "Direct", + "requested": "[4.3.2, )", + "resolved": "4.3.2", + "contentHash": "o1+7RJnu3Ik3PazR7Z7tJhjPdE000Eq2KGLLWhqJJKXj04wrS8lwb1OFtDF9jzXXADhUuZNJZlPc98uwwqmpFA==", + "dependencies": { + "Microsoft.NETCore.Platforms": "1.1.1", + "Microsoft.NETCore.Targets": "1.1.3", + "runtime.unix.System.Private.Uri": "4.3.0" + } + }, "Magick.NET-Q16-AnyCPU": { "type": "Transitive", "resolved": "13.9.1", @@ -1834,16 +1856,6 @@ "System.CodeDom": "8.0.0" } }, - "System.Private.Uri": { - "type": "Transitive", - "resolved": "4.3.0", - "contentHash": "I4SwANiUGho1esj4V4oSlPllXjzCZDE+5XXso2P03LW2vOda2Enzh8DWOxwN6hnrJyp314c7KuVu31QYhRzOGg==", - "dependencies": { - "Microsoft.NETCore.Platforms": "1.1.0", - "Microsoft.NETCore.Targets": "1.1.0", - "runtime.unix.System.Private.Uri": "4.3.0" - } - }, "System.Reflection": { "type": "Transitive", "resolved": "4.3.0", @@ -2243,15 +2255,6 @@ "System.CodeDom": "8.0.0" } }, - "System.Private.Uri": { - "type": "Transitive", - "resolved": "4.3.0", - "contentHash": "I4SwANiUGho1esj4V4oSlPllXjzCZDE+5XXso2P03LW2vOda2Enzh8DWOxwN6hnrJyp314c7KuVu31QYhRzOGg==", - "dependencies": { - "Microsoft.NETCore.Platforms": "1.1.0", - "Microsoft.NETCore.Targets": "1.1.0" - } - }, "System.Reflection": { "type": "Transitive", "resolved": "4.3.0", diff --git a/tests/SmiServices.IntegrationTests/packages.lock.json b/tests/SmiServices.IntegrationTests/packages.lock.json index 71e46822d..616ed3a42 100644 --- a/tests/SmiServices.IntegrationTests/packages.lock.json +++ b/tests/SmiServices.IntegrationTests/packages.lock.json @@ -444,13 +444,13 @@ }, "Microsoft.NETCore.Platforms": { "type": "Transitive", - "resolved": "1.1.0", - "contentHash": "kz0PEW2lhqygehI/d6XsPCQzD7ff7gUJaVGPVETX611eadGsA3A877GdSlU0LRVMCTH/+P3o2iDTak+S08V2+A==" + "resolved": "1.1.1", + "contentHash": "TMBuzAHpTenGbGgk0SMTwyEkyijY/Eae4ZGsFNYJvAr/LDn1ku3Etp3FPxChmDp5HHF3kzJuoaa08N0xjqAJfQ==" }, "Microsoft.NETCore.Targets": { "type": "Transitive", - "resolved": "1.1.0", - "contentHash": "aOZA3BWfz9RXjpzt0sRJJMjAscAUm3Hoa4UWAfceV9UTYxgwZ1lZt5nO2myFf+/jetYQo4uTP7zS8sJY67BBxg==" + "resolved": "1.1.3", + "contentHash": "3Wrmi0kJDzClwAC+iBdUBpEKmEle8FQNsCs77fkiOIw/9oYA07bL1EZNX0kQ2OMN3xpwvl0vAtOCYY3ndDNlhQ==" }, "Microsoft.SqlServer.Server": { "type": "Transitive", @@ -905,6 +905,7 @@ "RabbitMQ.Client": "[6.8.1, )", "StackExchange.Redis": "[2.8.16, )", "System.IO.Abstractions": "[21.1.3, )", + "System.Private.Uri": "[4.3.2, )", "YamlDotNet": "[16.2.0, )" } }, @@ -1183,6 +1184,16 @@ "System.Threading.Tasks": "4.3.0" } }, + "System.Private.Uri": { + "type": "CentralTransitive", + "requested": "[4.3.2, )", + "resolved": "4.3.2", + "contentHash": "o1+7RJnu3Ik3PazR7Z7tJhjPdE000Eq2KGLLWhqJJKXj04wrS8lwb1OFtDF9jzXXADhUuZNJZlPc98uwwqmpFA==", + "dependencies": { + "Microsoft.NETCore.Platforms": "1.1.1", + "Microsoft.NETCore.Targets": "1.1.3" + } + }, "Terminal.Gui": { "type": "CentralTransitive", "requested": "[1.17.1, )", @@ -1500,16 +1511,6 @@ "System.CodeDom": "8.0.0" } }, - "System.Private.Uri": { - "type": "Transitive", - "resolved": "4.3.0", - "contentHash": "I4SwANiUGho1esj4V4oSlPllXjzCZDE+5XXso2P03LW2vOda2Enzh8DWOxwN6hnrJyp314c7KuVu31QYhRzOGg==", - "dependencies": { - "Microsoft.NETCore.Platforms": "1.1.0", - "Microsoft.NETCore.Targets": "1.1.0", - "runtime.unix.System.Private.Uri": "4.3.0" - } - }, "System.Reflection": { "type": "Transitive", "resolved": "4.3.0", @@ -1696,6 +1697,17 @@ "System.Threading.Tasks": "4.3.0", "runtime.unix.System.IO.FileSystem": "4.3.0" } + }, + "System.Private.Uri": { + "type": "CentralTransitive", + "requested": "[4.3.2, )", + "resolved": "4.3.2", + "contentHash": "o1+7RJnu3Ik3PazR7Z7tJhjPdE000Eq2KGLLWhqJJKXj04wrS8lwb1OFtDF9jzXXADhUuZNJZlPc98uwwqmpFA==", + "dependencies": { + "Microsoft.NETCore.Platforms": "1.1.1", + "Microsoft.NETCore.Targets": "1.1.3", + "runtime.unix.System.Private.Uri": "4.3.0" + } } }, "net8.0/osx-arm64": { @@ -1998,16 +2010,6 @@ "System.CodeDom": "8.0.0" } }, - "System.Private.Uri": { - "type": "Transitive", - "resolved": "4.3.0", - "contentHash": "I4SwANiUGho1esj4V4oSlPllXjzCZDE+5XXso2P03LW2vOda2Enzh8DWOxwN6hnrJyp314c7KuVu31QYhRzOGg==", - "dependencies": { - "Microsoft.NETCore.Platforms": "1.1.0", - "Microsoft.NETCore.Targets": "1.1.0", - "runtime.unix.System.Private.Uri": "4.3.0" - } - }, "System.Reflection": { "type": "Transitive", "resolved": "4.3.0", @@ -2194,6 +2196,17 @@ "System.Threading.Tasks": "4.3.0", "runtime.unix.System.IO.FileSystem": "4.3.0" } + }, + "System.Private.Uri": { + "type": "CentralTransitive", + "requested": "[4.3.2, )", + "resolved": "4.3.2", + "contentHash": "o1+7RJnu3Ik3PazR7Z7tJhjPdE000Eq2KGLLWhqJJKXj04wrS8lwb1OFtDF9jzXXADhUuZNJZlPc98uwwqmpFA==", + "dependencies": { + "Microsoft.NETCore.Platforms": "1.1.1", + "Microsoft.NETCore.Targets": "1.1.3", + "runtime.unix.System.Private.Uri": "4.3.0" + } } }, "net8.0/win-x64": { @@ -2407,15 +2420,6 @@ "System.CodeDom": "8.0.0" } }, - "System.Private.Uri": { - "type": "Transitive", - "resolved": "4.3.0", - "contentHash": "I4SwANiUGho1esj4V4oSlPllXjzCZDE+5XXso2P03LW2vOda2Enzh8DWOxwN6hnrJyp314c7KuVu31QYhRzOGg==", - "dependencies": { - "Microsoft.NETCore.Platforms": "1.1.0", - "Microsoft.NETCore.Targets": "1.1.0" - } - }, "System.Reflection": { "type": "Transitive", "resolved": "4.3.0", diff --git a/tests/SmiServices.UnitTests/packages.lock.json b/tests/SmiServices.UnitTests/packages.lock.json index 5286d0a4b..e7a1d0780 100644 --- a/tests/SmiServices.UnitTests/packages.lock.json +++ b/tests/SmiServices.UnitTests/packages.lock.json @@ -444,13 +444,13 @@ }, "Microsoft.NETCore.Platforms": { "type": "Transitive", - "resolved": "1.1.0", - "contentHash": "kz0PEW2lhqygehI/d6XsPCQzD7ff7gUJaVGPVETX611eadGsA3A877GdSlU0LRVMCTH/+P3o2iDTak+S08V2+A==" + "resolved": "1.1.1", + "contentHash": "TMBuzAHpTenGbGgk0SMTwyEkyijY/Eae4ZGsFNYJvAr/LDn1ku3Etp3FPxChmDp5HHF3kzJuoaa08N0xjqAJfQ==" }, "Microsoft.NETCore.Targets": { "type": "Transitive", - "resolved": "1.1.0", - "contentHash": "aOZA3BWfz9RXjpzt0sRJJMjAscAUm3Hoa4UWAfceV9UTYxgwZ1lZt5nO2myFf+/jetYQo4uTP7zS8sJY67BBxg==" + "resolved": "1.1.3", + "contentHash": "3Wrmi0kJDzClwAC+iBdUBpEKmEle8FQNsCs77fkiOIw/9oYA07bL1EZNX0kQ2OMN3xpwvl0vAtOCYY3ndDNlhQ==" }, "Microsoft.SqlServer.Server": { "type": "Transitive", @@ -905,6 +905,7 @@ "RabbitMQ.Client": "[6.8.1, )", "StackExchange.Redis": "[2.8.16, )", "System.IO.Abstractions": "[21.1.3, )", + "System.Private.Uri": "[4.3.2, )", "YamlDotNet": "[16.2.0, )" } }, @@ -1168,6 +1169,16 @@ "System.Threading.Tasks": "4.3.0" } }, + "System.Private.Uri": { + "type": "CentralTransitive", + "requested": "[4.3.2, )", + "resolved": "4.3.2", + "contentHash": "o1+7RJnu3Ik3PazR7Z7tJhjPdE000Eq2KGLLWhqJJKXj04wrS8lwb1OFtDF9jzXXADhUuZNJZlPc98uwwqmpFA==", + "dependencies": { + "Microsoft.NETCore.Platforms": "1.1.1", + "Microsoft.NETCore.Targets": "1.1.3" + } + }, "Terminal.Gui": { "type": "CentralTransitive", "requested": "[1.17.1, )", @@ -1485,16 +1496,6 @@ "System.CodeDom": "8.0.0" } }, - "System.Private.Uri": { - "type": "Transitive", - "resolved": "4.3.0", - "contentHash": "I4SwANiUGho1esj4V4oSlPllXjzCZDE+5XXso2P03LW2vOda2Enzh8DWOxwN6hnrJyp314c7KuVu31QYhRzOGg==", - "dependencies": { - "Microsoft.NETCore.Platforms": "1.1.0", - "Microsoft.NETCore.Targets": "1.1.0", - "runtime.unix.System.Private.Uri": "4.3.0" - } - }, "System.Reflection": { "type": "Transitive", "resolved": "4.3.0", @@ -1681,6 +1682,17 @@ "System.Threading.Tasks": "4.3.0", "runtime.unix.System.IO.FileSystem": "4.3.0" } + }, + "System.Private.Uri": { + "type": "CentralTransitive", + "requested": "[4.3.2, )", + "resolved": "4.3.2", + "contentHash": "o1+7RJnu3Ik3PazR7Z7tJhjPdE000Eq2KGLLWhqJJKXj04wrS8lwb1OFtDF9jzXXADhUuZNJZlPc98uwwqmpFA==", + "dependencies": { + "Microsoft.NETCore.Platforms": "1.1.1", + "Microsoft.NETCore.Targets": "1.1.3", + "runtime.unix.System.Private.Uri": "4.3.0" + } } }, "net8.0/osx-arm64": { @@ -1983,16 +1995,6 @@ "System.CodeDom": "8.0.0" } }, - "System.Private.Uri": { - "type": "Transitive", - "resolved": "4.3.0", - "contentHash": "I4SwANiUGho1esj4V4oSlPllXjzCZDE+5XXso2P03LW2vOda2Enzh8DWOxwN6hnrJyp314c7KuVu31QYhRzOGg==", - "dependencies": { - "Microsoft.NETCore.Platforms": "1.1.0", - "Microsoft.NETCore.Targets": "1.1.0", - "runtime.unix.System.Private.Uri": "4.3.0" - } - }, "System.Reflection": { "type": "Transitive", "resolved": "4.3.0", @@ -2179,6 +2181,17 @@ "System.Threading.Tasks": "4.3.0", "runtime.unix.System.IO.FileSystem": "4.3.0" } + }, + "System.Private.Uri": { + "type": "CentralTransitive", + "requested": "[4.3.2, )", + "resolved": "4.3.2", + "contentHash": "o1+7RJnu3Ik3PazR7Z7tJhjPdE000Eq2KGLLWhqJJKXj04wrS8lwb1OFtDF9jzXXADhUuZNJZlPc98uwwqmpFA==", + "dependencies": { + "Microsoft.NETCore.Platforms": "1.1.1", + "Microsoft.NETCore.Targets": "1.1.3", + "runtime.unix.System.Private.Uri": "4.3.0" + } } }, "net8.0/win-x64": { @@ -2392,15 +2405,6 @@ "System.CodeDom": "8.0.0" } }, - "System.Private.Uri": { - "type": "Transitive", - "resolved": "4.3.0", - "contentHash": "I4SwANiUGho1esj4V4oSlPllXjzCZDE+5XXso2P03LW2vOda2Enzh8DWOxwN6hnrJyp314c7KuVu31QYhRzOGg==", - "dependencies": { - "Microsoft.NETCore.Platforms": "1.1.0", - "Microsoft.NETCore.Targets": "1.1.0" - } - }, "System.Reflection": { "type": "Transitive", "resolved": "4.3.0", From 368ea13311d8ee2c9f814e5b9e836d3d8fdccf4b Mon Sep 17 00:00:00 2001 From: Ruairidh MacLeod Date: Wed, 20 Nov 2024 14:24:26 +0000 Subject: [PATCH 7/8] add news file --- news/2012-bugfix.md | 1 + 1 file changed, 1 insertion(+) create mode 100644 news/2012-bugfix.md diff --git a/news/2012-bugfix.md b/news/2012-bugfix.md new file mode 100644 index 000000000..3c870e658 --- /dev/null +++ b/news/2012-bugfix.md @@ -0,0 +1 @@ +Add dependency on System.Private.Uri to resolve CVE From 037fb6517d000eb271fdd18944f68b03b8f3b369 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 20 Nov 2024 14:39:42 +0000 Subject: [PATCH 8/8] Bump RabbitMQ.Client from 6.8.1 to 7.0.0 Bumps [RabbitMQ.Client](https://github.com/rabbitmq/rabbitmq-dotnet-client) from 6.8.1 to 7.0.0. - [Release notes](https://github.com/rabbitmq/rabbitmq-dotnet-client/releases) - [Changelog](https://github.com/rabbitmq/rabbitmq-dotnet-client/blob/main/CHANGELOG.md) - [Commits](https://github.com/rabbitmq/rabbitmq-dotnet-client/compare/v6.8.1...v7.0.0) --- updated-dependencies: - dependency-name: RabbitMQ.Client dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- Directory.Packages.props | 2 +- src/SmiServices/packages.lock.json | 23 ++++++++++++++--------- 2 files changed, 15 insertions(+), 10 deletions(-) diff --git a/Directory.Packages.props b/Directory.Packages.props index c88a0bf65..c3bb6b19e 100644 --- a/Directory.Packages.props +++ b/Directory.Packages.props @@ -23,7 +23,7 @@ - + diff --git a/src/SmiServices/packages.lock.json b/src/SmiServices/packages.lock.json index 93e9bf137..a6557a656 100644 --- a/src/SmiServices/packages.lock.json +++ b/src/SmiServices/packages.lock.json @@ -189,12 +189,12 @@ }, "RabbitMQ.Client": { "type": "Direct", - "requested": "[6.8.1, )", - "resolved": "6.8.1", - "contentHash": "jNsmGgmCNw2S/NzskeN2ijtGywtH4Sk/G6jWUTD5sY9SrC27Xz6BsLIiB8hdsfjeyWCa4j4GvCIGkpE8wrjU1Q==", + "requested": "[7.0.0, )", + "resolved": "7.0.0", + "contentHash": "8YJz22mOSMtkbIVuVSz2HbJwbpKwRoXQ1uqbczDUt1w1Ds8dxFs6dkV/oZ8AlTmkErZjtQelHv+oBu52ud00WA==", "dependencies": { - "System.Memory": "4.5.5", - "System.Threading.Channels": "7.0.0" + "System.IO.Pipelines": "8.0.0", + "System.Threading.RateLimiting": "8.0.0" } }, "StackExchange.Redis": { @@ -793,8 +793,8 @@ }, "System.IO.Pipelines": { "type": "Transitive", - "resolved": "5.0.1", - "contentHash": "qEePWsaq9LoEEIqhbGe6D5J8c9IqQOUuTzzV6wn1POlfdLkJliZY3OlB0j0f17uMWlqZYjH7txj+2YbyrIA8Yg==" + "resolved": "8.0.0", + "contentHash": "FHNOatmUq0sqJOkTx+UF/9YK1f180cnW5FVqnQMvYUN0elp6wFzbtPSiqbo1/ru8ICp43JM1i7kKkk6GsNGHlA==" }, "System.Linq.Async": { "type": "Transitive", @@ -943,8 +943,13 @@ }, "System.Threading.Channels": { "type": "Transitive", - "resolved": "7.0.0", - "contentHash": "qmeeYNROMsONF6ndEZcIQ+VxR4Q/TX/7uIVLJqtwIWL7dDWeh0l1UIqgo4wYyjG//5lUNhwkLDSFl+pAWO6oiA==" + "resolved": "6.0.0", + "contentHash": "TY8/9+tI0mNaUMgntOxxaq2ndTkdXqLSxvPmas7XEqOlv9lQtB7wLjYGd756lOaO7Dvb5r/WXhluM+0Xe87v5Q==" + }, + "System.Threading.RateLimiting": { + "type": "Transitive", + "resolved": "8.0.0", + "contentHash": "7mu9v0QDv66ar3DpGSZHg9NuNcxDaaAcnMULuZlaTpP9+hwXhrxNGsF5GmLkSHxFdb5bBc1TzeujsRgTrPWi+Q==" }, "System.Threading.Tasks": { "type": "Transitive",