Update to version v3.2.9 (#196)

aws-solutions · Jun 26, 2024 · fd40986 · fd40986
1 parent 07149e2
commit fd40986
Show file tree

Hide file tree

Showing 26 changed files with 1,967 additions and 398 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,16 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [3.2.9] - 2024-06-21
+
+### Updated
+
+- Updated braces from 3.0.2 to 3.0.3 to mitigate security vulnerability [CVE-2024-4068](https://avd.aquasec.com/nvd/2024/cve-2024-4068)
+- Updated ejs from 3.1.9 to 3.1.10 to mitigate security vulnerability [CVE-2024-33883](https://avd.aquasec.com/nvd/2024/cve-2024-33883)
+- Updated ws from 7.5.9 to 7.5.10 to mitigate security vulnerability [CVE-2024-37890](https://github.com/advisories/GHSA-3h5v-q93c-6h6q)
+- Updated json-path from 2.7.0 to 2.9.0 to mitigate security vulnerability [CVE-2023-51074](https://nvd.nist.gov/vuln/detail/CVE-2023-51074)
+- Updated taurus from 1.16.29 to 1.16.31
+
 ## [3.2.8] - 2024-04-15
 
 ### Updated

diff --git a/VERSION.txt b/VERSION.txt
@@ -1 +1 @@
-3.2.8
+3.2.9
diff --git a/deployment/ecr/distributed-load-testing-on-aws-load-tester/Dockerfile b/deployment/ecr/distributed-load-testing-on-aws-load-tester/Dockerfile
@@ -1,4 +1,4 @@
-FROM blazemeter/taurus:1.16.29
+FROM blazemeter/taurus:1.16.31
 # taurus includes python and pip
 RUN /usr/bin/python3 -m pip install --upgrade pip
 RUN pip install --no-cache-dir awscli
@@ -41,10 +41,8 @@ RUN pip install cryptography==42.0.5
 RUN rm -rf /root/.bzt/python-packages/3.10.12/cryptography*
 RUN cp -r /usr/local/lib/python3.10/dist-packages/cryptography* /root/.bzt/python-packages/3.10.12/
 
-# Replacing Pillow with more stable version resolve CVE-2023-50447	
-RUN rm -rf /root/.local/lib/python3.10/site-packages/Pillow*
-RUN pip install pillow==10.3.0 
-RUN cp -r /usr/local/lib/python3.10/dist-packages/pillow* /root/.local/lib/python3.10/site-packages/
+# Removing dotnet dependencies as NUnit and Xunit is not supported in DLT
+RUN rm -rf /usr/share/dotnet
 
 # Replacing aiohttp with more stable version to resolve CVE-2024-23334
 RUN rm -rf /usr/local/lib/python3.10/dist-packages/aiohttp* 

diff --git a/deployment/ecr/distributed-load-testing-on-aws-load-tester/jar_updater.py b/deployment/ecr/distributed-load-testing-on-aws-load-tester/jar_updater.py
@@ -18,6 +18,7 @@
     * lets-plot-batik v2.2.1 will be replaced with 4.2.0
     * commons-net v3.8.0 will be replaced with v3.9.0
     * tika-core v1.28.3 will be replaced with v2.9.2
+    * json-path v2.7.0 will be replaced with v2.9.0
 
 Also jmeter plugins manager will be updated to v1.10 to address CVEs and cmdrunner will be updated to v2.3 to accomodate with plugins manager.
 """
@@ -34,7 +35,7 @@
     "lets-plot-batik":  "org/jetbrains/lets-plot/lets-plot-batik/4.2.0/lets-plot-batik-4.2.0.jar",
     "commons-net": "commons-net/commons-net/3.9.0/commons-net-3.9.0.jar",
     "tika-core": "org/apache/tika/tika-core/2.9.2/tika-core-2.9.2.jar",
-
+    "json-path": "com/jayway/jsonpath/json-path/2.9.0/json-path-2.9.0.jar"
 }
 JMETER_VERSION = "5.5"
 JMETER_PLUGINS_MANAGER_VERSION = "1.10"

diff --git a/source/api-services/package-lock.json b/source/api-services/package-lock.json
diff --git a/source/api-services/package.json b/source/api-services/package.json
@@ -1,6 +1,6 @@
 {
   "name": "api-services",
-  "version": "3.2.8",
+  "version": "3.2.9",
   "description": "REST API micro services",
   "repository": {
     "type": "git",