1.5.99: Remediate log4j vulnerability

No explanation needed, really.

1.5.98: Bump anchore/scan-action from 2.0.4 to 3

Bumps anchore/scan-action from 2.0.4 to 3.

Release notes

Sourced from anchore/scan-action's releases.

v3.0.0

New in scan-action v3.0.0

• Upgrade to Grype to 0.17.0 and add tests #102 (#112) (#118)
• Improve SARIF output #114 (#115)
• Change default behavior so action fails on medium (and higher) severities (#86)
• Respect verbosity from action to call Grype (#82)

Changelog

Sourced from anchore/scan-action's changelog.

Version 2.0.0 - 2020-30-09

2.0.0 is a new major version of scan action based on the new Grype tool from Anchore. It is much faster for scanning compared to v1.x of the action and adds some new capabilities, including directory scanning as well as container image scanning, and also has more metadata about the vulnerability matches than previous versions for more transparency on the matching process.

Improvements and Changes:

• Significantly faster performance for scans
• New vulnerabilities output format is the JSON output from Grype directly
• Adds support for scanning directories as well as Docker containers, so you can do the same checks pre-and post-build of the container.
• Supports Automatic Code Scanning/SARIF for exposing results via your repository's Security tab.
• Updated the default branch from master to main

NOTE: This is a breaking change from v1.x, as indicated by the major version change. We strongly recommend using a @​v2 or specific version instead of @​main

Breaking Changes for v2:

• Inputs:
  • Changed image-reference to image (required)
  • dockerfile-path is no longer supported and not necessary for the vulnerability scans
  • custom-policy-path is no longer supported
  • include-app-packages is no longer necessary or supported. Application packages are on by default and will receive vulnerability matches.
• Outputs:
  • billofmaterials is no longer output. V2 is focused on vulnerability scanning and another action may be introduced for BoM support with its own options/config.
  • policycheck is no longer output

Commits

• ef95973 Update grype to 0.17.0 (#118)
• 3bdd19c Fix incorrect release-drafter version template (#117)
• 4c02fc1 Fix 0.16.0 SARIF output & docs #114 (#115)
• 5fd84ca Upgrade to grype 0.16.0 and add tests #102 (#112)
• 6b62906 Add prettier support (#100)
• 5cabcaa docs(tests): basic local testing docs (#99)
• 9b87c3d Bump lodash from 4.17.20 to 4.17.21
• 6f92603 github: automatically re-tag a major version release
• b4624c8 use templates instead of a mix with concatenation
• 3ebdaf7 add missing source
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

1.5.97: Update mockito-scala to 1.16.39

Updates org.mockito:mockito-scala from 1.16.37 to 1.16.39.
GitHub Release Notes - Version Diff

I'll automatically update this PR to resolve conflicts as long as you don't change it yourself.

If you'd like to skip this version, you can just close this PR. If you have any feedback, just mention me in the comments below.

Configure Scala Steward for your repository with a .scala-steward.conf file.

Have a fantastic day writing Scala!

Ignore future updates

Add this to your .scala-steward.conf file to ignore future updates of this dependency:

updates.ignore = [ { groupId = "org.mockito", artifactId = "mockito-scala" } ]

labels: test-library-update, semver-patch

1.5.96: Update scalafmt-core to 3.0.0

Updates org.scalameta:scalafmt-core from 2.7.5 to 3.0.0.
GitHub Release Notes - Version Diff

I'll automatically update this PR to resolve conflicts as long as you don't change it yourself.

If you'd like to skip this version, you can just close this PR. If you have any feedback, just mention me in the comments below.

Configure Scala Steward for your repository with a .scala-steward.conf file.

Have a fantastic day writing Scala!

Ignore future updates

Add this to your .scala-steward.conf file to ignore future updates of this dependency:

updates.ignore = [ { groupId = "org.scalameta", artifactId = "scalafmt-core" } ]

labels: library-update, semver-major

1.5.95: Baseline also needs to download dependencies correctly

v1.5.95

Releasing 1.5.95

1.5.94: Update opencc4j to 1.6.2

Updates com.github.houbb:opencc4j from 1.6.1 to 1.6.2.
Changelog

I'll automatically update this PR to resolve conflicts as long as you don't change it yourself.

If you'd like to skip this version, you can just close this PR. If you have any feedback, just mention me in the comments below.

Configure Scala Steward for your repository with a .scala-steward.conf file.

Have a fantastic day writing Scala!

Ignore future updates

Add this to your .scala-steward.conf file to ignore future updates of this dependency:

updates.ignore = [ { groupId = "com.github.houbb", artifactId = "opencc4j" } ]

labels: library-update, semver-patch

1.5.93: Update google-cloud-language to 2.0.1

Updates com.google.cloud:google-cloud-language from 1.103.2 to 2.0.1.

I'll automatically update this PR to resolve conflicts as long as you don't change it yourself.

If you'd like to skip this version, you can just close this PR. If you have any feedback, just mention me in the comments below.

Configure Scala Steward for your repository with a .scala-steward.conf file.

Have a fantastic day writing Scala!

Ignore future updates

Add this to your .scala-steward.conf file to ignore future updates of this dependency:

updates.ignore = [ { groupId = "com.google.cloud", artifactId = "google-cloud-language" } ]

labels: library-update, semver-major

1.5.92: Make sure dependencies are available for the production docker build

We fixed this in PRs but not in the actual deployment. SMH.

1.5.91: Foreignlanguagereader becomes fluentlabs

Time to rename the package

1.5.89: Rebuild base image if it has changed

Rebuild base docker image if changes have been made to that file.
Also fix EKS deployment.