#27: Upgrade dependencies (#28)

.vscode/settings.json

@@ -1,17 +1,21 @@
 {
-    "editor.formatOnSave": true,
-    "editor.codeActionsOnSave": {
-        "source.organizeImports": true,
-        "source.generate.finalModifiers": true,
-        "source.fixAll": true
-    },
-    "java.codeGeneration.useBlocks": true,
-    "java.saveActions.organizeImports": true,
-    "java.sources.organizeImports.starThreshold": 3,
-    "java.sources.organizeImports.staticStarThreshold": 3,
-    "java.test.config": {
-        "vmArgs": [
-            "-Djava.util.logging.config.file=src/test/resources/logging.properties"
-        ]
-    }
+  "editor.formatOnSave": true,
+  "editor.codeActionsOnSave": {
+    "source.organizeImports": true,
+    "source.generate.finalModifiers": true,
+    "source.fixAll": true
+  },
+  "java.codeGeneration.useBlocks": true,
+  "java.saveActions.organizeImports": true,
+  "java.sources.organizeImports.starThreshold": 3,
+  "java.sources.organizeImports.staticStarThreshold": 3,
+  "java.test.config": {
+    "vmArgs": [
+      "-Djava.util.logging.config.file=src/test/resources/logging.properties"
+    ]
+  },
+  "sonarlint.connectedMode.project": {
+    "connectionId": "exasol",
+    "projectKey": "com.exasol:ci-isolation-aws"
+  }
 }

doc/changes/changes_2.0.1.md

@@ -0,0 +1,31 @@
+# CI Isolation AWS 2.0.1, released 2023-07-03
+
+Code name: Update dependencies on top of 2.0.0
+
+## Summary
+
+This releases fixes vulnerabilities in the following dependencies:
+
+* `software.amazon.awscdk:aws-cdk-lib:jar:2.74.0` (compile dependency)
+  * CVE-2023-35165, severity CWE-266: Incorrect Privilege Assignment (6.6)
+* `io.netty:netty-handler` (test dependency)
+  * CVE-2023-34462, severity CWE-770: Allocation of Resources Without Limits or Throttling (6.5)
+
+## Security
+
+* #27: Updated dependencies
+
+## Dependency Updates
+
+### Compile Dependency Updates
+
+* Updated `software.amazon.awscdk:aws-cdk-lib:2.74.0` to `2.86.0`
+* Updated `software.constructs:constructs:10.1.310` to `10.2.67`
+
+### Test Dependency Updates
+
+* Updated `org.junit.jupiter:junit-jupiter-api:5.9.2` to `5.9.3`
+* Updated `software.amazon.awssdk:cloudformation:2.20.46` to `2.20.97`
+* Updated `software.amazon.awssdk:codebuild:2.20.46` to `2.20.97`
+* Updated `software.amazon.awssdk:iam:2.20.46` to `2.20.97`
+* Updated `software.amazon.awssdk:sts:2.20.46` to `2.20.97`

error_code_config.yml

@@ -1,5 +1,5 @@
 error-tags:
-  CI2-AWS:
+  CI2AWS:
     packages:
       - com.exasol.ciisolation.aws
     highest-index: 9

pom.xml

@@ -5,14 +5,14 @@
     <artifactId>ci-isolation-aws</artifactId>
     <name>CI Isolation AWS</name>
     <description>Setup for provisioning an AWS sub-account for Continuous Integration (CI) testing.</description>
-    <version>2.0.0</version>
+    <version>2.0.1</version>
     <url>https://github.com/exasol/ci-isolation-aws/</url>
     <dependencyManagement>
         <dependencies>
             <dependency>
                 <groupId>software.amazon.awssdk</groupId>
                 <artifactId>bom</artifactId>
-                <version>2.20.46</version>
+                <version>2.20.97</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>
@@ -23,12 +23,12 @@
         <dependency>
             <groupId>software.amazon.awscdk</groupId>
             <artifactId>aws-cdk-lib</artifactId>
-            <version>2.74.0</version>
+            <version>2.86.0</version>
         </dependency>
         <dependency>
             <groupId>software.constructs</groupId>
             <artifactId>constructs</artifactId>
-            <version>10.1.310</version>
+            <version>10.2.67</version>
         </dependency>
         <dependency>
             <groupId>com.google.code.gson</groupId>
@@ -49,7 +49,7 @@
         <dependency>
             <groupId>org.junit.jupiter</groupId>
             <artifactId>junit-jupiter-api</artifactId>
-            <version>5.9.2</version>
+            <version>5.9.3</version>
             <scope>test</scope>
         </dependency>
         <dependency>
@@ -108,26 +108,12 @@
                     </execution>
                 </executions>
             </plugin>
-            <plugin>
-                <groupId>org.sonatype.ossindex.maven</groupId>
-                <artifactId>ossindex-maven-plugin</artifactId>
-                <configuration>
-                    <excludeVulnerabilityIds>
-                        <!-- io.netty:netty-handler:4.1.77.Final: https://ossindex.sonatype.org/vulnerability/sonatype-2020-0026
-                             AWS SDK is not affected: https://github.com/aws/aws-sdk-java-v2/issues/3263#issuecomment-1163600532 -->
-                        <exclude>sonatype-2020-0026</exclude>
-                        <!-- Transitive dependency of software.amazon.awscdk:core: com.fasterxml.jackson.core:jackson-core:jar:2.13.5
-                             CWE-400: Uncontrolled Resource Consumption is acceptable in this project -->
-                        <exclude>sonatype-2022-6438</exclude>
-                    </excludeVulnerabilityIds>
-                </configuration>
-            </plugin>
         </plugins>
     </build>
     <parent>
         <artifactId>ci-isolation-aws-generated-parent</artifactId>
         <groupId>com.exasol</groupId>
-        <version>2.0.0</version>
+        <version>2.0.1</version>
         <relativePath>pk_generated_parent.pom</relativePath>
     </parent>
 </project>

src/main/java/com/exasol/ciisolation/aws/ResourceAsJsonReader.java

@@ -27,7 +27,7 @@ Object readResourceAsJsonObjects(final String resourceName) {
     private String getResourceAsString(final String resourceName) {
         try (final InputStream resourceAsStream = getClass().getClassLoader().getResourceAsStream(resourceName)) {
             if (resourceAsStream == null) {
-                throw new IllegalArgumentException(ExaError.messageBuilder("E-CI2-AWS-9")
+                throw new IllegalArgumentException(ExaError.messageBuilder("E-CI2AWS-9")
                         .message("Resource {{resource name}} not found", resourceName).toString());
             }
             return new String(Objects.requireNonNull(resourceAsStream).readAllBytes(), StandardCharsets.UTF_8);

src/main/java/com/exasol/ciisolation/aws/cleanup/AwsAccountCleanerBuildSpec.java

@@ -43,7 +43,7 @@ private String[] getInstallSteps() {
 
     private String getWriteToFileCommand(final String content, final String fileName) {
         if (content.contains("\nEOL\n")) {
-            throw new IllegalArgumentException(ExaError.messageBuilder("E-CI2-AWS-2").message(
+            throw new IllegalArgumentException(ExaError.messageBuilder("E-CI2AWS-2").message(
                     "Failed to build write-to-file-command. The content contained '\\nEOF\\n' which is not allowed. Content:\n {{content}}",
                     content).toString());
         }

src/main/java/com/exasol/ciisolation/aws/cleanup/StringResourceReader.java

@@ -20,7 +20,7 @@ String readResourceAsString(final String resourceName) {
             return new String(Objects.requireNonNull(getClass().getClassLoader().getResourceAsStream(resourceName))
                     .readAllBytes());
         } catch (final IOException | NullPointerException exception) {
-            throw new IllegalStateException(ExaError.messageBuilder("F-CI2-AWS-1")
+            throw new IllegalStateException(ExaError.messageBuilder("F-CI2AWS-1")
                     .message("Failed to read required resource {{resource}}.", resourceName).ticketMitigation()
                     .toString(), exception);
         }

src/test/java/com/exasol/ciisolation/aws/CdkRunner.java

@@ -71,7 +71,7 @@ private boolean isStackDone(final String stackName) {
             } else if (Set.of(CREATE_IN_PROGRESS, IMPORT_COMPLETE, IMPORT_IN_PROGRESS).contains(stackStatus)) {
                 return false;
             } else {
-                throw new IllegalStateException(ExaError.messageBuilder("F-CI2-AWS-6")
+                throw new IllegalStateException(ExaError.messageBuilder("F-CI2AWS-6")
                         .message("Stack creation failed (status: {{stack status}}).", stackStatus).toString());
             }
         } else {
@@ -97,7 +97,7 @@ private String getStackTemplate(final App app, final Stack stack) {
         try {
             return this.json.writeValueAsString(app.synth().getStackArtifact(stack.getArtifactId()).getTemplate());
         } catch (final JsonProcessingException exception) {
-            throw new IllegalStateException(ExaError.messageBuilder("F-CI2-AWS-5")
+            throw new IllegalStateException(ExaError.messageBuilder("F-CI2AWS-5")
                     .message("Failed to render stack as CloudFormation JSON template.").toString(), exception);
         }
     }

src/test/java/com/exasol/ciisolation/aws/TestConfigurationReader.java

@@ -17,7 +17,7 @@ TestConfiguration readConfig() {
     private String getParameter(final Map<String, String> configuration, final String parameter) {
         final String value = configuration.get(parameter);
         if (value == null) {
-            throw new IllegalArgumentException(ExaError.messageBuilder("E-CI2-AWS-8").message(
+            throw new IllegalArgumentException(ExaError.messageBuilder("E-CI2AWS-8").message(
                     "Invalid test_config.yaml. The configuration does not contain the required property {{missing property}}.",
                     parameter).toString());
         } else {
@@ -30,7 +30,7 @@ private Map<String, String> readYaml() {
         try (final FileReader fileReader = new FileReader("test_config.yaml")) {
             return yaml.load(fileReader);
         } catch (final IOException exception) {
-            throw new IllegalStateException(ExaError.messageBuilder("E-CI2-AWS-7")
+            throw new IllegalStateException(ExaError.messageBuilder("E-CI2AWS-7")
                     .message("Could not open test_config.yaml.")
                     .mitigation("Please create the file according to the description in the README.md.").toString(),
                     exception);