From e6da3a624c6c034bcf0c3349319ff607c053f550 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 8 Jan 2026 13:34:20 +0000 Subject: [PATCH 1/2] Upgrade: [dependabot] - bump NHSDigital/eps-common-workflows/.github/workflows/quality-checks.yml Bumps [NHSDigital/eps-common-workflows/.github/workflows/quality-checks.yml](https://github.com/nhsdigital/eps-common-workflows) from 5.2.9 to 5.2.11. - [Release notes](https://github.com/nhsdigital/eps-common-workflows/releases) - [Changelog](https://github.com/NHSDigital/eps-common-workflows/blob/main/release.config.cjs) - [Commits](https://github.com/nhsdigital/eps-common-workflows/compare/2b3ddfd1e59daf9905522d0140c6cd08e2547432...2fe6bc6cd974efb4d55a2a7b665385f7a2d28950) --- updated-dependencies: - dependency-name: NHSDigital/eps-common-workflows/.github/workflows/quality-checks.yml dependency-version: 5.2.11 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yml | 2 +- .github/workflows/pull_request.yml | 2 +- .github/workflows/release.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e510bc04..b2cbe984 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -26,7 +26,7 @@ jobs: TAG_FORMAT=$(yq '.TAG_FORMAT' .github/config/settings.yml) echo "TAG_FORMAT=$TAG_FORMAT" >> "$GITHUB_OUTPUT" quality_checks: - uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks.yml@2b3ddfd1e59daf9905522d0140c6cd08e2547432 + uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks.yml@2fe6bc6cd974efb4d55a2a7b665385f7a2d28950 needs: [get_asdf_version] secrets: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index 39b8a42e..8a0ef89e 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -32,7 +32,7 @@ jobs: TAG_FORMAT=$(yq '.TAG_FORMAT' .github/config/settings.yml) echo "TAG_FORMAT=$TAG_FORMAT" >> "$GITHUB_OUTPUT" quality_checks: - uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks.yml@2b3ddfd1e59daf9905522d0140c6cd08e2547432 + uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks.yml@2fe6bc6cd974efb4d55a2a7b665385f7a2d28950 needs: [get_asdf_version] with: asdfVersion: ${{ needs.get_asdf_version.outputs.asdf_version }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b71ee8e2..74a48f13 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -25,7 +25,7 @@ jobs: TAG_FORMAT=$(yq '.TAG_FORMAT' .github/config/settings.yml) echo "TAG_FORMAT=$TAG_FORMAT" >> "$GITHUB_OUTPUT" quality_checks: - uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks.yml@2b3ddfd1e59daf9905522d0140c6cd08e2547432 + uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks.yml@2fe6bc6cd974efb4d55a2a7b665385f7a2d28950 needs: [get_asdf_version] secrets: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} From b65f623f50e1033a0a533e7e934cad2d9a0ada39 Mon Sep 17 00:00:00 2001 From: Anthony Brown Date: Fri, 9 Jan 2026 09:31:48 +0000 Subject: [PATCH 2/2] fix it --- .trivyignore | 20 ++++ Makefile | 10 +- licenses/allowedMissingLicense.xml | 8 -- licenses/licenses.xml | 153 ----------------------------- poetry.lock | 50 +--------- pom.xml | 21 ---- pyproject.toml | 1 - trivy.yaml | 2 + 8 files changed, 26 insertions(+), 239 deletions(-) create mode 100644 .trivyignore delete mode 100644 licenses/allowedMissingLicense.xml delete mode 100644 licenses/licenses.xml create mode 100644 trivy.yaml diff --git a/.trivyignore b/.trivyignore new file mode 100644 index 00000000..9e997747 --- /dev/null +++ b/.trivyignore @@ -0,0 +1,20 @@ +# various vulnerabilities due to running an old version of hapi-fhir +CVE-2023-24057 +CVE-2023-28465 +CVE-2024-51132 +CVE-2024-55887 +CVE-2022-42889 +CVE-2024-45294 +CVE-2024-52007 +CVE-2024-45294 +CVE-2024-52007 +CVE-2024-45294 +CVE-2024-52007 +CVE-2024-45294 +CVE-2024-52007 +CVE-2024-45294 +CVE-2024-52007 +CVE-2021-35515 +CVE-2021-35516 +CVE-2021-35517 +CVE-2021-36090 diff --git a/Makefile b/Makefile index 83ae02c1..4a391b6a 100644 --- a/Makefile +++ b/Makefile @@ -33,13 +33,9 @@ lint-githubaction-scripts: test: download-dependencies mvn test -check-licenses: check-licenses-python check-licenses-java - -check-licenses-python: - scripts/check_python_licenses.sh - -check-licenses-java: - mvn validate +check-licenses: + echo "not implemented from console" + exit 1 show-unused-dependencies: mvn dependency:analyze diff --git a/licenses/allowedMissingLicense.xml b/licenses/allowedMissingLicense.xml deleted file mode 100644 index 568b7bf9..00000000 --- a/licenses/allowedMissingLicense.xml +++ /dev/null @@ -1,8 +0,0 @@ - - - - jakarta-regexp - jakarta-regexp - 1.4 - - diff --git a/licenses/licenses.xml b/licenses/licenses.xml deleted file mode 100644 index 5543bd3f..00000000 --- a/licenses/licenses.xml +++ /dev/null @@ -1,153 +0,0 @@ - - - - - The Apache Software License, Version 2.0 - - The Apache Software License, Version 2.0 - Apache License, Version 2.0 - Apache Software License 2.0 - Apache License 2.0 - - - http://www.apache.org/licenses/LICENSE-2.0.txt - https://www.apache.org/licenses/LICENSE-2.0 - https://www.apache.org/licenses/LICENSE-2.0.txt - https://www.apache.org/licenses/LICENSE-2.0 - - - - Eclipse Public License 1.0 - - Eclipse Public License 1.0 - Eclipse Public License - v 1.0 - Eclipse Distribution License - v 1.0 - - - http://www.eclipse.org/legal/epl-v10.html - http://www.eclipse.org/legal/epl-v10.html - http://www.eclipse.org/org/documents/edl-v10.php - - - - Eclipse Public License v2.0 - - Eclipse Public License v2.0 - EPL 2.0 - Eclipse Public License - v 2.0 - - - https://www.eclipse.org/legal/epl-v20.html - http://www.eclipse.org/legal/epl-2.0 - - - - - The MIT License - - The MIT License - MIT License - MIT - - - http://code.google.com/p/mockito/wiki/License - http://www.opensource.org/licenses/mit-license - https://opensource.org/licenses/MIT - - - - BSD - - BSD - - - http://asm.objectweb.org/license.html - - - - BSD License 3 - - BSD License 3 - - - http://opensource.org/licenses/BSD-3-Clause - - - - BSD-2-Clause - - BSD-2-Clause - - - https://opensource.org/licenses/BSD-2-Clause - - - - LGPL 2.1 - - LGPL 2.1 - GNU Lesser General Public License - http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html - - - http://www.gnu.org/licenses/lgpl-2.1.html - - - - MPL 1.1 - - MPL 1.1 - - - http://www.mozilla.org/MPL/MPL-1.1.html - - - - Mozilla Public License Version 2.0 - - Mozilla Public License Version 2.0 - - - http://www.mozilla.org/MPL/2.0/ - - - - Unicode/ICU License - - Unicode/ICU License - - - https://raw.githubusercontent.com/unicode-org/icu/main/icu4c/LICENSE - - - - GPL2 w/ CPE - - GPL2 w/ CPE - - - https://www.gnu.org/software/classpath/license.html - - - - Public Domain, per Creative Commons CC0 - - Public Domain, per Creative Commons CC0 - - - http://creativecommons.org/publicdomain/zero/1.0 - - - - - - GNU General Public License version 2 - - GNU General Public License version 2 - - - https://opensource.org/licenses/gpl-2.0.php - - - - diff --git a/poetry.lock b/poetry.lock index 75ab49f9..14707652 100644 --- a/poetry.lock +++ b/poetry.lock @@ -471,24 +471,6 @@ files = [ {file = "nodeenv-1.10.0.tar.gz", hash = "sha256:996c191ad80897d076bdfba80a41994c2b47c68e224c542b48feba42ba00f8bb"}, ] -[[package]] -name = "pip-licenses" -version = "5.5.0" -description = "Dump the software license list of Python packages installed with pip." -optional = false -python-versions = ">=3.9" -groups = ["dev"] -files = [ - {file = "pip_licenses-5.5.0-py3-none-any.whl", hash = "sha256:ae1869436d13ee487088d29e71fc5821950062ad25ec28b6a1a443e0add6d8e8"}, - {file = "pip_licenses-5.5.0.tar.gz", hash = "sha256:2473e7afd02a0c21460758f70fd2bb3b3c080c5150713dd33baa9493dc1563a5"}, -] - -[package.dependencies] -prettytable = ">=3.12.0" - -[package.extras] -dev = ["autopep8", "black", "docutils", "isort", "mypy", "pip-tools", "pypandoc", "pytest-cov", "pytest-pycodestyle", "pytest-runner", "tomli-w", "twine", "wheel"] - [[package]] name = "platformdirs" version = "4.5.1" @@ -525,24 +507,6 @@ nodeenv = ">=0.11.1" pyyaml = ">=5.1" virtualenv = ">=20.10.0" -[[package]] -name = "prettytable" -version = "3.17.0" -description = "A simple Python library for easily displaying tabular data in a visually appealing ASCII table format" -optional = false -python-versions = ">=3.10" -groups = ["dev"] -files = [ - {file = "prettytable-3.17.0-py3-none-any.whl", hash = "sha256:aad69b294ddbe3e1f95ef8886a060ed1666a0b83018bbf56295f6f226c43d287"}, - {file = "prettytable-3.17.0.tar.gz", hash = "sha256:59f2590776527f3c9e8cf9fe7b66dd215837cca96a9c39567414cbc632e8ddb0"}, -] - -[package.dependencies] -wcwidth = "*" - -[package.extras] -tests = ["pytest", "pytest-cov", "pytest-lazy-fixtures"] - [[package]] name = "pycodestyle" version = "2.14.0" @@ -1224,19 +1188,7 @@ platformdirs = ">=3.9.1,<5" docs = ["furo (>=2023.7.26)", "proselint (>=0.13)", "sphinx (>=7.1.2,!=7.3)", "sphinx-argparse (>=0.4)", "sphinxcontrib-towncrier (>=0.2.1a0)", "towncrier (>=23.6)"] test = ["covdefaults (>=2.3)", "coverage (>=7.2.7)", "coverage-enable-subprocess (>=1)", "flaky (>=3.7)", "packaging (>=23.1)", "pytest (>=7.4)", "pytest-env (>=0.8.2)", "pytest-freezer (>=0.4.8) ; platform_python_implementation == \"PyPy\" or platform_python_implementation == \"GraalVM\" or platform_python_implementation == \"CPython\" and sys_platform == \"win32\" and python_version >= \"3.13\"", "pytest-mock (>=3.11.1)", "pytest-randomly (>=3.12)", "pytest-timeout (>=2.1)", "setuptools (>=68)", "time-machine (>=2.10) ; platform_python_implementation == \"CPython\""] -[[package]] -name = "wcwidth" -version = "0.2.14" -description = "Measures the displayed width of unicode strings in a terminal" -optional = false -python-versions = ">=3.6" -groups = ["dev"] -files = [ - {file = "wcwidth-0.2.14-py2.py3-none-any.whl", hash = "sha256:a7bb560c8aee30f9957e5f9895805edd20602f2d7f720186dfd906e82b4982e1"}, - {file = "wcwidth-0.2.14.tar.gz", hash = "sha256:4d478375d31bc5395a3c55c40ccdf3354688364cd61c4f6adacaa9215d0b3605"}, -] - [metadata] lock-version = "2.1" python-versions = "^3.12" -content-hash = "9e75e5c0607f1f8becb76767969171d1d0ff9ed8cb7baf9e6d9316a92f4f89b7" +content-hash = "9f991d6b34ade62cc62e2103a80cfa28a801f80c6df1d5484c0820b909ec9cf7" diff --git a/pom.xml b/pom.xml index a5a6e8fe..f1069e30 100644 --- a/pom.xml +++ b/pom.xml @@ -175,27 +175,6 @@ - - se.ayoy.maven-plugins - ayoy-license-verifier-maven-plugin - 1.2.0 - - - validate - - verify - - - - - ${project.basedir}/licenses/licenses.xml - - ${project.basedir}/licenses/allowedMissingLicense.xml - true - true - true - - maven-dependency-plugin 3.9.0 diff --git a/pyproject.toml b/pyproject.toml index dd33e1e1..fadff782 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -20,7 +20,6 @@ flake8 = "^7.3.0" requests = "^2.32.5" [tool.poetry.group.dev.dependencies] -pip-licenses = "^5.0.0" pre-commit = "^4.5.1" cfn-lint = "^1.43.2" diff --git a/trivy.yaml b/trivy.yaml new file mode 100644 index 00000000..2a1affb7 --- /dev/null +++ b/trivy.yaml @@ -0,0 +1,2 @@ +license: + ignored: ["LGPL-2.1-only", "GPL-2.0-with-classpath-exception"]