Merge pull request #341 from catenax-ng/main

Fix medium security findings

.github/workflows/argo.yml

@@ -72,9 +72,18 @@ env:
     ARGO_INT_B_TRACE_X_INSTANCE: "https://argo.int.demo.catena-x.net/api/v1/applications/traceability-foss-int-b"
     ARGO_INT_B_RegistryReload: "https://traceability-int-b.int.demo.catena-x.net/api/registry/reload"
 
-jobs:      
+jobs:     
 
+  print_environment:
+   runs-on: ubuntu-latest
+   steps:
+      - name: ${{ github.event.inputs.environment }}
+        run: |
+          echo "### inputs" >> $GITHUB_STEP_SUMMARY
+          echo "- environment: ${{ github.event.inputs.environment }}" >> $GITHUB_STEP_SUMMARY
+          
   hard_refresh_environment:
+   needs: print_environment
    runs-on: ubuntu-latest
    steps:
 
@@ -87,7 +96,7 @@ jobs:
           echo ::add-mask::$ARGO_TOKEN
           echo ARGO_TOKEN=$ARGO_TOKEN >> $GITHUB_ENV
           
-      - name: Hard refresh environment
+      - name: Hard refresh environment ${{ github.event.inputs.environment }}
         run: |
          source ./.github/argo/argo_config.sh
         
@@ -103,6 +112,7 @@ jobs:
            curl -X GET -H "Authorization: Bearer ${{ env.ARGO_TOKEN }}" "$resource?refresh=hard&appNamespace=argocd"
          done
          sleep 40
+
   delete_environment:
     needs: hard_refresh_environment
     runs-on: ubuntu-latest

.github/workflows/dependencies.yaml

@@ -38,7 +38,7 @@ jobs:
           cache: 'maven'
 
       - name: Set up Node
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version: 18.x
 

.github/workflows/e2e-tests-xray_frontend.yml

@@ -47,7 +47,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Use Node.js 18.x
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version: 18.x
 
@@ -96,12 +96,12 @@ jobs:
           path: frontend/cypress/e2e
 
       - name: Use Node.js 18.x
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version: 18.x
 
       - name: Cypress run all tests
-        uses: cypress-io/github-action@v6.5.0 # use the explicit version number
+        uses: cypress-io/github-action@v6.6.0 # use the explicit version number
         with:
           start: npm run start:auth:e2ea
           wait-on: "http://localhost:4200"
@@ -158,12 +158,12 @@ jobs:
  #         path: frontend/cypress/e2e
 #
  #     - name: Use Node.js 18.x
- #       uses: actions/setup-node@v3
+  #       uses: actions/setup-node@v4
  #       with:
  #         node-version: 18.x
 #
  #     - name: Cypress run all tests
- #       uses: cypress-io/github-action@v6.5.0 # use the explicit version number
+  #       uses: cypress-io/github-action@v6.6.0 # use the explicit version number
  #       with:
  #         start: npm start
  #         wait-on: "http://localhost:4200"
@@ -212,12 +212,12 @@ jobs:
 #  Error: connect ECONNREFUSED 127.0.0.1:4200"
 
 #      - name: Use Node.js 18.x
-#        uses: actions/setup-node@v3
+  #        uses: actions/setup-node@v4
 #        with:
 #          node-version: 18.x
 
  #     - name: Use Node.js 16.x
- #       uses: actions/setup-node@v3
+  #       uses: actions/setup-node@v4
  #       with:
  #         node-version: 16.x
 #
@@ -226,7 +226,7 @@ jobs:
  #       run: npx playwright install --with-deps webkit
 #
  #     - name: Cypress run all tests
- #       uses: cypress-io/github-action@v6.5.0 # use the explicit version number
+  #       uses: cypress-io/github-action@v6.6.0 # use the explicit version number
  #       with:
  #         start: npm start:auth:e2ea
  #         wait-on: "http://localhost:4200"

.github/workflows/helm-chart-release.yaml

@@ -83,7 +83,7 @@ jobs:
           helm repo add tx-item-relationship-service https://catenax-ng.github.io/tx-item-relationship-service
 
       - name: Run chart-releaser
-        uses: helm/chart-releaser-action@v1.5.0
+        uses: helm/chart-releaser-action@v1.6.0
         env:
           CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
           CR_RELEASE_NAME_TEMPLATE: "${{ env.RELEASE_VERSION }}"

.github/workflows/helm-test.yaml

@@ -71,7 +71,7 @@ jobs:
           version: v3.9.3
 
       - name: Set up chart-testing
-        uses: helm/chart-testing-action@v2.4.0
+        uses: helm/chart-testing-action@v2.6.1
 
       - name: Run chart-testing (list-changed)
         id: list-changed

.github/workflows/publish-documentation.yaml

@@ -48,7 +48,7 @@ jobs:
           distribution: 'temurin'
 
       - name: Setup Node
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version: 16
 

.github/workflows/sonar-scan-frontend.yml

@@ -35,7 +35,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - name: Use Node.js 18.x
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version: 18.x
       - name: Install chrome

.github/workflows/trivy.yml

@@ -72,7 +72,7 @@ jobs:
         run: docker build -t localhost:5000/traceability-foss:fe_${{ github.sha }} .
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@0.12.0
+        uses: aquasecurity/trivy-action@0.14.0
         with:
           image-ref: 'localhost:5000/traceability-foss:fe_${{ github.sha }}'
           format: "sarif"
@@ -131,7 +131,7 @@ jobs:
           ref: ${{needs.prepare-env.outputs.check_sha}}
 
       - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@0.12.0
+        uses: aquasecurity/trivy-action@0.14.0
         with:
           scan-type: "config"
           hide-progress: false
@@ -176,7 +176,7 @@ jobs:
           tags: localhost:5000/traceability-foss:trivy
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@0.12.0
+        uses: aquasecurity/trivy-action@0.14.0
         with:
           image-ref: localhost:5000/traceability-foss:trivy
           trivyignores: "./.github/workflows/.trivyignore"

.github/workflows/unit-test_frontend.yml

@@ -35,7 +35,7 @@ jobs:
     steps:
     - uses: actions/checkout@v4
     - name: Use Node.js 18.x
-      uses: actions/setup-node@v3
+      uses: actions/setup-node@v4
       with:
         node-version: 18.x
     - name: Install chrome

.tractusx

@@ -1,3 +1,8 @@
 product: "Traceability FOSS"
 leadingRepository: "https://github.com/eclipse-tractusx/traceability-foss"
 repositories: []
+
+# section to explicitly skip certain release guideline checks
+skipReleaseChecks:
+  alignedBaseImage:
+    - "frontend/cypress/Dockerfile"

CHANGELOG.md

@@ -9,6 +9,9 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 ### Added
 - Cypress Login to E2E Environment to enable cypress e2e tests.
 - Fixed bug in argo workflow which allows to successfully run on INT-A/INT-B
+- New job named 'print_environment' to the Argo-workflow that prints the selected environment to the GitHub Step Summary.
+- Added NOTIFICATION_COUNT_EQUAL filter strategy for Assets as built Specifications
+- Added new supported filter for notifications assetId that allows filtering alerts and investigations by assetId
 
 ### Changed
 - Fixed table-settings reset bug
@@ -17,6 +20,20 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 - Bump jetty-http from 11.0.15 to 11.0.17
 - Assets response have now list of notification ids rather than count of existing notifications
 - Frontend adapt to backend api changes for activeAlerts and activeInvestigations
+- Reconfigured all docker images user settings
+- Adapted memory / cpu requests and limits in default values helm file
+- Fixed textarea field for dialog.
+- Removed duplicated cancel buttons from investigation and alerts workflows
+
+- Migrate to not deprecated methods in HTTP security
+- Bump actions/setup-node@ from v3 to v4
+- Bump helm/chart-releaser-action from v1.5.0 to v1.6.0
+- Bump aquasecurity/trivy-action from 0.12.0 to 0.14.0
+- Bump cypress-io/github-action from v6.5.0 to v6.6.0
+- Bump spring-core version from 6.0.12 to 6.0.13
+- Bump compiler-plugin version 3.10.1 to 3.11.0
+- Bump commons-io version 2.13.0 to 2.15.0
+-
 
 ### Removed
 

COMPATIBILITY_MATRIX.md

@@ -0,0 +1,22 @@
+# Compatibility matrix v1.0
+
+## Catena-X Release?
+- [x] yes -> Catena-X Release <version>
+- [ ] no
+
+
+### (Trace-X Release)  [<version>| Release Notes](https://github.com/catenax-ng/tx-traceability-foss/releases/tag/<version>)
+
+#### Trace-X version 1.3.14
+
+| Name of service                  | Version | Comments   |
+|----------------------------------|---------|------------|
+| postgresql                       | 12.1.6  |            |
+| postgresql alias: edc-postgresql | 12.1.6  |            |
+| pgadmin4                         | 1.13.6  |            |
+| irs-helm                         | 6.8.0   |            |
+| tractusx-connector               | 0.5.0   |            |
+| discovery service                | 0.1.0   |            |
+| portal                           | ?       |            |
+| SD-Factory                       | ?       |            |
+| wallet                           | ?       |            |

DEPENDENCIES_BACKEND

@@ -46,7 +46,7 @@ maven/mavencentral/commons-codec/commons-codec/1.15, Apache-2.0 AND BSD-3-Clause
 maven/mavencentral/commons-collections/commons-collections/3.2.2, Apache-2.0, approved, CQ10385
 maven/mavencentral/commons-digester/commons-digester/2.1, Apache-2.0, approved, clearlydefined
 maven/mavencentral/commons-fileupload/commons-fileupload/1.5, Apache-2.0, approved, #7109
-maven/mavencentral/commons-io/commons-io/2.13.0, Apache-2.0, approved, #8717
+maven/mavencentral/commons-io/commons-io/2.15.0, Apache-2.0, approved, #11244
 maven/mavencentral/commons-logging/commons-logging/1.2, Apache-2.0, approved, CQ10162
 maven/mavencentral/commons-validator/commons-validator/1.7, Apache-2.0, approved, clearlydefined
 maven/mavencentral/dev.failsafe/failsafe-okhttp/3.3.2, Apache-2.0, approved, #9178
@@ -263,9 +263,9 @@ maven/mavencentral/org.eclipse.jetty/jetty-webapp/11.0.15, EPL-2.0 OR Apache-2.0
 maven/mavencentral/org.eclipse.jetty/jetty-webapp/11.0.17, EPL-2.0 OR Apache-2.0, approved, rt.jetty
 maven/mavencentral/org.eclipse.jetty/jetty-xml/11.0.15, EPL-2.0 OR Apache-2.0, approved, rt.jetty
 maven/mavencentral/org.eclipse.jetty/jetty-xml/11.0.17, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.tractusx.irs/irs-edc-client/1.4.1-20231027.142046-3, Apache-2.0, approved, automotive.tractusx
-maven/mavencentral/org.eclipse.tractusx.irs/irs-models/1.4.1-20231027.142046-3, Apache-2.0, approved, automotive.tractusx
-maven/mavencentral/org.eclipse.tractusx.irs/irs-registry-client/1.4.1-20231027.142046-3, Apache-2.0, approved, automotive.tractusx
+maven/mavencentral/org.eclipse.tractusx.irs/irs-edc-client/1.4.1-20231110.130443-8, Apache-2.0, approved, automotive.tractusx
+maven/mavencentral/org.eclipse.tractusx.irs/irs-models/1.4.1-20231110.130443-8, Apache-2.0, approved, automotive.tractusx
+maven/mavencentral/org.eclipse.tractusx.irs/irs-registry-client/1.4.1-20231110.130443-8, Apache-2.0, approved, automotive.tractusx
 maven/mavencentral/org.eclipse.tractusx.traceability/tx-backend/0.0.1-SNAPSHOT, Apache-2.0, approved, automotive.tractusx
 maven/mavencentral/org.eclipse.tractusx.traceability/tx-models/0.0.1-SNAPSHOT, Apache-2.0, approved, automotive.tractusx
 maven/mavencentral/org.flywaydb/flyway-core/9.16.3, Apache-2.0, approved, #7935
@@ -399,11 +399,11 @@ maven/mavencentral/org.springframework/spring-aop/6.0.11, Apache-2.0, approved,
 maven/mavencentral/org.springframework/spring-aspects/6.0.11, Apache-2.0, approved, #5930
 maven/mavencentral/org.springframework/spring-beans/6.0.11, Apache-2.0, approved, #5937
 maven/mavencentral/org.springframework/spring-context/6.0.11, Apache-2.0, approved, #5936
-maven/mavencentral/org.springframework/spring-core/6.0.12, Apache-2.0 AND BSD-3-Clause, approved, #5948
+maven/mavencentral/org.springframework/spring-core/6.0.13, Apache-2.0 AND BSD-3-Clause, approved, #5948
 maven/mavencentral/org.springframework/spring-expression/6.0.11, Apache-2.0, approved, #3284
-maven/mavencentral/org.springframework/spring-expression/6.0.12, Apache-2.0, approved, #3284
+maven/mavencentral/org.springframework/spring-expression/6.0.13, Apache-2.0, approved, #3284
 maven/mavencentral/org.springframework/spring-jcl/6.0.11, Apache-2.0, approved, #3283
-maven/mavencentral/org.springframework/spring-jcl/6.0.12, Apache-2.0, approved, #3283
+maven/mavencentral/org.springframework/spring-jcl/6.0.13, Apache-2.0, approved, #3283
 maven/mavencentral/org.springframework/spring-jdbc/6.0.11, Apache-2.0, approved, #5924
 maven/mavencentral/org.springframework/spring-jdbc/6.0.13, Apache-2.0, approved, #5924
 maven/mavencentral/org.springframework/spring-orm/6.0.11, Apache-2.0, approved, #5925

DEPENDENCIES_FRONTEND

@@ -1497,7 +1497,7 @@ npm/npmjs/@types/eslint/8.4.2, MIT, approved, #2429
 npm/npmjs/@types/estree/0.0.51, MIT, approved, clearlydefined
 npm/npmjs/@types/express-serve-static-core/4.17.34, MIT, approved, #6020
 npm/npmjs/@types/express/4.17.17, MIT, approved, #5760
-npm/npmjs/@types/geojson/7946.0.8, MIT, approved, clearlydefined
+npm/npmjs/@types/geojson/7946.0.8, MIT, approved, #11480
 npm/npmjs/@types/glob/7.2.0, MIT, approved, clearlydefined
 npm/npmjs/@types/http-proxy/1.17.11, MIT, approved, #8414
 npm/npmjs/@types/jasmine/4.3.1, MIT, approved, clearlydefined

charts/traceability-foss/charts/backend/values.yaml

@@ -89,7 +89,7 @@ resources:
     cpu: 500m
     memory: 512Mi
   requests:
-    cpu: 500m
+    cpu: 250m
     memory: 512Mi
 
 nodeSelector: {}

charts/traceability-foss/charts/frontend/values.yaml

@@ -83,7 +83,7 @@ resources:
     cpu: 500m
     memory: 512Mi
   requests:
-    cpu: 500m
+    cpu: 250m
     memory: 512Mi
 
 nodeSelector: { }

charts/traceability-foss/values.yaml

@@ -101,7 +101,7 @@ frontend:
       cpu: 500m
       memory: 512Mi
     requests:
-      cpu: 125m
+      cpu: 250m
       memory: 512Mi
 
   nodeSelector: {}
@@ -222,7 +222,7 @@ backend:
       cpu: 500m
       memory: 512Mi
     requests:
-      cpu: 125m
+      cpu: 250m
       memory: 512Mi
 
   nodeSelector: {}
@@ -324,7 +324,7 @@ pgadmin4:
   resources:
     limits:
       cpu: 1000m
-      memory: 1Gi
+      memory: 512Mi
     requests:
       cpu: 256m
       memory: 512Mi
@@ -344,13 +344,29 @@ postgresql:
     database: "trace"
     username: "traceuser"
 
+  resources:
+    limits:
+      cpu: 500m
+      memory: 512Mi
+    requests:
+      cpu: 250m
+      memory: 512Mi
+
 #########################
 # IRS configuration     #
 #########################
 irs-helm:
   enabled: false  # <irs-helm.enabled>
   nameOverride: "tracex-irs"
   fullnameOverride: "tracex-irs"
+
+  resources:
+    limits:
+      cpu: 500m
+      memory: 512Mi
+    requests:
+      cpu: 250m
+      memory: 512Mi
 ###################################
 # EDC Consumer configuration  #
 ###################################
@@ -361,6 +377,14 @@ tractusx-connector:
   participant:
     id: "BPN"
 
+  resources:
+    limits:
+      cpu: 500m
+      memory: 512Mi
+    requests:
+      cpu: 250m
+      memory: 512Mi
+
   ##################################
   # EDC Postgres Configuration #
   ##################################
@@ -385,3 +409,11 @@ edc-postgresql:
     password: "CHANGEME"
     database: "trace"
     username: "traceuser"
+
+  resources:
+    limits:
+      cpu: 500m
+      memory: 512Mi
+    requests:
+      cpu: 250m
+      memory: 512Mi