From 894fefc17ec49636f6b4fdfdc6a922d0afadaae8 Mon Sep 17 00:00:00 2001 From: Ajay Mudgal Date: Fri, 10 Oct 2025 13:04:11 +0100 Subject: [PATCH 1/3] Addressing security vulnerabilities in utilities and libraries raised by dependabot --- .github/workflows/code-quality.yml | 2 +- .github/workflows/update-pull-request-description.yml | 4 ++-- application/change_event_dlq_handler/requirements.txt | 2 +- application/dos_db_handler/requirements.txt | 2 +- application/dos_db_update_dlq_handler/requirements.txt | 2 +- application/event_replay/requirements.txt | 2 +- application/send_email/requirements.txt | 2 +- application/service_matcher/requirements.txt | 2 +- application/service_sync/requirements.txt | 2 +- application/slack_messenger/requirements.txt | 2 +- 10 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/code-quality.yml b/.github/workflows/code-quality.yml index 8a4f98571..4d5925959 100644 --- a/.github/workflows/code-quality.yml +++ b/.github/workflows/code-quality.yml @@ -48,7 +48,7 @@ jobs: with: fetch-depth: 0 - name: Check Markdown format - uses: DavidAnson/markdownlint-cli2-action@v13 + uses: DavidAnson/markdownlint-cli2-action@v20 with: config: .github/workflows/configs/markdownlint/.markdownlint.json - name: Check Markdown links diff --git a/.github/workflows/update-pull-request-description.yml b/.github/workflows/update-pull-request-description.yml index 430de105c..8165bc606 100644 --- a/.github/workflows/update-pull-request-description.yml +++ b/.github/workflows/update-pull-request-description.yml @@ -18,7 +18,7 @@ jobs: - name: Checkout uses: actions/checkout@v4 - name: Get Branch Name - uses: mdecoleman/pr-branch-name@2.0.0 + uses: mdecoleman/pr-branch-name@v3.0.0 id: branch_name with: repo-token: ${{ secrets.GITHUB_TOKEN }} @@ -30,7 +30,7 @@ jobs: run: echo "TEMPLATE_NAME=$(cat .github/PULL_REQUEST_TEMPLATE/${{ env.BRANCH_DESIGNATOR }}_pull_request_template.md > /dev/null 2>&1 && echo ${{ env.BRANCH_DESIGNATOR }}_pull_request_template.md || echo task_pull_request_template.md)" >> $GITHUB_ENV - name: Render Pull Request template id: template - uses: chuhlomin/render-template@v1.5 + uses: chuhlomin/render-template@v1.10 with: template: .github/PULL_REQUEST_TEMPLATE/${{ env.TEMPLATE_NAME }} vars: | diff --git a/application/change_event_dlq_handler/requirements.txt b/application/change_event_dlq_handler/requirements.txt index e27f685d9..cfb1c4805 100644 --- a/application/change_event_dlq_handler/requirements.txt +++ b/application/change_event_dlq_handler/requirements.txt @@ -1 +1 @@ -aws-lambda-powertools[tracer] ~= 2.43.0 +aws-lambda-powertools[tracer] ~= 3.20.0 diff --git a/application/dos_db_handler/requirements.txt b/application/dos_db_handler/requirements.txt index a5f3571d4..69d278fcb 100644 --- a/application/dos_db_handler/requirements.txt +++ b/application/dos_db_handler/requirements.txt @@ -1,2 +1,2 @@ -aws-lambda-powertools[tracer] ~= 2.43.0 +aws-lambda-powertools[tracer] ~= 3.20.0 psycopg[binary] diff --git a/application/dos_db_update_dlq_handler/requirements.txt b/application/dos_db_update_dlq_handler/requirements.txt index e27f685d9..cfb1c4805 100644 --- a/application/dos_db_update_dlq_handler/requirements.txt +++ b/application/dos_db_update_dlq_handler/requirements.txt @@ -1 +1 @@ -aws-lambda-powertools[tracer] ~= 2.43.0 +aws-lambda-powertools[tracer] ~= 3.20.0 diff --git a/application/event_replay/requirements.txt b/application/event_replay/requirements.txt index a56853a73..6d1940542 100644 --- a/application/event_replay/requirements.txt +++ b/application/event_replay/requirements.txt @@ -1,2 +1,2 @@ -aws-lambda-powertools[tracer] ~= 2.43.0 +aws-lambda-powertools[tracer] ~= 3.20.0 simplejson diff --git a/application/send_email/requirements.txt b/application/send_email/requirements.txt index e27f685d9..cfb1c4805 100644 --- a/application/send_email/requirements.txt +++ b/application/send_email/requirements.txt @@ -1 +1 @@ -aws-lambda-powertools[tracer] ~= 2.43.0 +aws-lambda-powertools[tracer] ~= 3.20.0 diff --git a/application/service_matcher/requirements.txt b/application/service_matcher/requirements.txt index 6c5b01dad..0a79a142c 100644 --- a/application/service_matcher/requirements.txt +++ b/application/service_matcher/requirements.txt @@ -1,3 +1,3 @@ -aws-lambda-powertools[tracer] ~= 2.43.0 +aws-lambda-powertools[tracer] ~= 3.20.0 psycopg[binary] pytz diff --git a/application/service_sync/requirements.txt b/application/service_sync/requirements.txt index 6c5b01dad..0a79a142c 100644 --- a/application/service_sync/requirements.txt +++ b/application/service_sync/requirements.txt @@ -1,3 +1,3 @@ -aws-lambda-powertools[tracer] ~= 2.43.0 +aws-lambda-powertools[tracer] ~= 3.20.0 psycopg[binary] pytz diff --git a/application/slack_messenger/requirements.txt b/application/slack_messenger/requirements.txt index 589fc68bf..29dd94270 100644 --- a/application/slack_messenger/requirements.txt +++ b/application/slack_messenger/requirements.txt @@ -1,2 +1,2 @@ -aws-lambda-powertools[tracer] ~= 2.43.0 +aws-lambda-powertools[tracer] ~= 3.20.0 requests From 7978d09bd58b94693c9e987f3fb89c23dac69053 Mon Sep 17 00:00:00 2001 From: Ajay Mudgal Date: Fri, 10 Oct 2025 13:47:35 +0100 Subject: [PATCH 2/3] Addressing security vulnerabilities in utilities and python libs --- application/ingest_change_event/requirements.txt | 2 +- application/quality_checker/requirements.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/application/ingest_change_event/requirements.txt b/application/ingest_change_event/requirements.txt index 5cf839387..6221c3047 100644 --- a/application/ingest_change_event/requirements.txt +++ b/application/ingest_change_event/requirements.txt @@ -1 +1 @@ -aws-lambda-powertools[tracer, validation] ~= 2.43.0 +aws-lambda-powertools[tracer, validation] ~= 3.20.0 diff --git a/application/quality_checker/requirements.txt b/application/quality_checker/requirements.txt index 39387a7d8..1becb7954 100644 --- a/application/quality_checker/requirements.txt +++ b/application/quality_checker/requirements.txt @@ -1,2 +1,2 @@ -aws-lambda-powertools[tracer, validation] ~= 2.43.0 +aws-lambda-powertools[tracer, validation] ~= 3.20.0 psycopg[binary] From b5ccb13583cfa2e3c0e35a52a63a4cbb997ceb7f Mon Sep 17 00:00:00 2001 From: Ajay Mudgal Date: Tue, 14 Oct 2025 12:05:05 +0100 Subject: [PATCH 3/3] Updating buid tester stage image arch type --- .../development-and-deployment-tools/build_tools_image.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/infrastructure/stacks/development-and-deployment-tools/build_tools_image.tf b/infrastructure/stacks/development-and-deployment-tools/build_tools_image.tf index a0c255ab4..9b4b5befa 100644 --- a/infrastructure/stacks/development-and-deployment-tools/build_tools_image.tf +++ b/infrastructure/stacks/development-and-deployment-tools/build_tools_image.tf @@ -28,7 +28,7 @@ resource "aws_codebuild_webhook" "build_image_webhook" { resource "aws_codebuild_project" "build_image" { for_each = local.independent_build_images name = "${var.project_id}-${var.environment}-build-${each.key}-stage" - description = "Builds ${each.key} x86 development docker container image" + description = "Builds ${each.key} x64 development docker container image" build_timeout = "10" queued_timeout = "5" service_role = data.aws_iam_role.pipeline_role.arn @@ -45,8 +45,8 @@ resource "aws_codebuild_project" "build_image" { environment { compute_type = "BUILD_GENERAL1_SMALL" - image = "aws/codebuild/amazonlinux2-x86_64-standard:5.0" - type = "LINUX_CONTAINER" + image = "aws/codebuild/amazonlinux2-aarch64-standard:3.0" + type = "ARM_CONTAINER" image_pull_credentials_type = "CODEBUILD" privileged_mode = true