From fa9412e64b25f89cfb7431057dd12cbe4e3aae11 Mon Sep 17 00:00:00 2001
From: "Dr. Christoph \"Schorsch\" Jung" <c-jung@t-systems.com>
Date: Wed, 7 Feb 2024 12:48:07 +0100
Subject: [PATCH 1/4] fix: use the correct invocation syntax to setup
 intermediate endpoints correctly.

---
 provisioning/resources/entrypoint.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/provisioning/resources/entrypoint.sh b/provisioning/resources/entrypoint.sh
index 77a1a559..3e01383c 100644
--- a/provisioning/resources/entrypoint.sh
+++ b/provisioning/resources/entrypoint.sh
@@ -122,7 +122,7 @@ for ENDPOINT in $ONTOP_PORT ; do  # NOTE: do not double-quote $services here.
   else 
     echo "Invoking intermediate process";
     java $TOOL -cp ./lib/*:./jdbc/* -Dlogback.configurationFile="/opt/ontop/log/logback.xml" -Dlogging.config="/opt/ontop/log/logback.xml" \
-      it.unibz.inf.ontop.cli.Ontop endpoint ${ONTOLOGY_FILE} ${MAPPING_FILE} \
+      it.unibz.inf.ontop.cli.Ontop endpoint ${ONTOLOGY} ${MAPPING} \
       ${PROPERTIES} ${PORTAL} ${DEV} ${ENDPOINT} ${CORS} ${LAZY}&
   fi
 done

From c16fa297fe13f4629f082cb4d63f2f5084da9f44 Mon Sep 17 00:00:00 2001
From: "Dr. Christoph \"Schorsch\" Jung" <c-jung@t-systems.com>
Date: Wed, 7 Feb 2024 13:09:46 +0100
Subject: [PATCH 2/4] fix: dremio jdbc driver would not work under java 21

---
 provisioning/README.md                  | 2 +-
 provisioning/src/main/docker/Dockerfile | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/provisioning/README.md b/provisioning/README.md
index 59e92a06..36a43f73 100644
--- a/provisioning/README.md
+++ b/provisioning/README.md
@@ -278,7 +278,7 @@ Eclipse Tractus-X product(s) installed within the image:
 
 **Used base image**
 
-- [eclipse-temurin:21-jre-alpine](https://github.com/adoptium/containers)
+- [eclipse-temurin:11-jre-alpine](https://github.com/adoptium/containers)
 - Official Eclipse Temurin DockerHub page: https://hub.docker.com/_/eclipse-temurin
 - Eclipse Temurin Project: https://projects.eclipse.org/projects/adoptium.temurin
 - Additional information about the Eclipse Temurin images: https://github.com/docker-library/repo-info/tree/master/repos/eclipse-temurin
diff --git a/provisioning/src/main/docker/Dockerfile b/provisioning/src/main/docker/Dockerfile
index 2df8e035..6c3527a4 100644
--- a/provisioning/src/main/docker/Dockerfile
+++ b/provisioning/src/main/docker/Dockerfile
@@ -25,7 +25,7 @@ FROM ontop/ontop:5.1.2 as blueprint
 # Build Container: Fixes diverse vulnerabilities in guava <32, tomcat, spring-boot 2.7<13, spring-framework <5.3.28 and spring-web (all 5 versions - need to exclude a deprecated package from the jar)
 ##
 
-FROM eclipse-temurin:21-jdk AS build
+FROM eclipse-temurin:11-jdk AS build
 
 # run with docker --build-arg jdbcDrivers=path_to_my_driver to establish a different driver
 ARG jdbcDrivers="https://repo1.maven.org/maven2/com/h2database/h2/2.2.220/h2-2.2.220.jar https://download.dremio.com/jdbc-driver/dremio-jdbc-driver-LATEST.jar https://repo1.maven.org/maven2/org/apache/calcite/avatica/avatica/1.22.0/avatica-1.22.0.jar"
@@ -56,7 +56,7 @@ RUN  if [ "${HTTP_PROXY}" != ""  ]; then \
 # Target Container: Use a valid base image
 ##
 
-FROM eclipse-temurin:21-jre-alpine
+FROM eclipse-temurin:11-jre-alpine
 
 ARG APP_USER=ontop
 ARG APP_UID=10001

From 2a17d34bd0e9bb1a3a75aafbe27788b36bbe353a Mon Sep 17 00:00:00 2001
From: "Dr. Christoph \"Schorsch\" Jung" <c-jung@t-systems.com>
Date: Mon, 12 Feb 2024 14:15:12 +0100
Subject: [PATCH 3/4] fix: github action upgrades and coordinates. Upgrade
 logback to non-critical version. Document the manual postprocessing of
 spring-web-5 to remove the critical invoker package.

---
 .github/workflows/helm-chart-lint.yml |  2 +-
 .github/workflows/veracode.yml        |  4 ++--
 provisioning/pom.xml                  | 12 ++++++++++++
 3 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/helm-chart-lint.yml b/.github/workflows/helm-chart-lint.yml
index de844851..d34c7bc1 100644
--- a/.github/workflows/helm-chart-lint.yml
+++ b/.github/workflows/helm-chart-lint.yml
@@ -88,7 +88,7 @@ jobs:
 
       # Preparing a kind cluster to install and test charts on
       - name: Create kind cluster
-        uses: container-tools/kind-action@61f1afd4807b0dac84f3232ec99e45c63701d220 # v2.0.1
+        uses: container-tools/kind-action@0fc957b58d9a5bc9ca57a1b419324a2074c7653b # v2.0.3
         with:
           # upgrade version, default (v0.17.0) uses node image v1.21.1 and doesn't work with more recent node image versions
           version: v0.20.0
diff --git a/.github/workflows/veracode.yml b/.github/workflows/veracode.yml
index 84ab1c10..f9eb4966 100644
--- a/.github/workflows/veracode.yml
+++ b/.github/workflows/veracode.yml
@@ -42,7 +42,7 @@ jobs:
   verify-formatting:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3.5.2
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           fetch-depth: 0
       - uses: ./.github/actions/setup-java
@@ -118,7 +118,7 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       - name: Tar gzip files for veracode upload
         run: |-
-          tar --exclude='spring-web-5.3.28.jar' -czvf ${{ matrix.variant.dir }}/target/${{ matrix.variant.name }}.tar.gz ${{ matrix.variant.dir }}/target/lib/*.jar ${{ matrix.variant.dir }}/target/${{ matrix.variant.name }}-*.jar
+          tar --exclude='spring-web-5.3.31.jar' -czvf ${{ matrix.variant.dir }}/target/${{ matrix.variant.name }}.tar.gz ${{ matrix.variant.dir }}/target/lib/*.jar ${{ matrix.variant.dir }}/target/${{ matrix.variant.name }}-*.jar
       - name: Veracode Upload And Scan
         uses: veracode/veracode-uploadandscan-action@c3c0b78bddb42d5f6b10d70562f692215a410d7b #v1.0
         if: |
diff --git a/provisioning/pom.xml b/provisioning/pom.xml
index 3d66d7b1..90c7e584 100644
--- a/provisioning/pom.xml
+++ b/provisioning/pom.xml
@@ -101,6 +101,18 @@
                 </exclusion>
             </exclusions>
         </dependency>
+        <dependency>
+            <groupId>ch.qos.logback</groupId>
+            <artifactId>logback-classic</artifactId>
+            <version>${logback.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>ch.qos.logback</groupId>
+            <artifactId>logback-core</artifactId>
+            <version>${logback.version}</version>
+            <scope>test</scope>
+        </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-actuator</artifactId>

From caff28a0f1185232459993fad6525a2299244b05 Mon Sep 17 00:00:00 2001
From: "Dr. Christoph \"Schorsch\" Jung" <c-jung@t-systems.com>
Date: Tue, 13 Feb 2024 08:22:10 +0100
Subject: [PATCH 4/4] chore: update DEPENDENCIES

---
 DEPENDENCIES | 2 --
 1 file changed, 2 deletions(-)

diff --git a/DEPENDENCIES b/DEPENDENCIES
index f9073ced..97e2a038 100644
--- a/DEPENDENCIES
+++ b/DEPENDENCIES
@@ -1,8 +1,6 @@
 maven/mavencentral/aopalliance/aopalliance/1.0, LicenseRef-Public-Domain, approved, CQ2918
-maven/mavencentral/ch.qos.logback/logback-classic/1.2.12, EPL-1.0, approved, CQ13636
 maven/mavencentral/ch.qos.logback/logback-classic/1.2.13, EPL-1.0, approved, CQ13636
 maven/mavencentral/ch.qos.logback/logback-classic/1.4.12, EPL-1.0 OR LGPL-2.1-only, approved, #3435
-maven/mavencentral/ch.qos.logback/logback-core/1.2.12, EPL-1.0, approved, CQ13635
 maven/mavencentral/ch.qos.logback/logback-core/1.2.13, EPL-1.0, approved, CQ13635
 maven/mavencentral/ch.qos.logback/logback-core/1.4.12, EPL-1.0 OR LGPL-2.1-only, approved, #3373
 maven/mavencentral/com.fasterxml.jackson.core/jackson-annotations/2.13.5, Apache-2.0, approved, clearlydefined