chore: address System.Text.Json vulnerabilities

aws · Oct 10, 2024 · 76498b4 · 76498b4
1 parent de95ab9
commit 76498b4
Show file tree

Hide file tree

Showing 5 changed files with 30 additions and 6 deletions.
diff --git a/.autover/changes/a341e9ce-1356-465d-b1b4-77743905d586.json b/.autover/changes/a341e9ce-1356-465d-b1b4-77743905d586.json
@@ -0,0 +1,26 @@
+{
+  "Projects": [
+    {
+      "Name": "AWS.Deploy.CLI",
+      "Type": "Patch",
+      "ChangelogMessages": [
+        "Revert the CDK Bootstrap template to version 22 due to CDK rollback",
+        "Bump System.Text.Json to 8.0.5 to address a known high severity vulnerability"
+      ]
+    },
+    {
+      "Name": "AWS.Deploy.Recipes.CDK.Common",
+      "Type": "Patch",
+      "ChangelogMessages": [
+        "Bump System.Text.Json to 8.0.5 to address a known high severity vulnerability"
+      ]
+    },
+    {
+      "Name": "AWS.Deploy.ServerMode.Client",
+      "Type": "Patch",
+      "ChangelogMessages": [
+        "Bump System.Text.Json to 8.0.5 to address a known high severity vulnerability"
+      ]
+    }
+  ]
+}
diff --git a/src/AWS.Deploy.CLI/AWS.Deploy.CLI.csproj b/src/AWS.Deploy.CLI/AWS.Deploy.CLI.csproj
@@ -30,7 +30,7 @@
     <PackageReference Include="Swashbuckle.AspNetCore.Annotations" Version="6.5.0" />
     <PackageReference Include="Swashbuckle.AspNetCore.Swagger" Version="6.5.0" />
     <PackageReference Include="System.CommandLine" Version="2.0.0-beta1.20574.7" />
-    <PackageReference Include="System.Text.Json" Version="8.0.4" />
+    <PackageReference Include="System.Text.Json" Version="8.0.5" />
   </ItemGroup>
 
   <ItemGroup>

diff --git a/src/AWS.Deploy.DockerEngine/AWS.Deploy.DockerEngine.csproj b/src/AWS.Deploy.DockerEngine/AWS.Deploy.DockerEngine.csproj
@@ -23,7 +23,7 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="System.Text.Json" Version="6.0.8" />
+    <PackageReference Include="System.Text.Json" Version="8.0.5" />
   </ItemGroup>
 
   <Import Project="..\AWS.Deploy.Constants\AWS.Deploy.Constants.projitems" Label="Shared" />

diff --git a/src/AWS.Deploy.Orchestration/CDK/CDKBootstrapTemplate.yaml b/src/AWS.Deploy.Orchestration/CDK/CDKBootstrapTemplate.yaml
@@ -470,8 +470,6 @@ Resources:
                   - cloudformation:ExecuteChangeSet
                   - cloudformation:CreateStack
                   - cloudformation:UpdateStack
-                  - cloudformation:RollbackStack
-                  - cloudformation:ContinueUpdateRollback
                 Resource: "*"
               - Sid: PipelineCrossAccountArtifactsBucket
                 Effect: Allow
@@ -611,7 +609,7 @@ Resources:
       Type: String
       Name:
         Fn::Sub: /cdk-bootstrap/${Qualifier}/version
-      Value: "23"
+      Value: "22"
 Outputs:
   BucketName:
     Description: The name of the S3 bucket owned by the CDK toolkit stack

diff --git a/src/AWS.Deploy.Recipes.CDK.Common/AWS.Deploy.Recipes.CDK.Common.csproj b/src/AWS.Deploy.Recipes.CDK.Common/AWS.Deploy.Recipes.CDK.Common.csproj
@@ -16,7 +16,7 @@
   <ItemGroup>
     <PackageReference Include="Amazon.CDK.Lib" Version="2.155.0" />
     <PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="6.0.0" />
-    <PackageReference Include="System.Text.Json" Version="8.0.4" />
+    <PackageReference Include="System.Text.Json" Version="8.0.5" />
   </ItemGroup>
 
   <ItemGroup>