Dependabot updates for August 2024 (#3289)

* Bump certifi from 2024.6.2 to 2024.7.4 and in /maintenance, /deploy
* Bump requirejs from 2.3.6 to 2.3.7
* Bump icu.net from 2.10.1-beta.4 to 2.10.1-beta.5 in /Backend
* Bump @typescript-eslint/parser from 7.14.1 to 7.18.0
* Bump Swashbuckle.AspNetCore from 6.6.2 to 6.7.0 in /Backend
* Bump MongoDB.Driver from 2.27.0 to 2.28.0 in /Backend.Tests
* Bump MailKit from 4.7.0 to 4.7.1.1 in /Backend.Tests
* Bump pyopenssl from 24.1.0 to 24.2.1 in /deploy
* Bump ansible from 10.1.0 to 10.2.0 in /deploy
* Bump pyopenssl from 24.1.0 to 24.2.1 in /maintenance
* Bump dotnet/sdk in /Backend
* Bump dotnet/aspnet in /Backend
* Bump actions/dependency-review-action from 4.3.3 to 4.3.4
* Bump actions/upload-artifact from 4.3.3 to 4.3.4
* Bump sillsdev/FieldWorks
* Bump actions/setup-python from 5.1.0 to 5.1.1
* Bump codecov/codecov-action from 4.3.0 to 4.5.0
* Update Harden Runner for frontend workflow
* Sync up @type/ versions with their corresponding packages

---------

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.github/workflows/backend.yml

@@ -48,7 +48,7 @@ jobs:
         run: dotnet test Backend.Tests/Backend.Tests.csproj
         shell: bash
       - name: Upload coverage artifact
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
         with:
           if-no-files-found: error
           name: coverage
@@ -91,7 +91,7 @@ jobs:
         with:
           name: coverage
       - name: Upload coverage report
-        uses: codecov/codecov-action@84508663e988701840491b86de86b666e8a86bed # v4.3.0
+        uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           fail_ci_if_error: true
@@ -138,7 +138,7 @@ jobs:
       - name: Autobuild
         uses: github/codeql-action/autobuild@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
       - name: Upload artifacts if build failed
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
         if: ${{ failure() }}
         with:
           name: tracer-logs

.github/workflows/commit_message_check.yml

@@ -10,4 +10,4 @@ permissions: # added using https://github.com/step-security/secure-workflows
 
 jobs:
   commit-message-lint:
-    uses: sillsdev/FieldWorks/.github/workflows/CommitMessage.yml@53b16bd9d629a65054d424cb059e4e2ce943ba97
+    uses: sillsdev/FieldWorks/.github/workflows/CommitMessage.yml@1841598026f41661ed53c3072589dbfed5c14a12

.github/workflows/dependency-review.yml

@@ -24,4 +24,4 @@ jobs:
       - name: "Checkout Repository"
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: "Dependency Review"
-        uses: actions/dependency-review-action@72eb03d02c7872a771aacd928f3123ac62ad6d3a # v4.3.3
+        uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4

.github/workflows/frontend.yml

@@ -24,9 +24,9 @@ jobs:
           disable-sudo: true
           egress-policy: block
           allowed-endpoints: >
-            *.actions.githubusercontent.com:443
             api.github.com:443
             github.com:443
+            objects.githubusercontent.com:443
             registry.npmjs.org:443
       - name: Checkout repository
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
@@ -53,9 +53,9 @@ jobs:
           disable-sudo: true
           egress-policy: block
           allowed-endpoints: >
-            *.actions.githubusercontent.com:443
             api.github.com:443
             github.com:443
+            objects.githubusercontent.com:443
             registry.npmjs.org:443
       - name: Checkout repository
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
@@ -68,7 +68,7 @@ jobs:
         env:
           CI: true
       - name: Upload coverage artifact
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
         with:
           if-no-files-found: error
           name: coverage
@@ -101,7 +101,7 @@ jobs:
         with:
           name: coverage
       - name: Upload coverage report
-        uses: codecov/codecov-action@84508663e988701840491b86de86b666e8a86bed # v4.3.0
+        uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           fail_ci_if_error: true
@@ -121,7 +121,6 @@ jobs:
           disable-sudo: true
           egress-policy: block
           allowed-endpoints: >
-            *.actions.githubusercontent.com:443
             auth.docker.io:443
             files.pythonhosted.org:443
             github.com:443

.github/workflows/pages.yml

@@ -26,7 +26,7 @@ jobs:
             github.com:443
             pypi.org:443
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
+      - uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1
         with:
           python-version: 3.11
       - name: Install dependencies

.github/workflows/python.yml

@@ -30,7 +30,7 @@ jobs:
             pypi.org:443
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
+        uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1
         with:
           python-version: ${{ matrix.python-version }}
       - name: Install dependencies

.github/workflows/scorecards.yml

@@ -81,7 +81,7 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
         with:
           name: SARIF file
           path: results.sarif

Backend/BackendFramework.csproj

@@ -16,13 +16,13 @@
     <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.3" />
     <PackageReference Include="Microsoft.IdentityModel.Tokens" Version="7.5.1" />
     <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="7.5.1" />
-    <PackageReference Include="Swashbuckle.AspNetCore" Version="6.6.2" />
-    <PackageReference Include="MongoDB.Driver" Version="2.27.0" />
-    <PackageReference Include="MailKit" Version="4.7.0" />
+    <PackageReference Include="MailKit" Version="4.7.1.1" />
+    <PackageReference Include="MongoDB.Driver" Version="2.28.0" />
+    <PackageReference Include="Swashbuckle.AspNetCore" Version="6.7.0" />
     <PackageReference Include="Xabe.FFmpeg" Version="5.2.6"/>
 
     <!-- SIL Maintained Dependencies. -->
-    <PackageReference Include="icu.net" Version="2.10.1-beta.4" />
+    <PackageReference Include="icu.net" Version="2.10.1-beta.5" />
     <PackageReference Include="Icu4c.Win.Full.Lib" Version="62.2.3-beta" />
     <PackageReference Include="SIL.Core" Version="14.1.1" />
     <PackageReference Include="SIL.Core.Desktop" Version="14.1.1">

Backend/Dockerfile

@@ -1,5 +1,5 @@
 # Docker multi-stage build
-FROM mcr.microsoft.com/dotnet/sdk:8.0.302-1-jammy-amd64 AS builder
+FROM mcr.microsoft.com/dotnet/sdk:8.0.303-jammy-amd64 AS builder
 WORKDIR /app
 
 # Copy csproj and restore (fetch dependencies) as distinct layers.
@@ -11,7 +11,7 @@ COPY . ./
 RUN dotnet publish -c Release -o build
 
 # Build runtime image.
-FROM mcr.microsoft.com/dotnet/aspnet:8.0.6-jammy-amd64
+FROM mcr.microsoft.com/dotnet/aspnet:8.0.7-jammy-amd64
 
 ENV ASPNETCORE_URLS=http://+:5000
 ENV COMBINE_IS_IN_CONTAINER=1

deploy/requirements.txt

@@ -4,9 +4,9 @@
 #
 #    pip-compile requirements.in
 #
-ansible==10.1.0
+ansible==10.2.0
     # via -r requirements.in
-ansible-core==2.17.1
+ansible-core==2.17.2
     # via ansible
 cachetools==5.3.3
     # via google-auth
@@ -51,7 +51,7 @@ pyasn1-modules==0.4.0
     # via google-auth
 pycparser==2.22
     # via cffi
-pyopenssl==24.1.0
+pyopenssl==24.2.1
     # via -r requirements.in
 python-dateutil==2.9.0.post0
     # via kubernetes

docs/user_guide/assets/licenses/backend_licenses.txt

@@ -24,7 +24,7 @@ license Type:Apache-2.0
 
 ####################################################################################################
 Package:icu.net
-Version:2.10.1-beta.4
+Version:2.10.1-beta.5
 project URL:https://github.com/sillsdev/icu-dotnet
 Description:icu.net is a C# Wrapper around ICU4C
 licenseUrl:https://licenses.nuget.org/MIT
@@ -54,7 +54,7 @@ license Type:LICENSE.md
 
 ####################################################################################################
 Package:MailKit
-Version:4.7.0
+Version:4.7.1.1
 project URL:http://www.mimekit.net/
 Description:MailKit is an Open Source cross-platform .NET mail-client library that is based on MimeKit and optimized for mobile devices.
 
@@ -462,7 +462,7 @@ license Type:Apache-2.0
 
 ####################################################################################################
 Package:Microsoft.Extensions.Logging.Abstractions
-Version:2.1.0
+Version:2.0.0
 project URL:https://asp.net/
 Description:Logging abstractions for Microsoft.Extensions.Logging.
 Commonly used types:
@@ -478,7 +478,7 @@ license Type:Apache-2.0
 
 ####################################################################################################
 Package:Microsoft.Extensions.Logging.Abstractions
-Version:2.0.0
+Version:2.1.0
 project URL:https://asp.net/
 Description:Logging abstractions for Microsoft.Extensions.Logging.
 Commonly used types:
@@ -619,7 +619,7 @@ license Type:MIT
 
 ####################################################################################################
 Package:Microsoft.NETCore.Platforms
-Version:1.0.1
+Version:1.1.1
 project URL:https://dot.net/
 Description:Provides runtime information required to resolve target framework, platform, and runtime specific implementations of .NETCore packages. 
 When using NuGet 3.x this package requires at least version 3.4.
@@ -628,7 +628,7 @@ license Type:MS-EULA
 
 ####################################################################################################
 Package:Microsoft.NETCore.Platforms
-Version:1.1.1
+Version:1.0.1
 project URL:https://dot.net/
 Description:Provides runtime information required to resolve target framework, platform, and runtime specific implementations of .NETCore packages. 
 When using NuGet 3.x this package requires at least version 3.4.
@@ -704,7 +704,7 @@ license Type:MIT
 
 ####################################################################################################
 Package:MimeKit
-Version:4.7.0
+Version:4.7.1
 project URL:https://www.mimekit.net/
 Description:MimeKit is an Open Source library for creating and parsing MIME, S/MIME and PGP messages on desktop and mobile platforms. It also supports parsing of Unix mbox files.
 
@@ -722,34 +722,34 @@ license Type:MIT
 
 ####################################################################################################
 Package:MongoDB.Bson
-Version:2.27.0
+Version:2.28.0
 project URL:https://www.mongodb.com/docs/drivers/csharp/
 Description:MongoDB's Official Bson Library.
 licenseUrl:https://licenses.nuget.org/Apache-2.0
 license Type:Apache-2.0
 
 ####################################################################################################
 Package:MongoDB.Driver
-Version:2.27.0
+Version:2.28.0
 project URL:https://www.mongodb.com/docs/drivers/csharp/
 Description:Official .NET driver for MongoDB.
 licenseUrl:https://licenses.nuget.org/Apache-2.0
 license Type:Apache-2.0
 
 ####################################################################################################
 Package:MongoDB.Driver.Core
-Version:2.27.0
+Version:2.28.0
 project URL:https://www.mongodb.com/docs/drivers/csharp/
 Description:Core Component of the Official MongoDB .NET Driver.
 licenseUrl:https://licenses.nuget.org/Apache-2.0
 license Type:Apache-2.0
 
 ####################################################################################################
 Package:MongoDB.Libmongocrypt
-Version:1.10.0
+Version:1.11.0
 project URL:http://www.mongodb.org/display/DOCS/CSharp+Language+Center
 Description:Libmongocrypt wrapper for the .NET driver.
-licenseUrl:https://www.nuget.org/packages/MongoDB.Libmongocrypt/1.10.0/License
+licenseUrl:https://www.nuget.org/packages/MongoDB.Libmongocrypt/1.11.0/License
 license Type:License.txt
 
 ####################################################################################################
@@ -955,31 +955,31 @@ license Type:
 
 ####################################################################################################
 Package:Swashbuckle.AspNetCore
-Version:6.6.2
+Version:6.7.0
 project URL:https://github.com/domaindrivendev/Swashbuckle.AspNetCore
 Description:Swagger tools for documenting APIs built on ASP.NET Core
 licenseUrl:https://licenses.nuget.org/MIT
 license Type:MIT
 
 ####################################################################################################
 Package:Swashbuckle.AspNetCore.Swagger
-Version:6.6.2
+Version:6.7.0
 project URL:https://github.com/domaindrivendev/Swashbuckle.AspNetCore
 Description:Middleware to expose Swagger JSON endpoints from APIs built on ASP.NET Core
 licenseUrl:https://licenses.nuget.org/MIT
 license Type:MIT
 
 ####################################################################################################
 Package:Swashbuckle.AspNetCore.SwaggerGen
-Version:6.6.2
+Version:6.7.0
 project URL:https://github.com/domaindrivendev/Swashbuckle.AspNetCore
 Description:Swagger Generator for APIs built on ASP.NET Core
 licenseUrl:https://licenses.nuget.org/MIT
 license Type:MIT
 
 ####################################################################################################
 Package:Swashbuckle.AspNetCore.SwaggerUI
-Version:6.6.2
+Version:6.7.0
 project URL:https://github.com/domaindrivendev/Swashbuckle.AspNetCore
 Description:Middleware to expose an embedded version of the swagger-ui from an ASP.NET Core application
 licenseUrl:https://licenses.nuget.org/MIT
@@ -1506,6 +1506,18 @@ When using NuGet 3.x this package requires at least version 3.4.
 licenseUrl:http://go.microsoft.com/fwlink/?LinkId=329770
 license Type:MS-EULA
 
+####################################################################################################
+Package:System.Formats.Asn1
+Version:8.0.1
+project URL:https://dot.net/
+Description:Provides classes that can read and write the ASN.1 BER, CER, and DER data formats.
+
+Commonly Used Types:
+System.Formats.Asn1.AsnReader
+System.Formats.Asn1.AsnWriter
+licenseUrl:https://licenses.nuget.org/MIT
+license Type:MIT
+
 ####################################################################################################
 Package:System.Formats.Asn1
 Version:8.0.0
@@ -3075,7 +3087,7 @@ license Type:MS-EULA
 
 ####################################################################################################
 Package:System.Text.Encoding.CodePages
-Version:6.0.0
+Version:8.0.0
 project URL:https://dot.net/
 Description:Provides support for code-page based encodings, including Windows-1252, Shift-JIS, and GB2312.
 
@@ -3086,7 +3098,7 @@ license Type:MIT
 
 ####################################################################################################
 Package:System.Text.Encoding.CodePages
-Version:8.0.0
+Version:6.0.0
 project URL:https://dot.net/
 Description:Provides support for code-page based encodings, including Windows-1252, Shift-JIS, and GB2312.
 

maintenance/requirements.txt

@@ -40,7 +40,7 @@ pycparser==2.22
     # via cffi
 pymongo==4.8.0
     # via -r requirements.in
-pyopenssl==24.1.0
+pyopenssl==24.2.1
     # via -r requirements.in
 python-dateutil==2.9.0.post0
     # via kubernetes