Merge pull request #2061 from bosch-io/bugfix/fixing-cves

Fixing CVEs

Author: alstanchev

bom/pom.xml

@@ -66,7 +66,7 @@
         <pjfanning-pekko-rabbitmq.version>7.0.0</pjfanning-pekko-rabbitmq.version>
         <amqp-client.version>5.18.0</amqp-client.version>
         <reactive-streams.version>1.0.4</reactive-streams.version>
-        <netty-bom.version>4.1.112.Final</netty-bom.version>
+        <netty-bom.version>4.1.115.Final</netty-bom.version>
         <cloudevents.version>2.5.0</cloudevents.version>
 
         <slf4j.version>2.0.16</slf4j.version>
@@ -76,7 +76,7 @@
         <janino.version>3.1.12</janino.version>
 
         <!-- ### Metrics and Tracing -->
-        <kamon.version>2.7.3</kamon.version>
+        <kamon.version>2.7.5</kamon.version>
 
         <jsr305.version>3.0.2</jsr305.version>
 

documentation/src/main/resources/Gemfile

@@ -8,7 +8,7 @@ source "https://rubygems.org"
 #
 # This will help ensure the proper Jekyll version is running.
 # Happy Jekylling!
-gem "jekyll", "~> 4.3.2"
+gem "jekyll", "~> 4.3.4"
 
 # This is the default theme for new Jekyll sites. You may change this to anything you like.
 
@@ -21,6 +21,9 @@ group :jekyll_plugins do
   gem "jekyll-sitemap", "~> 1.4.0"
 end
 
+# Fixing https://www.mend.io/vulnerability-database/CVE-2024-49761
+gem 'rexml', '>= 3.3.9'
+
 # Windows does not include zoneinfo files, so bundle the tzinfo-data gem
 gem "tzinfo-data", platforms: [:mingw, :mswin, :x64_mingw, :jruby]
 

documentation/src/main/resources/Gemfile.lock

@@ -44,7 +44,7 @@ This was fixed in PR [#1901](https://github.com/eclipse-ditto/ditto/pull/1901).
 #### Ensure consistency when doing signal enrichment
 
 When e.g. a Ditto connection published many events for a single thing in a short time and using
-[signal enrichment](basic-enrichment.hml), it was not guaranteed that the "enriched" data was from the same `revision`
+[signal enrichment](basic-enrichment.html), it was not guaranteed that the "enriched" data was from the same `revision`
 as the published event - leading to inconsistencies for things with high frequent updates.  
 This was reported in issue [#1893](https://github.com/eclipse-ditto/ditto/issues/1893) and fixed in PR 
 [#1904](https://github.com/eclipse-ditto/ditto/pull/1904).

documentation/src/main/resources/pages/ditto/release_notes_353.md

@@ -367,7 +367,7 @@ <h2>Achievements - Blog posts</h2>
               <li class="fragment" style="font-size: 0.9em; margin-top: 0.5em;"><a href="https://www.hivemq.com/blog/hands-on-guide-using-mqtt-hivemq-eclipse-ditto-digital-twins-iiot/">Hands-on Guide to Using MQTT and Eclipse Ditto for Digital Twins</a></li>
             </ul>
           </li>
-          <li class="fragment" style="font-size: 0.9em; margin-top: 0.5em;"><a href="2024-02-27-integrating-ditto-aas-basyx.html">Integrate Eclipse Ditto Things in an Asset Administration Shell Environment</a> (published today)</li>
+          <li class="fragment" style="font-size: 0.9em; margin-top: 0.5em;"><a href="https://eclipse.dev/ditto/2024-02-27-integrating-ditto-aas-basyx.html">Integrate Eclipse Ditto Things in an Asset Administration Shell Environment</a> (published today)</li>
         </ul>
       </section>
       <section id="achievements-7" style="clear: both;">