Update to version v3.2.9 (#196)

Author: kamyarz-aws

CHANGELOG.md

@@ -5,6 +5,16 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [3.2.9] - 2024-06-21
+
+### Updated
+
+- Updated braces from 3.0.2 to 3.0.3 to mitigate security vulnerability [CVE-2024-4068](https://avd.aquasec.com/nvd/2024/cve-2024-4068)
+- Updated ejs from 3.1.9 to 3.1.10 to mitigate security vulnerability [CVE-2024-33883](https://avd.aquasec.com/nvd/2024/cve-2024-33883)
+- Updated ws from 7.5.9 to 7.5.10 to mitigate security vulnerability [CVE-2024-37890](https://github.com/advisories/GHSA-3h5v-q93c-6h6q)
+- Updated json-path from 2.7.0 to 2.9.0 to mitigate security vulnerability [CVE-2023-51074](https://nvd.nist.gov/vuln/detail/CVE-2023-51074)
+- Updated taurus from 1.16.29 to 1.16.31
+
 ## [3.2.8] - 2024-04-15
 
 ### Updated

VERSION.txt

@@ -1 +1 @@
-3.2.8
+3.2.9

deployment/ecr/distributed-load-testing-on-aws-load-tester/Dockerfile

@@ -1,4 +1,4 @@
-FROM blazemeter/taurus:1.16.29
+FROM blazemeter/taurus:1.16.31
 # taurus includes python and pip
 RUN /usr/bin/python3 -m pip install --upgrade pip
 RUN pip install --no-cache-dir awscli
@@ -41,10 +41,8 @@ RUN pip install cryptography==42.0.5
 RUN rm -rf /root/.bzt/python-packages/3.10.12/cryptography*
 RUN cp -r /usr/local/lib/python3.10/dist-packages/cryptography* /root/.bzt/python-packages/3.10.12/
 
-# Replacing Pillow with more stable version resolve CVE-2023-50447	
-RUN rm -rf /root/.local/lib/python3.10/site-packages/Pillow*
-RUN pip install pillow==10.3.0 
-RUN cp -r /usr/local/lib/python3.10/dist-packages/pillow* /root/.local/lib/python3.10/site-packages/
+# Removing dotnet dependencies as NUnit and Xunit is not supported in DLT
+RUN rm -rf /usr/share/dotnet
 
 # Replacing aiohttp with more stable version to resolve CVE-2024-23334
 RUN rm -rf /usr/local/lib/python3.10/dist-packages/aiohttp* 

deployment/ecr/distributed-load-testing-on-aws-load-tester/jar_updater.py

@@ -18,6 +18,7 @@
     * lets-plot-batik v2.2.1 will be replaced with 4.2.0
     * commons-net v3.8.0 will be replaced with v3.9.0
     * tika-core v1.28.3 will be replaced with v2.9.2
+    * json-path v2.7.0 will be replaced with v2.9.0
 
 Also jmeter plugins manager will be updated to v1.10 to address CVEs and cmdrunner will be updated to v2.3 to accomodate with plugins manager.
 """
@@ -34,7 +35,7 @@
     "lets-plot-batik":  "org/jetbrains/lets-plot/lets-plot-batik/4.2.0/lets-plot-batik-4.2.0.jar",
     "commons-net": "commons-net/commons-net/3.9.0/commons-net-3.9.0.jar",
     "tika-core": "org/apache/tika/tika-core/2.9.2/tika-core-2.9.2.jar",
-
+    "json-path": "com/jayway/jsonpath/json-path/2.9.0/json-path-2.9.0.jar"
 }
 JMETER_VERSION = "5.5"
 JMETER_PLUGINS_MANAGER_VERSION = "1.10"

source/api-services/package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "api-services",
-  "version": "3.2.8",
+  "version": "3.2.9",
   "description": "REST API micro services",
   "repository": {
     "type": "git",