From b9cbb77ec276a4cd3071f801533e420f46b05c09 Mon Sep 17 00:00:00 2001
From: Ilyes Ben Dlala <ilyes.bendlala@iteratec.com>
Date: Tue, 16 Apr 2024 16:18:23 +0200
Subject: [PATCH 1/2] Fix kubernetes client-java being upgraded to legacy
 version

Signed-off-by: Ilyes Ben Dlala <ilyes.bendlala@iteratec.com>
---
 hooks/persistence-defectdojo/hook/build.gradle | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hooks/persistence-defectdojo/hook/build.gradle b/hooks/persistence-defectdojo/hook/build.gradle
index 140f59ce9b..55afe18750 100644
--- a/hooks/persistence-defectdojo/hook/build.gradle
+++ b/hooks/persistence-defectdojo/hook/build.gradle
@@ -24,7 +24,7 @@ repositories {
 
 dependencies {
   implementation group: "io.securecodebox", name: "defectdojo-client", version: "2.0.1"
-  implementation group: "io.kubernetes", name: "client-java", version: "20.0.1-legacy"
+  implementation group: "io.kubernetes", name: "client-java", version: "20.0.1"
   implementation group: "org.springframework", name: "spring-web", version: "6.1.6"
   implementation group: "com.fasterxml.jackson.core", name: "jackson-core", version: "2.17.0"
   implementation group: "com.fasterxml.jackson.core", name: "jackson-annotations", version: "2.17.0"

From 53a2d57c84464513fc36844440d2bad2d906954b Mon Sep 17 00:00:00 2001
From: Ilyes Ben Dlala <ilyes.bendlala@iteratec.com>
Date: Tue, 16 Apr 2024 16:19:50 +0200
Subject: [PATCH 2/2] Attempt to disallow upgrades to *-legacy for kubernetes
 java client Ref:
 https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#specifying-dependencies-and-versions-to-ignore

Signed-off-by: Ilyes Ben Dlala <ilyes.bendlala@iteratec.com>
---
 .github/dependabot.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 163994e5b1..03d0959d93 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -32,6 +32,9 @@ updates:
     directory: "/hooks/persistence-defectdojo/hook"
     schedule:
       interval: "weekly"
+    ignore:
+      - dependency-name: "io.kubernetes:client-java"
+        versions: ["*-legacy"]
     groups:
       gradle-security-updates:
         applies-to: security-updates