Merge pull request #16498 from pdeslaur/cve-fixes-keycloak

cve fixes: keycloak + tkn

Author: rawlingsj

keycloak.yaml

@@ -1,7 +1,7 @@
 package:
   name: keycloak
   version: 24.0.2
-  epoch: 0
+  epoch: 1
   description: Open Source Identity and Access Management For Modern Applications and Services
   copyright:
     - license: Apache-2.0
@@ -32,6 +32,8 @@ pipeline:
       tag: ${{package.version}}
       expected-commit: 6a5783e9d538a1e67512fe43abe7b15ca6eed5c2
 
+  - uses: maven/pombump
+
   - runs: |
       # Keycloak installation. Note we use the maven wrapper as configured in
       # the source repo to build - ensures the correct maven version for

keycloak/pombump-deps.yaml

@@ -0,0 +1,5 @@
+patches:
+  - groupId: io.netty
+    artifactId: netty-codec-http
+    version: 4.1.108.Final
+    scope: import

tkn.yaml

@@ -1,7 +1,7 @@
 package:
   name: tkn
   version: 0.36.0
-  epoch: 1
+  epoch: 2
   description: A CLI for interacting with Tekton!
   copyright:
     - license: Apache-2.0
@@ -21,6 +21,10 @@ pipeline:
       tag: v${{package.version}}
       expected-commit: e0dddfbda5fb559695610b4bd583df3969484dd0
 
+  - uses: go/bump
+    with:
+      deps: github.com/docker/[email protected]
+
   - runs: |
       make bin/tkn
       install -Dm755 ./bin/tkn ${{targets.destdir}}/usr/bin/tkn