From 99221619baacf70d8bd8e54148576acddeb4149f Mon Sep 17 00:00:00 2001
From: Erik van Oosten <e.vanoosten@grons.nl>
Date: Sat, 8 Feb 2025 11:26:54 +0100
Subject: [PATCH] Upgrade undertow, report dependencies to GitHub

Undertow < 2.2.30.Final has multiple security alerts (e.g. https://github.com/zio/zio-streams-compress/security/dependabot/14). This upgrades Undertow to the fixed version.

Also add a workflow for reporting the dependencies to GitHub, allowing security warnings from GitHub.
---
 .github/workflows/dependency-graph.yml | 13 +++++++++++++
 build.sbt                              |  2 +-
 2 files changed, 14 insertions(+), 1 deletion(-)
 create mode 100644 .github/workflows/dependency-graph.yml

diff --git a/.github/workflows/dependency-graph.yml b/.github/workflows/dependency-graph.yml
new file mode 100644
index 00000000..14760f0e
--- /dev/null
+++ b/.github/workflows/dependency-graph.yml
@@ -0,0 +1,13 @@
+name: Update Dependency Graph
+on:
+  push:
+    branches:
+      - main
+jobs:
+  dependency-graph:
+    name: Update Dependency Graph
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: sbt/setup-sbt@v1
+      - uses: scalacenter/sbt-dependency-submission@v2
diff --git a/build.sbt b/build.sbt
index 413f0c3a..50812ae1 100644
--- a/build.sbt
+++ b/build.sbt
@@ -269,7 +269,7 @@ lazy val mdoc = project
       "com.googlecode.java-diff-utils" % "diffutils" % "1.3.0",
       "io.methvin" % "directory-watcher" % "0.18.0",
       // live reload
-      "io.undertow" % "undertow-core" % "2.2.24.Final",
+      "io.undertow" % "undertow-core" % "2.2.30.Final",
       "org.jboss.xnio" % "xnio-nio" % "3.8.16.Final",
       "org.slf4j" % "slf4j-api" % "2.0.16",
       "org.scalameta" %% "metaconfig-typesafe-config" % V.metaconfig,