Snyk May Review (#7702)

* fixed 89 & 284 * fixed 287 & 770 * testing modified package back to original * fixed backages error * updated all high and critical * modified runtime class * modified liquibase version to 4.20.0 to fix error * updated liquibase version * updated liquibase to 4.27.0 * upgrade libraries * added to build.gradle * modified source Compatibility to fix Deprecated Gradle features error * modified to use the java { } * change source version back to original * changed org.postgresql:postgresql back to version 42.6.1 to fix vulnerability
CDCgov · Jun 5, 2024 · 5fdc224 · 5fdc224
1 parent d5de310
commit 5fdc224
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 11 deletions.
diff --git a/backend/build.gradle b/backend/build.gradle
@@ -12,7 +12,9 @@ plugins {
 
 group = 'gov.cdc.usds'
 version = '0.0.1-SNAPSHOT'
-sourceCompatibility = '17'
+java {
+    sourceCompatibility = JavaVersion.VERSION_17
+}
 
 ext {
     set('springCloudVersion', "2022.0.4")
@@ -29,7 +31,7 @@ jar {
 
 dependencies {
     // core infrastructure
-    implementation 'org.springframework.boot:spring-boot-starter-web'
+    implementation 'org.springframework.boot:spring-boot-starter-web:3.2.0'
     implementation 'org.springframework.boot:spring-boot-starter-cache'
     implementation 'org.springframework.boot:spring-boot-actuator'
     implementation 'org.springframework.boot:spring-boot-actuator-autoconfigure'
@@ -58,6 +60,8 @@ dependencies {
      */
     implementation 'com.squareup.okio:okio:3.9.0'
     implementation 'org.springframework:spring-core:6.0.16'
+    implementation 'org.springframework.security:spring-security-core:6.1.8'
+    implementation 'org.springframework.security:spring-security-oauth2-client:6.1.7'
 
     // non-pinned security dependencies
     implementation 'org.owasp.encoder:encoder:1.2'
@@ -66,8 +70,8 @@ dependencies {
     implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
     implementation 'org.springframework.boot:spring-boot-starter-validation'
     implementation 'io.hypersistence:hypersistence-utils-hibernate-62:3.5.2' // this provides additional types for JsonB and for ListArray types in Postgres
-    implementation 'org.liquibase:liquibase-core'
-    implementation 'org.postgresql:postgresql'
+    implementation 'org.liquibase:liquibase-core:4.27.0'
+    implementation 'org.postgresql:postgresql:42.6.1'
 
     // data validation
     implementation 'com.googlecode.libphonenumber:libphonenumber:8.13.28'
@@ -79,6 +83,7 @@ dependencies {
     implementation 'com.fasterxml.jackson.datatype:jackson-datatype-hibernate6'
     implementation 'org.springframework.boot:spring-boot-starter-thymeleaf'
 
+
     // Okta dependencies
     implementation 'com.okta.spring:okta-spring-boot-starter:3.0.5'
     implementation "com.okta.sdk:okta-sdk-api:${oktaVersion}"

diff --git a/backend/gradle.lockfile b/backend/gradle.lockfile
@@ -56,7 +56,7 @@ com.okta.sdk:okta-sdk-impl:13.0.2=runtimeClasspath
 com.okta.spring:okta-spring-boot-starter:3.0.5=compileClasspath,runtimeClasspath
 com.okta.spring:okta-spring-sdk:3.0.5=compileClasspath,runtimeClasspath
 com.okta.spring:okta-spring-security-oauth2:3.0.5=compileClasspath,runtimeClasspath
-com.opencsv:opencsv:5.7.1=compileClasspath,runtimeClasspath
+com.opencsv:opencsv:5.9=compileClasspath,runtimeClasspath
 com.sendgrid:java-http-client:4.5.0=compileClasspath,runtimeClasspath
 com.sendgrid:sendgrid-java:4.10.1=compileClasspath,runtimeClasspath
 com.smartystreets.api:smartystreets-java-sdk:3.14.1=compileClasspath,runtimeClasspath
@@ -136,7 +136,7 @@ net.minidev:json-smart:2.4.11=compileClasspath,runtimeClasspath
 org.antlr:antlr4-runtime:4.10.1=compileClasspath,runtimeClasspath
 org.apache.commons:commons-collections4:4.4=compileClasspath,runtimeClasspath
 org.apache.commons:commons-lang3:3.12.0=compileClasspath,runtimeClasspath
-org.apache.commons:commons-text:1.10.0=compileClasspath,runtimeClasspath
+org.apache.commons:commons-text:1.11.0=compileClasspath,runtimeClasspath
 org.apache.httpcomponents.client5:httpclient5:5.2.3=compileClasspath,runtimeClasspath
 org.apache.httpcomponents.core5:httpcore5-h2:5.2.4=compileClasspath,runtimeClasspath
 org.apache.httpcomponents.core5:httpcore5:5.2.4=compileClasspath,runtimeClasspath
@@ -171,11 +171,11 @@ org.jetbrains.kotlin:kotlin-stdlib-common:1.8.22=compileClasspath,runtimeClasspa
 org.jetbrains.kotlin:kotlin-stdlib:1.8.22=compileClasspath,runtimeClasspath
 org.jetbrains:annotations:13.0=compileClasspath,runtimeClasspath
 org.json:json:20231013=compileClasspath,runtimeClasspath
-org.liquibase:liquibase-core:4.20.0=compileClasspath,runtimeClasspath
+org.liquibase:liquibase-core:4.27.0=compileClasspath,runtimeClasspath
 org.openapitools:jackson-databind-nullable:0.2.6=compileClasspath,runtimeClasspath
 org.ow2.asm:asm:9.3=compileClasspath,runtimeClasspath
 org.owasp.encoder:encoder:1.2=compileClasspath,runtimeClasspath
-org.postgresql:postgresql:42.6.0=compileClasspath,runtimeClasspath
+org.postgresql:postgresql:42.6.1=compileClasspath,runtimeClasspath
 org.projectlombok:lombok:1.18.30=compileClasspath
 org.reactivestreams:reactive-streams:1.0.4=compileClasspath,runtimeClasspath
 org.slf4j:jcl-over-slf4j:2.0.9=compileClasspath,runtimeClasspath
@@ -197,7 +197,7 @@ org.springframework.boot:spring-boot-starter-security:3.1.7=compileClasspath,run
 org.springframework.boot:spring-boot-starter-thymeleaf:3.1.7=compileClasspath,runtimeClasspath
 org.springframework.boot:spring-boot-starter-tomcat:3.1.7=compileClasspath,runtimeClasspath
 org.springframework.boot:spring-boot-starter-validation:3.1.7=compileClasspath,runtimeClasspath
-org.springframework.boot:spring-boot-starter-web:3.1.7=compileClasspath,runtimeClasspath
+org.springframework.boot:spring-boot-starter-web:3.2.0=compileClasspath,runtimeClasspath
 org.springframework.boot:spring-boot-starter:3.1.7=compileClasspath,runtimeClasspath
 org.springframework.boot:spring-boot:3.1.7=compileClasspath,runtimeClasspath
 org.springframework.cloud:spring-cloud-commons:4.0.4=compileClasspath,runtimeClasspath
@@ -211,9 +211,9 @@ org.springframework.data:spring-data-commons:3.1.7=compileClasspath,runtimeClass
 org.springframework.data:spring-data-jpa:3.1.7=compileClasspath,runtimeClasspath
 org.springframework.graphql:spring-graphql:1.2.4=compileClasspath,runtimeClasspath
 org.springframework.security:spring-security-config:6.1.6=compileClasspath,runtimeClasspath
-org.springframework.security:spring-security-core:6.1.6=compileClasspath,runtimeClasspath
+org.springframework.security:spring-security-core:6.1.8=compileClasspath,runtimeClasspath
 org.springframework.security:spring-security-crypto:6.1.6=compileClasspath,runtimeClasspath
-org.springframework.security:spring-security-oauth2-client:6.1.6=compileClasspath,runtimeClasspath
+org.springframework.security:spring-security-oauth2-client:6.1.7=compileClasspath,runtimeClasspath
 org.springframework.security:spring-security-oauth2-core:6.1.6=compileClasspath,runtimeClasspath
 org.springframework.security:spring-security-oauth2-jose:6.1.6=compileClasspath,runtimeClasspath
 org.springframework.security:spring-security-oauth2-resource-server:6.1.6=compileClasspath,runtimeClasspath