Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update All patch-minor dependencies #186

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
+287 −239
Open

Update All patch-minor dependencies #186

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
76 changes: 38 additions & 38 deletions build.gradle
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,11 @@ plugins {
id 'application'
id 'idea'
id 'jacoco'
id 'io.spring.dependency-management' version '1.1.4'
id 'org.springframework.boot' version '3.1.12'
id 'com.github.ben-manes.versions' version '0.38.0'
id 'io.spring.dependency-management' version '1.1.7'
id 'org.springframework.boot' version '3.4.1'
id 'com.github.ben-manes.versions' version '0.51.0'
id 'org.sonarqube' version '5.1.0.4882'
id 'uk.gov.hmcts.java' version '0.12.55'
id 'uk.gov.hmcts.java' version '0.12.63'
id 'com.github.spacialcircumstances.gradle-cucumber-reporting' version '0.1.25'
}

Expand Down Expand Up @@ -219,14 +219,14 @@ sonarqube {
}

def versions = [
junit : '5.9.3',
junitPlatform : '1.9.3',
lombok : '1.18.30',
junit : '5.11.4',
junitPlatform : '1.11.4',
lombok : '1.18.36',
mapstruct : '1.4.2.Final',
reformLogging : '6.1.4',
reformLogging : '6.1.7',
springBoot : springBoot.class.package.implementationVersion,
testcontainers : '1.16.3',
jetty : '11.0.18'
testcontainers : '1.20.4',
jetty : '11.0.24'

]

Expand Down Expand Up @@ -260,10 +260,10 @@ dependencyManagement {
dependencies {

// CVE-2018-10237 - Unbounded memory allocation
dependencySet(group: 'com.google.guava', version: '33.0.0-jre') {
dependencySet(group: 'com.google.guava', version: '33.4.0-jre') {
entry 'guava'
}
dependencySet(group: 'org.apache.tomcat.embed', version: '10.1.16') {
dependencySet(group: 'org.apache.tomcat.embed', version: '10.1.34') {
entry 'tomcat-embed-core'
entry 'tomcat-embed-el'
entry 'tomcat-embed-websocket'
Expand Down Expand Up @@ -297,7 +297,7 @@ ext.libraries = [

dependencies {
runtimeOnly 'org.springframework.boot:spring-boot-properties-migrator'
implementation group: 'org.yaml', name: 'snakeyaml', version: '2.2'
implementation group: 'org.yaml', name: 'snakeyaml', version: '2.3'
implementation group: 'org.springframework.boot', name: 'spring-boot-starter-web'
implementation group: 'org.springframework.boot', name: 'spring-boot-starter-actuator'
implementation group: 'org.springframework.boot', name: 'spring-boot-starter-aop'
Expand All @@ -307,37 +307,37 @@ dependencies {
implementation group: 'org.springframework.boot', name: 'spring-boot-starter-validation'
implementation group: 'org.springframework.cloud', name: 'spring-cloud-starter-openfeign'
implementation group: 'org.springframework.cloud', name: 'spring-cloud-openfeign-core'
implementation group: 'io.github.openfeign', name: 'feign-okhttp', version: '13.2.1'
implementation group: 'org.jetbrains.kotlin', name: 'kotlin-stdlib', version: '1.7.22'
implementation group: 'org.jetbrains.kotlin', name: 'kotlin-stdlib-common', version: '1.7.22'
implementation group: 'org.jetbrains.kotlin', name: 'kotlin-stdlib-jdk7', version: '1.7.22'
implementation group: 'org.jetbrains.kotlin', name: 'kotlin-stdlib-jdk8', version: '1.7.22'
implementation group: 'org.springdoc', name: 'springdoc-openapi-starter-webmvc-ui', version: '2.3.0'
implementation group: 'io.github.openfeign', name: 'feign-okhttp', version: '13.5'
implementation group: 'org.jetbrains.kotlin', name: 'kotlin-stdlib', version: '1.9.25'
implementation group: 'org.jetbrains.kotlin', name: 'kotlin-stdlib-common', version: '1.9.25'
implementation group: 'org.jetbrains.kotlin', name: 'kotlin-stdlib-jdk7', version: '1.9.25'
implementation group: 'org.jetbrains.kotlin', name: 'kotlin-stdlib-jdk8', version: '1.9.25'
implementation group: 'org.springdoc', name: 'springdoc-openapi-starter-webmvc-ui', version: '2.8.1'

implementation group: 'com.github.hmcts.java-logging', name: 'logging', version: versions.reformLogging
implementation group: 'net.logstash.logback', name: 'logstash-logback-encoder', version: '7.4'
implementation group: 'ch.qos.logback', name: 'logback-classic', version: '1.4.12'
implementation group: 'ch.qos.logback', name: 'logback-core', version: '1.4.12'
implementation group: 'org.slf4j', name: 'slf4j-api', version: '2.0.9'
implementation group: 'org.slf4j', name: 'jul-to-slf4j', version: '2.0.9'
implementation group: 'ch.qos.logback', name: 'logback-classic', version: '1.5.16'
implementation group: 'ch.qos.logback', name: 'logback-core', version: '1.5.16'
implementation group: 'org.slf4j', name: 'slf4j-api', version: '2.0.16'
implementation group: 'org.slf4j', name: 'jul-to-slf4j', version: '2.0.16'
implementation group: 'com.github.hmcts.java-logging', name: 'logging-appinsights', version: versions.reformLogging

implementation group: 'javax.inject', name: 'javax.inject', version: '1'
implementation group: 'com.azure', name: 'azure-messaging-servicebus', version: '7.17.4'
implementation group: 'com.azure', name: 'azure-core', version: '1.52.0'
implementation group: 'com.azure', name: 'azure-core-amqp', version: '2.9.9'
implementation group: 'com.azure', name: 'azure-messaging-servicebus', version: '7.17.7'
implementation group: 'com.azure', name: 'azure-core', version: '1.54.1'
implementation group: 'com.azure', name: 'azure-core-amqp', version: '2.9.12'

implementation group: 'net.minidev', name: 'json-smart', version: '2.4.9'
implementation group: 'net.minidev', name: 'json-smart', version: '2.5.1'

// CVE Fixes
implementation group: 'org.glassfish', name: 'jakarta.el', version: '4.0.2' // CVE-2021-28170
implementation group: 'org.apache.httpcomponents', name: 'httpclient', version: '4.5.13' // CVE-2020-13956
implementation group: 'com.squareup.okio', name: 'okio', version: '3.4.0' // CVE-2023-3635
implementation group: 'org.eclipse.jgit', name: 'org.eclipse.jgit', version: '6.6.1.202309021850-r' // CVE-2023-4759
implementation group: 'net.minidev', name: 'json-smart', version: '2.4.11' // CVE-2023-1370
implementation group: 'org.apache.httpcomponents', name: 'httpclient', version: '4.5.14' // CVE-2020-13956
implementation group: 'com.squareup.okio', name: 'okio', version: '3.10.1' // CVE-2023-3635
implementation group: 'org.eclipse.jgit', name: 'org.eclipse.jgit', version: '6.10.0.202406032230-r' // CVE-2023-4759
implementation group: 'net.minidev', name: 'json-smart', version: '2.5.1' // CVE-2023-1370

implementation group: 'commons-fileupload', name: 'commons-fileupload', version: '1.5'
implementation group: 'commons-io', name: 'commons-io', version: '2.8.0'
implementation group: 'commons-io', name: 'commons-io', version: '2.18.0'

implementation group: 'org.projectlombok', name: 'lombok', version: versions.lombok
annotationProcessor group: 'org.projectlombok', name: 'lombok', version: versions.lombok
Expand All @@ -362,19 +362,19 @@ dependencies {
implementation group: 'org.eclipse.jetty', name: 'jetty-alpn-conscrypt-client', version: versions.jetty

// Explicitly set versions of io.netty components to resolve CVE-2021-37136 and CVE-2021-37137
implementation group: 'io.projectreactor.netty', name: 'reactor-netty-core', version: '1.1.15'
implementation group: 'io.projectreactor.netty', name: 'reactor-netty-http', version: '1.1.15'
implementation group: 'io.projectreactor.netty', name: 'reactor-netty-core', version: '1.2.1'
implementation group: 'io.projectreactor.netty', name: 'reactor-netty-http', version: '1.2.1'

runtimeOnly group: 'org.postgresql', name: 'postgresql', version: '42.5.5'
runtimeOnly group: 'org.postgresql', name: 'postgresql', version: '42.7.4'

testImplementation libraries.junit5
testImplementation 'org.apiguardian:apiguardian-api:1.0.0' // Temporary fix see https://github.com/junit-team/junit5/issues/1065
testImplementation 'org.apiguardian:apiguardian-api:1.1.2' // Temporary fix see https://github.com/junit-team/junit5/issues/1065
testImplementation group: 'org.springframework.boot', name: 'spring-boot-starter-test', {
exclude group: 'junit', module: 'junit'
exclude group: 'org.junit.vintage', module: 'junit-vintage-engine'
}

testImplementation group: 'org.mockito', name: 'mockito-inline', version: '4.8.1'
testImplementation group: 'org.mockito', name: 'mockito-inline', version: '4.11.0'
testImplementation group: 'org.powermock', name: 'powermock-api-mockito2', version: '2.0.9'
testImplementation group: 'org.powermock', name: 'powermock-module-junit4', version: '2.0.9'
testImplementation group: 'org.testcontainers', name: 'postgresql', version: versions.testcontainers
Expand All @@ -393,7 +393,7 @@ dependencies {
functionalTestImplementation group: 'com.github.hmcts', name: 'befta-fw', version: '9.2.0'
functionalTestImplementation libraries.junit5

testImplementation 'com.github.hmcts:fortify-client:1.3.0:all', {
testImplementation 'com.github.hmcts:fortify-client:1.4.6:all', {
exclude group: 'org.slf4j', module: 'slf4j-api'
}
}
Expand Down
2 changes: 1 addition & 1 deletion gradle/wrapper/gradle-wrapper.properties
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists
distributionUrl=https\://services.gradle.org/distributions/gradle-8.10.2-all.zip
distributionUrl=https\://services.gradle.org/distributions/gradle-8.12-all.zip
networkTimeout=10000
validateDistributionUrl=true
zipStoreBase=GRADLE_USER_HOME
Expand Down
3 changes: 1 addition & 2 deletions gradlew
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,8 +86,7 @@ done
# shellcheck disable=SC2034
APP_BASE_NAME=${0##*/}
# Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
APP_HOME=$( cd -P "${APP_HOME:-./}" > /dev/null && printf '%s
' "$PWD" ) || exit
APP_HOME=$( cd -P "${APP_HOME:-./}" > /dev/null && printf '%s\n' "$PWD" ) || exit

# Use the maximum available, or set MAX_FD != -1 to use that value.
MAX_FD=maximum
Expand Down
2 changes: 1 addition & 1 deletion infrastructure/.terraform-version
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
1.3.9
1.10.4
6 changes: 3 additions & 3 deletions queue-writer-util/build.gradle
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ application {
}

dependencies {
implementation "com.azure:azure-messaging-servicebus:7.0.1"
implementation "org.slf4j:slf4j-api:1.7.5"
implementation "org.slf4j:slf4j-simple:1.7.5"
implementation "com.azure:azure-messaging-servicebus:7.17.7"
implementation "org.slf4j:slf4j-api:1.7.36"
implementation "org.slf4j:slf4j-simple:1.7.36"
}
2 changes: 1 addition & 1 deletion queue-writer-util/gradle/wrapper/gradle-wrapper.properties
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists
distributionUrl=https\://services.gradle.org/distributions/gradle-6.7.1-all.zip
distributionUrl=https\://services.gradle.org/distributions/gradle-6.9.4-all.zip
zipStoreBase=GRADLE_USER_HOME
zipStorePath=wrapper/dists
Loading