[#863] Placed Dependencies and Dependency Versions In TOML file (#885)

* issue_863: Successfully moved all the dependencies to toml file and currently replacing dependencies listed in the build.gradle file with the ones referenced in the toml file * issue_863: finished updating dependency versions. Ready for PR * issue_863: downgraded versions since there was an issue with the dependencies versions and the ci/cd pipeline in git. will update each depedency slowly to ensure that upgrades are down correctly. * issue_863: upgrading this slowly but surely * issue_863: upgrading this slowly but surely again. testing to see if github's ci/cd is happy still with these set of changes. * issue_863: upgrading this slowly but surely again. testing to see if github's ci/cd is happy still with these set of changes (again) * issue_863: upgrading this slowly but surely again. testing to see if github's ci/cd is happy still with these set of changes (again) partIII * issue_863: Part IV of upgrading this slowly to see if github's ci/cd is happy still with these set of changes (again) * issue_863: Part V of upgrading this slowly to see if github's ci/cd is happy still with these set of changes (again) * issue_863: Part VI of updating dependencies slowly * issue_863: Part VII of updating dependencies * issue_863: Part 8 of updating dependencies * issue_863: Part 9 of updating dependencies * issue_863: Part 10 of updating dependencies * issue_863: Part 12 of updating dependencies * issue_863: Part 13 of updating dependencies * issue_863: Part 14 of updating dependencies * issue_863: Part 15 of updating dependencies * issue_863: Updating tomcat core. * issue_863: removed some critical vulnerable dependencies * issue_863: updated spring boot version. second try at it. * issue_863: undid spring update. need to figure out how to smoothly transition to newer spring. * issue_863: updated spring boot, hibernate, and spring retry. Removed an unused dependency. * issue_863: removed unused dependencies and am currently resolving critical vulnerable dependendcies * issue_863: reverted changes from last commit. let's see if that makes a difference * issue_863: Updated gradle version, fixed more vulnerabilities, now figuring what to do with the remaining vulnerabilities. * issue_863: Updated gradle plugins version, fixed more vulnerabilities, now figuring what to do with the remaining vulnerabilities. * issue_863: Updated gradle plugins version again. Ready for PR. Vulnerability issues will be addressed in another PR. I've cut down vulnerabilities by quite a lot and I want to test the new OWASP plugin against the remaining vulnerabilities. * issue_863: Finishing touches to the PR. Upgraded some more dependencies and removed unused one. * issue_863: Removed testng from codebase. Has been officially replaced with spring junit.
2025-01-31 08:25:39 +00:00 · 2025-01-13 09:53:04 -05:00 · 2025-01-13 09:53:04 -05:00 · 11691e5b29
commit 11691e5b29
parent ad0966941d
14 changed files with 491 additions and 615 deletions
--- a/HIRS_AttestationCA/build.gradle
+++ b/HIRS_AttestationCA/build.gradle
@ -1,20 +1,6 @@
 plugins {
-    id 'java'
-    id 'io.spring.dependency-management' version '1.1.0'
+    id 'io.spring.dependency-management' version '1.1.7'
    id 'com.google.protobuf' version '0.9.4'
-    id 'checkstyle'
-}
-
-java {
-    toolchain {
-        languageVersion = JavaLanguageVersion.of(17)
-    }
-}
-
-repositories {
-    mavenCentral()
-
-    flatDir { dirs "lib" }
 }

 configurations {
@ -27,63 +13,42 @@ dependencies {
    implementation project(':HIRS_Utils')
    implementation project(':HIRS_Structs')

-    implementation 'org.springframework.boot:spring-boot-starter-data-jpa:3.0.1'
-    implementation 'com.github.darrachequesne:spring-data-jpa-datatables:6.0.1'
-    implementation 'org.springframework.retry:spring-retry:2.0.0'
-    implementation libs.springdatajpa
-
    implementation libs.bouncycastle
    implementation libs.commons.codec
+    implementation libs.commons.io
    implementation libs.commons.lang3
-    implementation libs.jakarta.api
-    implementation libs.jakarta.xml
-    implementation libs.hibernate.core
-    implementation libs.pci
    implementation libs.guava
    implementation libs.jackson.core
    implementation libs.jackson.databind
+    implementation libs.jakarta.persistence.api
+    implementation libs.jakarta.xml
+    implementation libs.spring.boot.starter.log4j2
    implementation libs.minimal.json
+
+    // pull the pci dependency and ...
+    implementation libs.pci
+    // and explicitly include the patched version of the apache http client dependency
+    implementation libs.apacheHttpClient
+
    implementation libs.protobuf.java
-    implementation 'org.apache.logging.log4j:log4j-core:2.19.0'
-    implementation 'org.apache.logging.log4j:log4j-api:2.19.0'
+    implementation libs.spring.boot.starter.data.jpa
+    implementation libs.spring.retry
+    implementation libs.spring.boot.starter.web
+    implementation libs.spring.framework.webmvc

-    testImplementation 'org.apache.directory.studio:org.apache.commons.io:2.4'
-    testImplementation 'org.hamcrest:hamcrest:2.2'
-    testImplementation 'org.junit.jupiter:junit-jupiter:5.9.3'
-    testImplementation 'org.junit.platform:junit-platform-launcher:1.9.3'
-    testImplementation 'org.mockito:mockito-core:4.2.0'
-    testImplementation 'org.springframework:spring-test:6.0.8'
-
-    compileOnly "com.github.spotbugs:spotbugs-annotations:${spotBugAnnotationVersion}"
-    annotationProcessor "com.github.spotbugs:spotbugs-annotations:${spotBugAnnotationVersion}"
-
-    // spring management
    compileOnly libs.lombok
-    implementation libs.lombok
    annotationProcessor libs.lombok
+
+    compileOnly libs.spotbugs.annotations
+    annotationProcessor libs.spotbugs.annotations
+
+    testImplementation libs.commons.io
+    testImplementation libs.spring.boot.starter.test
+
+    testCompileOnly libs.lombok
+    testAnnotationProcessor libs.lombok
 }
-checkstyle {
-    toolVersion = '10.12.7'
-    configFile file("${rootDir}/config/checkstyle/checkstyle.xml")
-}
-// https://github.com/checkstyle/checkstyle/issues/14211#issuecomment-1884129948
-configurations.checkstyle {
-    resolutionStrategy.capabilitiesResolution.withCapability("com.google.collections:google-collections") {
-        select("com.google.guava:guava:0")
-    }
-}
-checkstyleMain {
-    source = 'src/main/java'
-}
-checkstyleTest {
-    source = 'src/test/java'
-}
-tasks.withType(Checkstyle) {
-    reports {
-        xml.required = false
-        html.required = true
-    }
-}
+
 protobuf {
    protoc {
        artifact = 'com.google.protobuf:protoc:3.24.3'
--- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/UserDefinedEntity.java
+++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/UserDefinedEntity.java
@ -19,10 +19,10 @@ public abstract class UserDefinedEntity extends ArchivableEntity {

    @Column(nullable = false, unique = true)
    @NonNull
-    private String name;
+    private String name = "";

    @ToString.Exclude
-    @Column(nullable = false, unique = false)
+    @Column(nullable = false)
    @NonNull
    private String description = "";

--- a/HIRS_AttestationCAPortal/build.gradle
+++ b/HIRS_AttestationCAPortal/build.gradle
@ -1,25 +1,17 @@
 plugins {
    id 'application'
-    id 'java'
    id 'war'
-    id 'com.netflix.nebula.ospackage' version '11.8.0'
-    id 'org.springframework.boot' version '3.0.6'
-    id 'io.spring.dependency-management' version '1.1.0'
-    id 'checkstyle'
+    id 'com.netflix.nebula.ospackage' version '11.10.0'
+    id 'org.springframework.boot' version '3.0.13'
+    id 'io.spring.dependency-management' version '1.1.7'
 }

 // Get version from main project gradle
-def packVersion = properties.get("packageVersion");
-def jarVersion = properties.get("jarVersion");
-def projVersion = properties.get("projVersion");
+def packVersion = properties.get("packageVersion")
+def jarVersion = properties.get("jarVersion")
+def projVersion = properties.get("projVersion")
 //println "packageVersion is ${projVersion}"

-java {
-    toolchain {
-        languageVersion = JavaLanguageVersion.of(17)
-    }
-}
-
 bootRun {
    if (project.hasProperty('debug')) {
        jvmArgs project.debug
@ -33,63 +25,40 @@ configurations {
    all*.exclude module: 'spring-boot-starter-logging'
 }

-repositories {
-    flatDir { dirs "lib" }
-    mavenCentral()
-}
-
 dependencies {
    implementation project(':HIRS_Utils')
    implementation project(':HIRS_AttestationCA')

-    implementation libs.pci
-    implementation libs.gson
    implementation libs.bouncycastle
    implementation libs.guava
+    implementation libs.gson
+    implementation libs.jakarta.persistence.api
    implementation libs.jakarta.servlet
-    implementation libs.jakarta.api
    implementation libs.jakarta.xml

-    implementation 'org.springframework.boot:spring-boot-starter-web'
-    implementation 'org.springframework.boot:spring-boot-starter-validation'
-    implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
-    implementation 'org.springframework.boot:spring-boot-starter-log4j2'
-    implementation 'org.apache.logging.log4j:log4j-spring-boot'
-    implementation 'org.projectlombok:lombok'
-    implementation 'commons-fileupload:commons-fileupload:1.5'
-    implementation 'org.apache.tomcat.embed:tomcat-embed-jasper:10.1.5'
+    // pull the pci dependency and ...
+    implementation libs.pci
+    // and explicitly include the patched version of the apache http client dependency
+    implementation libs.apacheHttpClient

-    compileOnly 'org.projectlombok:lombok'
-    implementation 'org.mariadb.jdbc:mariadb-java-client:3.1.4'
-    annotationProcessor 'org.projectlombok:lombok'
-    providedRuntime 'org.springframework.boot:spring-boot-starter-tomcat'
+    implementation libs.mariadb.java.client
+    implementation libs.spring.boot.starter.web
+    //implementation libs.spring.framework.webmvc
+    implementation libs.spring.boot.starter.validation
+    implementation libs.spring.boot.starter.data.jpa
+    implementation libs.spring.boot.starter.log4j2
+    implementation libs.tomcat.embed.jasper

-    testImplementation 'org.springframework.boot:spring-boot-starter-test'
-    testImplementation 'org.junit.jupiter:junit-jupiter:5.9.3'
-    testImplementation 'org.hsqldb:hsqldb'
-}
+    compileOnly libs.lombok
+    annotationProcessor libs.lombok

-checkstyle {
-    toolVersion = '10.12.7'
-    configFile file("${rootDir}/config/checkstyle/checkstyle.xml")
-}
-// https://github.com/checkstyle/checkstyle/issues/14211#issuecomment-1884129948
-configurations.checkstyle {
-    resolutionStrategy.capabilitiesResolution.withCapability("com.google.collections:google-collections") {
-        select("com.google.guava:guava:0")
-    }
-}
-checkstyleMain {
-    source = 'src/main/java'
-}
-checkstyleTest {
-    source = 'src/test/java'
-}
-tasks.withType(Checkstyle) {
-    reports {
-        xml.required = false
-        html.required = true
-    }
+    providedRuntime libs.spring.boot.starter.tomcat
+
+    testImplementation libs.hsqldb
+    testImplementation libs.spring.boot.starter.test
+
+    testCompileOnly libs.lombok
+    testAnnotationProcessor libs.lombok
 }

 test {
--- a/HIRS_Structs/build.gradle
+++ b/HIRS_Structs/build.gradle
@ -1,56 +1,19 @@
-plugins {
-    id 'java'
-    id 'checkstyle'
-}
-
-java {
-    toolchain {
-        languageVersion = JavaLanguageVersion.of(17)
-    }
-}
-
-repositories {
-    mavenCentral()
-
-    flatDir { dirs "lib" }
-}
-
 dependencies {
-    implementation 'org.apache.commons:commons-lang3:3.13.0'
+    implementation libs.commons.lang3

-//    testCompile libs.mockito
-    testImplementation 'org.junit.jupiter:junit-jupiter:5.9.3'
-    testImplementation 'org.junit.platform:junit-platform-launcher:1.9.3'
-    testImplementation 'org.hamcrest:hamcrest:2.2'
+    compileOnly libs.lombok
+    annotationProcessor libs.lombok
+
+    testImplementation libs.spring.boot.starter.test
+
+    testCompileOnly libs.lombok
+    testAnnotationProcessor libs.lombok
 }

 test {
    useJUnitPlatform()
 }

-checkstyle {
-    toolVersion = '10.12.7'
-    configFile file("${rootDir}/config/checkstyle/checkstyle.xml")
-}
-// https://github.com/checkstyle/checkstyle/issues/14211#issuecomment-1884129948
-configurations.checkstyle {
-    resolutionStrategy.capabilitiesResolution.withCapability("com.google.collections:google-collections") {
-        select("com.google.guava:guava:0")
-    }
-}
-checkstyleMain {
-    source = 'src/main/java'
-}
-checkstyleTest {
-    source = 'src/test/java'
-}
-tasks.withType(Checkstyle) {
-    reports {
-        xml.required = false
-        html.required = true
-    }
-}
-
 //publishing {
 //    publications {
 //        maven(MavenPublication) {
@ -59,5 +22,3 @@ tasks.withType(Checkstyle) {
 //        }
 //    }
 //}
-
-
--- a/HIRS_Utils/build.gradle
+++ b/HIRS_Utils/build.gradle
@ -1,24 +1,8 @@
-plugins {
-    id 'java'
-    id 'checkstyle'
-}
 // Get version from main project gradle
 def packVersion = properties.get("packageVersion")
 def jarVersion = properties.get("jarVersion")
 //println "packageVersion is ${projVersion}"

-
-java {
-    toolchain {
-        languageVersion = JavaLanguageVersion.of(17)
-    }
-}
-
-repositories {
-    mavenCentral()
-    flatDir { dirs "lib" }
-}
-
 configurations {
    compileOnly {
        extendsFrom annotationProcessor
@ -28,54 +12,33 @@ configurations {

 dependencies {
    implementation libs.bouncycastle
-    implementation libs.lombok
-    implementation libs.jackson.core
-    implementation libs.jackson.databind
-    implementation libs.jakarta.api
-    implementation libs.jakarta.xml
-    implementation libs.guava
    implementation libs.commons.codec
    implementation libs.commons.lang3
    implementation libs.commons.io
+    implementation libs.glassfish.jaxb.runtime
+    implementation libs.guava
+    implementation libs.jackson.core
+    implementation libs.jackson.databind
+    implementation libs.jakarta.persistence.api
+    implementation libs.jakarta.xml
+    implementation libs.spring.boot.starter.log4j2
    implementation libs.minimal.json
+
+    // pull the pci dependency and ...
    implementation libs.pci
+    // and explicitly include the patched version of the apache http client dependency
+    implementation libs.apacheHttpClient

-    implementation 'org.apache.logging.log4j:log4j-core:2.19.0'
-    implementation 'org.apache.logging.log4j:log4j-api:2.19.0'
-    implementation 'org.glassfish.jaxb:jaxb-runtime:4.0.1'
-    implementation 'org.slf4j:slf4j-simple:1.7.30'
-
-    testImplementation 'org.junit.jupiter:junit-jupiter:5.9.3'
-    testImplementation 'org.junit.platform:junit-platform-launcher:1.9.3'
-    testImplementation 'org.hamcrest:hamcrest:2.2'
-    testImplementation 'org.mockito:mockito-core:4.2.0'
-    testImplementation project(path: ':HIRS_AttestationCA')
+    implementation libs.slf4j.simple

    compileOnly libs.lombok
    annotationProcessor libs.lombok
-}

-checkstyle {
-    toolVersion = '10.12.7'
-    configFile file("${rootDir}/config/checkstyle/checkstyle.xml")
-}
-// https://github.com/checkstyle/checkstyle/issues/14211#issuecomment-1884129948
-configurations.checkstyle {
-    resolutionStrategy.capabilitiesResolution.withCapability("com.google.collections:google-collections") {
-        select("com.google.guava:guava:0")
-    }
-}
-checkstyleMain {
-    source = 'src/main/java'
-}
-checkstyleTest {
-    source = 'src/test/java'
-}
-tasks.withType(Checkstyle) {
-    reports {
-        xml.required = false
-        html.required = true
-    }
+    testImplementation libs.spring.boot.starter.test
+    testImplementation project(path: ':HIRS_AttestationCA')
+
+    testCompileOnly libs.lombok
+    testAnnotationProcessor libs.lombok
 }

 test {
--- a/build.gradle
+++ b/build.gradle
@ -1,9 +1,13 @@
+import com.github.spotbugs.snom.SpotBugsTask
+
 import java.util.concurrent.TimeUnit

 plugins {
    // Apply the application plugin to add support for building a CLI application in Java.
    id 'application'
-    id 'com.github.spotbugs' version '6.0.4' apply false
+    id 'checkstyle'
+    id 'com.github.spotbugs' version '6.0.13' apply false
+    id 'java'
 }

 // Global checkstyle file
@ -11,12 +15,44 @@ ext.checkstyleConfigFile = new File(rootDir, "/config/checkstyle/sun_checks.xml"

 subprojects {
    apply plugin: "com.github.spotbugs"
+    apply plugin: "java"
+    apply plugin: "checkstyle"
+
+    repositories {
+        flatDir { dirs "lib" }
+        mavenCentral()
+    }
+
+    java {
+        toolchain {
+            languageVersion = JavaLanguageVersion.of(17)
+        }
+    }
+
+    checkstyle {
+        toolVersion = '10.20.0'
+        configFile file("${rootDir}/config/checkstyle/checkstyle.xml")
+    }
+
+    checkstyleMain {
+        source = 'src/main/java'
+    }
+    checkstyleTest {
+        source = 'src/test/java'
+    }
+
+    tasks.withType(Checkstyle).configureEach {
+        reports {
+            xml.required = false
+            html.required = true
+        }
+    }

    spotbugs {
        excludeFilter = file('config/spotbugs/spotbugs-exclude.xml')
    }

-    tasks.withType(com.github.spotbugs.snom.SpotBugsTask) {
+    tasks.withType(SpotBugsTask).configureEach {
        reports {
            html.required = true
        }
--- a/gradle.properties
+++ b/gradle.properties
@ -1,7 +1,5 @@
 excludeGroups=rhel-6,performance
 includeGroups=
 org.gradle.daemon=true
-org.gradle.jvmargs=-Xms256m -Xmx1024m
+org.gradle.jvmargs=-Xms1g -Xmx4g
 org.gradle.caching=true
-#dependency versions
-spotBugAnnotationVersion=4.8.6
--- a/gradle/versions.toml
+++ b/gradle/versions.toml
@ -0,0 +1,68 @@
+[versions]
+apacheHttpClientVersion = "4.5.14"
+bouncyCastleVersion = "1.79"
+commonsCodecVersion = "1.17.1"
+commonsIoVersion = "2.18.0"
+commonsLang3Version = "3.17.0"
+gsonVersion = "2.11.0"
+glassfishJakartaJsonVersion = "2.0.1"
+glassfishJaxbRuntimeVersion = "4.0.5"
+guavaVersion = "33.3.1-jre"
+jacksonVersion = "2.18.2"
+jakartaPersistenceApiVersion = "3.2.0"
+jakartaServletVersion = "3.0.0"
+jakartaXmlVersion = "4.0.2"
+jcommanderVersion = "2.0"
+lombokVersion = "1.18.36"
+mariadbVersion = "3.5.1"
+minimalJsonVersion = "0.9.5"
+ospackageVersion = "11.2.0"
+pciVersion = "0.3"
+protobufJavaVersion = "4.28.3"
+springBootVersion = "3.4.0"
+springCoreVersion = "6.2.1"
+springRetryVersion = "2.0.10"
+tomcatVersion = "10.1.33"
+
+#test dependencies versions
+hsqldbVersion = "2.7.3"
+slf4jVersion = "2.0.16"
+spotBugAnnotationVersion = "4.8.6"
+
+[libraries]
+apacheHttpClient = { module = "org.apache.httpcomponents:httpclient", version.ref = "apacheHttpClientVersion" }
+bouncycastle = { module = "org.bouncycastle:bcmail-jdk18on", version.ref = "bouncyCastleVersion" }
+commons-codec = { module = "commons-codec:commons-codec", version.ref = "commonsCodecVersion" }
+commons-io = { module = "commons-io:commons-io", version.ref = "commonsIoVersion" }
+commons-lang3 = { module = "org.apache.commons:commons-lang3", version.ref = "commonsLang3Version" }
+gson = { module = "com.google.code.gson:gson", version.ref = "gsonVersion" }
+glassfish-jakarta-json = { module = "org.glassfish:jakarta.json", version.ref = "glassfishJakartaJsonVersion" }
+glassfish-jaxb-runtime = { module = "org.glassfish.jaxb:jaxb-runtime", version.ref = "glassfishJaxbRuntimeVersion" }
+guava = { module = "com.google.guava:guava", version.ref = "guavaVersion" }
+jackson-core = { module = "com.fasterxml.jackson.core:jackson-core", version.ref = "jacksonVersion" }
+jackson-databind = { module = "com.fasterxml.jackson.core:jackson-databind", version.ref = "jacksonVersion" }
+jakarta-persistence-api = { module = "jakarta.persistence:jakarta.persistence-api", version.ref = "jakartaPersistenceApiVersion" }
+jakarta-servlet = { module = "org.glassfish.web:jakarta.servlet.jsp.jstl", version.ref = "jakartaServletVersion" }
+jakarta-xml = { module = "jakarta.xml.bind:jakarta.xml.bind-api", version.ref = "jakartaXmlVersion" }
+jcommander = { module = "org.jcommander:jcommander", version.ref = "jcommanderVersion" }
+lombok = { module = "org.projectlombok:lombok", version.ref = "lombokVersion" }
+mariadb-java-client = { module = "org.mariadb.jdbc:mariadb-java-client", version.ref = "mariadbVersion" }
+minimal-json = { module = "com.eclipsesource.minimal-json:minimal-json", version.ref = "minimalJsonVersion" }
+pci = { module = "com.github.marandus:pci-ids", version.ref = "pciVersion" }
+protobuf-java = { module = "com.google.protobuf:protobuf-java", version.ref = "protobufJavaVersion" }
+slf4j-simple = { module = "org.slf4j:slf4j-simple", version.ref = "slf4jVersion" }
+spring-boot-starter-data-jpa = { module = "org.springframework.boot:spring-boot-starter-data-jpa", version.ref = "springBootVersion" }
+spring-boot-starter-log4j2 = { module = "org.springframework.boot:spring-boot-starter-log4j2", version.ref = "springBootVersion" }
+spring-boot-starter-tomcat = { module = "org.springframework.boot:spring-boot-starter-tomcat", version.ref = "springBootVersion" }
+spring-boot-starter-validation = { module = "org.springframework.boot:spring-boot-starter-validation", version.ref = "springBootVersion" }
+spring-boot-starter-web = { module = "org.springframework.boot:spring-boot-starter-web", version.ref = "springBootVersion" }
+spring-framework-webmvc = { module = "org.springframework:spring-webmvc", version.ref = "springCoreVersion" }
+spring-retry = { module = "org.springframework.retry:spring-retry", version.ref = "springRetryVersion" }
+tomcat-embed-jasper = { module = "org.apache.tomcat.embed:tomcat-embed-jasper", version.ref = "tomcatVersion" }
+
+# test dependencies
+hsqldb = { module = "org.hsqldb:hsqldb", version.ref = "hsqldbVersion" }
+spring-boot-starter-test = { module = "org.springframework.boot:spring-boot-starter-test", version.ref = "springBootVersion" }
+spotbugs-annotations = { module = "com.github.spotbugs:spotbugs-annotations", version.ref = "spotBugAnnotationVersion" }
+
+[plugins]
--- a/gradle/wrapper/gradle-wrapper.properties
+++ b/gradle/wrapper/gradle-wrapper.properties
@ -1,6 +1,6 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.3-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.11.1-bin.zip
 networkTimeout=10000
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
--- a/settings.gradle
+++ b/settings.gradle
@ -9,34 +9,8 @@ include 'HIRS_Utils',

 dependencyResolutionManagement {
    versionCatalogs {
-        libs {
-            version('springboot', '3.0.1')
-            version('jackson', '2.14.2')
-            library('commons-codec', 'commons-codec:commons-codec:1.15')
-            library('commons_io',    'commons-io:commons-io:2.11.0')
-            library('commons-lang3', 'org.apache.commons:commons-lang3:3.13.0')
-            library('bouncycastle', 'org.bouncycastle:bcmail-jdk18on:1.77')
-            library('glassfish_json',   'org.glassfish:javax.json:1.1.4')
-            library('glassfish_jaxb_runtime',   'org.glassfish.jaxb:jaxb-runtime:2.3.1')
-            library('gson', 'com.google.code.gson:gson:2.10.1')
-            library('guava', 'com.google.guava:guava:31.1-jre')
-            library('minimal-json', 'com.eclipsesource.minimal-json:minimal-json:0.9.5')
-            library('protobuf-java', 'com.google.protobuf:protobuf-java:3.24.1')
-            library('jakarta-servlet', 'org.glassfish.web:jakarta.servlet.jsp.jstl:3.0.0')
-            library('jakarta-api', 'jakarta.persistence:jakarta.persistence-api:3.1.0')
-            library('jakarta-xml', 'jakarta.xml.bind:jakarta.xml.bind-api:4.0.0')
-            library('jcommander',    'org.jcommander:jcommander:1.83')
-            library('hibernate-core', 'org.hibernate:hibernate-core:6.1.7.Final')
-            library('jackson-core', 'com.fasterxml.jackson.core', 'jackson-core').versionRef('jackson')
-            library('jackson-databind', 'com.fasterxml.jackson.core', 'jackson-databind').versionRef('jackson')
-            library('pci', 'com.github.marandus:pci-ids:0.3')
-            library('ospackage', 'com.netflix.nebula:gradle-ospackage-plugin:11.2.0')
-            library('springdatajpa', 'org.springframework.boot:spring-boot-starter-web:3.0.1')
-//            library('spring-datajpa', 'org.springframework.boot', 'spring-boot-starter-data-jpa').version('springboot')
-//            library('spring-datajpa', 'org.springframework.boot', 'spring-boot-starter-web').version('springboot')
-//            library('spring-datajpa', 'org.springframework.boot', 'spring-boot-starter-validation').version('springboot')
-            library('lombok', 'org.projectlombok:lombok:1.18.26')
-            library('testng', 'org.testng:testng:7.4.0')
+        create("libs") {
+            from(files("gradle/versions.toml"))
        }
    }
 }
--- a/tools/tcg_eventlog_tool/build.gradle
+++ b/tools/tcg_eventlog_tool/build.gradle
@ -1,52 +1,18 @@
-import java.util.concurrent.TimeUnit
 plugins {
-      id "java"
-      id "com.netflix.nebula.ospackage" version "11.4.0"
-      id 'checkstyle'
+    id "com.netflix.nebula.ospackage" version "11.10.0"
 }
 // Get version from main project gradle
 def packVersion = properties.get("packageVersion");
 def jarVersion = properties.get("jarVersion");

-java {
-    toolchain {
-        languageVersion = JavaLanguageVersion.of(17)
-    }
-}
-
-repositories {
-    mavenCentral()
-    flatDir { dirs "lib" }
-}
-
 dependencies {
    implementation project(':HIRS_Utils')
-    implementation libs.jcommander
    implementation libs.commons.io
+    implementation libs.jcommander
 }

 ext.configDir = new File(projectDir, 'config')

-checkstyle {
-    toolVersion = '10.12.7'
-    configFile file("${rootDir}/config/checkstyle/checkstyle.xml")
-}
-// https://github.com/checkstyle/checkstyle/issues/14211#issuecomment-1884129948
-configurations.checkstyle {
-    resolutionStrategy.capabilitiesResolution.withCapability("com.google.collections:google-collections") {
-        select("com.google.guava:guava:0")
-    }
-}
-checkstyleMain {
-    source ='src/main/java'
-}
-tasks.withType(Checkstyle) {
-    reports {
-        xml.required = false
-        html.required = true
-    }
-}
-
 jar {
    // Keep jar clean:
    exclude 'META-INF/*.SF', 'META-INF/*.DSA', 'META-INF/*.RSA', 'META-INF/*.MF'
--- a/tools/tcg_rim_tool/build.gradle
+++ b/tools/tcg_rim_tool/build.gradle
@ -1,70 +1,40 @@
 plugins {
-       id "java"
-       id 'com.netflix.nebula.ospackage' version '11.4.0'
-       id 'com.intershop.gradle.jaxb' version '5.1.0'
-       id 'checkstyle'
+    id 'com.netflix.nebula.ospackage' version '11.10.0'
+    id 'com.intershop.gradle.jaxb' version '7.0.1'
 }

 // Get version from main project gradle
 def packVersion = properties.get("packageVersion");
 def jarVersion = properties.get("jarVersion");

-java {
-    toolchain {
-        languageVersion = JavaLanguageVersion.of(17)
-    }
-}
-
-repositories {
-	mavenCentral()
-	flatDir { dirs "lib" }
-}
-
 dependencies {
    implementation project(':HIRS_Utils')

    implementation libs.bouncycastle
-	implementation libs.glassfish.json
-	implementation libs.glassfish.jaxb.runtime
-	implementation libs.jcommander
-	implementation libs.jakarta.api
-	implementation libs.jakarta.xml
    implementation libs.commons.codec
-	implementation libs.hibernate.core
-	implementation libs.jackson.databind
-	implementation 'org.apache.logging.log4j:log4j-core:2.19.0'
+    implementation libs.glassfish.jakarta.json
+    implementation libs.glassfish.jaxb.runtime
    implementation libs.guava
+    implementation libs.jcommander
+    implementation libs.jackson.databind
+    implementation libs.jakarta.persistence.api
+    implementation libs.jakarta.xml
+    implementation libs.spring.boot.starter.log4j2
+    implementation libs.spring.boot.starter.data.jpa

    compileOnly libs.lombok
-    implementation libs.lombok
    annotationProcessor libs.lombok

-    testImplementation libs.testng
+    testImplementation libs.spring.boot.starter.test
+
+    testCompileOnly libs.lombok
+    testAnnotationProcessor libs.lombok
+
 }
 test {
    testLogging.showStandardStreams true
 }

-checkstyle {
-    toolVersion = '10.12.7'
-    configFile file("${rootDir}/config/checkstyle/checkstyle.xml")
-}
-// https://github.com/checkstyle/checkstyle/issues/14211#issuecomment-1884129948
-configurations.checkstyle {
-    resolutionStrategy.capabilitiesResolution.withCapability("com.google.collections:google-collections") {
-        select("com.google.guava:guava:0")
-    }
-}
-checkstyleMain {
-    source ='src/main/java'
-}
-tasks.withType(Checkstyle) {
-    reports {
-        xml.required = false
-        html.required = true
-    }
-}
-
 jar {
    exclude 'META-INF/*.SF', 'META-INF/*.DSA', 'META-INF/*.RSA', 'META-INF/*.MF'
    duplicatesStrategy = DuplicatesStrategy.EXCLUDE
--- a/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java
+++ b/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java
@ -9,6 +9,10 @@ import hirs.utils.xjc.ObjectFactory;
 import hirs.utils.xjc.ResourceCollection;
 import hirs.utils.xjc.SoftwareIdentity;
 import hirs.utils.xjc.SoftwareMeta;
+import jakarta.json.Json;
+import jakarta.json.JsonException;
+import jakarta.json.JsonObject;
+import jakarta.json.JsonReader;
 import jakarta.xml.bind.JAXBContext;
 import jakarta.xml.bind.JAXBElement;
 import jakarta.xml.bind.JAXBException;
@ -17,10 +21,6 @@ import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;

-import javax.json.Json;
-import javax.json.JsonException;
-import javax.json.JsonObject;
-import javax.json.JsonReader;
 import javax.xml.crypto.MarshalException;
 import javax.xml.crypto.XMLStructure;
 import javax.xml.crypto.dom.DOMStructure;
@ -190,6 +190,7 @@ public class SwidTagGateway {

    /**
     * Setter for timestamp format in XML signature
+     *
     * @param timestampFormat
     */
    public void setTimestampFormat(String timestampFormat) {
@ -198,6 +199,7 @@ public class SwidTagGateway {

    /**
     * Setter for timestamp input - RFC3852 + file or RFC3339 + value
+     *
     * @param timestampArgument
     */
    public void setTimestampArgument(String timestampArgument) {
@ -555,6 +557,7 @@ public class SwidTagGateway {
            addNonNullAttribute(attributes, key, value);
        }
    }
+
    /**
     * This utility method checks if an attribute value is empty before adding it to the map.
     *
@ -707,6 +710,7 @@ public class SwidTagGateway {
    /**
     * This method creates a timestamp element and populates it with data according to
     * the RFC format set in timestampFormat.  The element is returned within an XMLObject.
+     *
     * @param doc        the Document representing the XML to be signed
     * @param sigFactory the SignatureFactory object
     * @return an XMLObject containing the timestamp element
--- a/tools/tcg_rim_tool/src/test/java/hirs/swid/TestSwidTagGateway.java
+++ b/tools/tcg_rim_tool/src/test/java/hirs/swid/TestSwidTagGateway.java
@ -1,20 +1,19 @@
 package hirs.swid;

 import hirs.utils.rim.ReferenceManifestValidator;
+import org.junit.jupiter.api.Test;
+import org.springframework.test.context.event.annotation.AfterTestClass;
+import org.springframework.test.context.event.annotation.BeforeTestClass;

 import java.io.FileInputStream;
 import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.io.InputStream;

-import org.testng.Assert;
-import org.testng.annotations.BeforeClass;
-import org.testng.annotations.AfterClass;
-import org.testng.annotations.Test;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+

 public class TestSwidTagGateway {
-	private SwidTagGateway gateway;
-	private ReferenceManifestValidator validator;
    private final String DEFAULT_OUTPUT = "generated_swidTag.swidtag";
    private final String BASE_USER_CERT = "generated_user_cert.swidtag";
    private final String BASE_USER_CERT_EMBED = "generated_user_cert_embed.swidtag";
@ -35,9 +34,11 @@ public class TestSwidTagGateway {
            .getResource("TpmLog.bin").getPath();
    private final String RFC3852_COUNTERSIGNATURE_FILE = TestSwidTagGateway.class.getClassLoader()
            .getResource("counterSignature.file").getPath();
+    private SwidTagGateway gateway;
+    private ReferenceManifestValidator validator;
    private InputStream expectedFile;

-	@BeforeClass
+    @BeforeTestClass
    public void setUp() throws Exception {
        gateway = new SwidTagGateway();
        gateway.setRimEventLog(SUPPORT_RIM_FILE);
@ -47,7 +48,7 @@ public class TestSwidTagGateway {
        validator.setTrustStoreFile(CA_CHAIN_FILE);
    }

-	@AfterClass
+    @AfterTestClass
    public void tearDown() throws Exception {
        if (expectedFile != null) {
            expectedFile.close();
@ -68,9 +69,9 @@ public class TestSwidTagGateway {
        gateway.generateSwidTag(DEFAULT_OUTPUT);
        expectedFile = TestSwidTagGateway.class.getClassLoader()
                .getResourceAsStream(BASE_USER_CERT);
-		Assert.assertTrue(compareFileBytesToExpectedFile(DEFAULT_OUTPUT));
+        assertTrue(compareFileBytesToExpectedFile(DEFAULT_OUTPUT));
        validator.setRim(DEFAULT_OUTPUT);
-		Assert.assertTrue(validator.validateRim(SIGNING_CERT_FILE));
+        assertTrue(validator.validateRim(SIGNING_CERT_FILE));
    }

    /**
@ -88,9 +89,9 @@ public class TestSwidTagGateway {
        gateway.generateSwidTag(DEFAULT_OUTPUT);
        expectedFile = TestSwidTagGateway.class.getClassLoader()
                .getResourceAsStream(BASE_USER_CERT_EMBED);
-		Assert.assertTrue(compareFileBytesToExpectedFile(DEFAULT_OUTPUT));
+        assertTrue(compareFileBytesToExpectedFile(DEFAULT_OUTPUT));
        validator.setRim(DEFAULT_OUTPUT);
-		Assert.assertTrue(validator.validateRim(SIGNING_CERT_FILE));
+        assertTrue(validator.validateRim(SIGNING_CERT_FILE));
    }

    /**
@ -104,9 +105,9 @@ public class TestSwidTagGateway {
        gateway.generateSwidTag(DEFAULT_OUTPUT);
        expectedFile = TestSwidTagGateway.class.getClassLoader()
                .getResourceAsStream(BASE_DEFAULT_CERT);
-		Assert.assertTrue(compareFileBytesToExpectedFile(DEFAULT_OUTPUT));
+        assertTrue(compareFileBytesToExpectedFile(DEFAULT_OUTPUT));
        validator.setRim(DEFAULT_OUTPUT);
-		Assert.assertTrue(validator.validateRim(SIGNING_CERT_FILE));
+        assertTrue(validator.validateRim(SIGNING_CERT_FILE));
    }

    /**
@ -122,9 +123,9 @@ public class TestSwidTagGateway {
        gateway.generateSwidTag(DEFAULT_OUTPUT);
        expectedFile = TestSwidTagGateway.class.getClassLoader()
                .getResourceAsStream(BASE_RFC3339_TIMESTAMP);
-		Assert.assertTrue(compareFileBytesToExpectedFile(DEFAULT_OUTPUT));
+        assertTrue(compareFileBytesToExpectedFile(DEFAULT_OUTPUT));
        validator.setRim(DEFAULT_OUTPUT);
-		Assert.assertTrue(validator.validateRim(SIGNING_CERT_FILE));
+        assertTrue(validator.validateRim(SIGNING_CERT_FILE));
    }

    /**
@ -140,9 +141,9 @@ public class TestSwidTagGateway {
        gateway.generateSwidTag(DEFAULT_OUTPUT);
        expectedFile = TestSwidTagGateway.class.getClassLoader()
                .getResourceAsStream(BASE_RFC3852_TIMESTAMP);
-		Assert.assertTrue(compareFileBytesToExpectedFile(DEFAULT_OUTPUT));
+        assertTrue(compareFileBytesToExpectedFile(DEFAULT_OUTPUT));
        validator.setRim(DEFAULT_OUTPUT);
-		Assert.assertTrue(validator.validateRim(SIGNING_CERT_FILE));
+        assertTrue(validator.validateRim(SIGNING_CERT_FILE));
    }

    /**
@ -155,11 +156,12 @@ public class TestSwidTagGateway {
                .getResource(BASE_USER_CERT).getPath();
        System.out.println("Validating file at " + filepath);
        validator.setRim(DEFAULT_OUTPUT);
-		Assert.assertTrue(validator.validateRim(SIGNING_CERT_FILE));
+        assertTrue(validator.validateRim(SIGNING_CERT_FILE));
    }

    /**
     * This method compares two files by bytes to determine if they are the same or not.
+     *
     * @param file to be compared to the expected value.
     * @return true if they are equal, false if not.
     */