issue_863: Updated gradle version, fixed more vulnerabilities, now figuring what to do with the remaining vulnerabilities.
Some checks failed
Dotnet Provisioner Unit Tests / Restore and Run Unit Tests (ubuntu-20.04) (push) Has been cancelled
Dotnet Provisioner Unit Tests / Restore and Run Unit Tests (windows-2022) (push) Has been cancelled
HIRS Build and Unit Test / ACA_Provisioner_Unit_Tests (push) Has been cancelled
HIRS System Tests / DockerTests (push) Has been cancelled
Dotnet Provisioner Unit Tests / Evaluate Tests (push) Has been cancelled

This commit is contained in:
TheSilentCoder 2024-12-17 14:58:41 -05:00
parent 301689ddb6
commit 1c39f8d9d5
9 changed files with 32 additions and 54 deletions

View File

@ -1,5 +1,5 @@
plugins {
id 'io.spring.dependency-management' version '1.1.0'
id 'io.spring.dependency-management' version '1.1.2'
id 'com.google.protobuf' version '0.9.4'
}
@ -18,28 +18,28 @@ dependencies {
implementation libs.commons.codec
implementation libs.commons.io
implementation libs.commons.lang3
implementation libs.hibernate.core
implementation libs.guava
implementation libs.jackson.core
implementation libs.jackson.databind
implementation libs.jakarta.persistence.api
implementation libs.jakarta.xml
implementation libs.log4j.api
implementation libs.log4j.core
implementation libs.spring.boot.starter.log4j2
implementation libs.minimal.json
// pull the pci dependency and ...
implementation(libs.pci) {
// replace the default apache http client transitive dependency
// explicitly exclude the default apache http client transitive dependency
exclude group: 'org.apache.httpcomponents', module: 'httpclient'
}
// with the non-vulnerable version of the apache http client dependency
// and explicitly include the patched version of the apache http client dependency
implementation libs.apacheHttpClient
implementation libs.protobuf.java
implementation libs.spring.boot.starter.data.jpa
implementation libs.spring.retry
implementation libs.spring.boot.starter.web
// pull the spring-boot-starter-web dependency and ...
implementation(libs.spring.boot.starter.web)
compileOnly libs.lombok
annotationProcessor libs.lombok
@ -48,11 +48,7 @@ dependencies {
annotationProcessor libs.spotbugs.annotations
testImplementation libs.commons.io
testImplementation libs.hamcrest
testImplementation libs.junit.jupiter
testImplementation libs.junit.platform.launcher
testImplementation libs.mockito.core
testImplementation libs.spring.test
testImplementation libs.spring.boot.starter.test
testCompileOnly libs.lombok
testAnnotationProcessor libs.lombok

View File

@ -3,7 +3,7 @@ plugins {
id 'war'
id 'com.netflix.nebula.ospackage' version '11.8.0'
id 'org.springframework.boot' version '3.0.8'
id 'io.spring.dependency-management' version '1.1.0'
id 'io.spring.dependency-management' version '1.1.2'
}
// Get version from main project gradle
@ -35,18 +35,20 @@ dependencies {
implementation libs.jakarta.persistence.api
implementation libs.jakarta.servlet
implementation libs.jakarta.xml
implementation libs.log4j.spring.boot
// pull the pci dependency and ...
implementation(libs.pci) {
// replace the default apache http client transitive dependency
// explicitly exclude the default apache http client transitive dependency
exclude group: 'org.apache.httpcomponents', module: 'httpclient'
}
// with the non-vulnerable version of the apache http client dependency
// and explicitly include the patched version of the apache http client dependency
implementation libs.apacheHttpClient
implementation libs.mariadb.java.client
implementation libs.spring.boot.starter.web
// pull the spring-boot-starter-web dependency and ...
implementation(libs.spring.boot.starter.web)
implementation libs.spring.boot.starter.validation
implementation libs.spring.boot.starter.data.jpa
implementation libs.spring.boot.starter.log4j2
@ -57,7 +59,6 @@ dependencies {
providedRuntime libs.spring.boot.starter.tomcat
testImplementation libs.junit.jupiter
testImplementation libs.hsqldb
testImplementation libs.spring.boot.starter.test

View File

@ -4,10 +4,7 @@ dependencies {
compileOnly libs.lombok
annotationProcessor libs.lombok
// testCompile libs.mockito
testImplementation libs.junit.jupiter
testImplementation libs.junit.platform.launcher
testImplementation libs.hamcrest
testImplementation libs.spring.boot.starter.test
testCompileOnly libs.lombok
testAnnotationProcessor libs.lombok

View File

@ -21,16 +21,15 @@ dependencies {
implementation libs.jackson.databind
implementation libs.jakarta.persistence.api
implementation libs.jakarta.xml
implementation libs.log4j.core
implementation libs.log4j.api
implementation libs.spring.boot.starter.log4j2
implementation libs.minimal.json
// pull the pci dependency and ...
implementation(libs.pci) {
// replace the default apache http client transitive dependency
// explicitly exclude the default apache http client transitive dependency
exclude group: 'org.apache.httpcomponents', module: 'httpclient'
}
// with the non-vulnerable version of the apache http client dependency
// and explicitly include the patched version of the apache http client dependency
implementation libs.apacheHttpClient
implementation libs.slf4j.simple
@ -38,10 +37,7 @@ dependencies {
compileOnly libs.lombok
annotationProcessor libs.lombok
testImplementation libs.junit.jupiter
testImplementation libs.junit.platform.launcher
testImplementation libs.hamcrest
testImplementation libs.mockito.core
testImplementation libs.spring.boot.starter.test
testImplementation project(path: ':HIRS_AttestationCA')
testCompileOnly libs.lombok

View File

@ -1,3 +1,5 @@
import com.github.spotbugs.snom.SpotBugsTask
import java.util.concurrent.TimeUnit
plugins {
@ -50,7 +52,7 @@ subprojects {
excludeFilter = file('config/spotbugs/spotbugs-exclude.xml')
}
tasks.withType(com.github.spotbugs.snom.SpotBugsTask).configureEach {
tasks.withType(SpotBugsTask).configureEach {
reports {
html.required = true
}

View File

@ -3,4 +3,3 @@ includeGroups=
org.gradle.daemon=true
org.gradle.jvmargs=-Xms1g -Xmx4g
org.gradle.caching=true
org.gradle.parallel=true

View File

@ -8,32 +8,26 @@ gsonVersion = "2.11.0"
glassfishJakartaJsonVersion = "2.0.1"
glassfishJaxbRuntimeVersion = "4.0.5"
guavaVersion = "33.3.1-jre"
hibernateCoreVersion = "6.2.32.Final"
jacksonVersion = "2.18.0"
jacksonVersion = "2.18.2"
jakartaPersistenceApiVersion = "3.2.0"
jakartaServletVersion = "3.0.0"
jakartaXmlVersion = "4.0.2"
jcommanderVersion = "1.85"
log4jVersion = "2.24.2"
lombokVersion = "1.18.34"
mariadbVersion = "3.4.0"
minimalJsonVersion = "0.9.5"
ospackageVersion = "11.2.0"
pciVersion = "0.3"
protobufJavaVersion = "4.28.3"
springBootVersion = "3.0.8"
springBootVersion = "3.4.0"
springRetryVersion = "2.0.10"
springCoreVersion = "6.2.1"
testngVersion = "7.10.2"
tomcatVersion = "10.1.33"
#test dependencies versions
hamcrestVersion = "3.0"
hsqldbVersion = "2.7.3"
junitJupiterVersion = "5.11.3"
junitPlatformVersion = "1.11.3"
mockitoVersion = "5.14.2"
slf4jVersion = "2.0.16"
springTestVersion = "6.0.8"
spotBugAnnotationVersion = "4.8.6"
[libraries]
@ -46,16 +40,12 @@ gson = { module = "com.google.code.gson:gson", version.ref = "gsonVersion" }
glassfish-jakarta-json = { module = "org.glassfish:jakarta.json", version.ref = "glassfishJakartaJsonVersion" }
glassfish-jaxb-runtime = { module = "org.glassfish.jaxb:jaxb-runtime", version.ref = "glassfishJaxbRuntimeVersion" }
guava = { module = "com.google.guava:guava", version.ref = "guavaVersion" }
hibernate-core = { module = "org.hibernate:hibernate-core", version.ref = "hibernateCoreVersion" }
jackson-core = { module = "com.fasterxml.jackson.core:jackson-core", version.ref = "jacksonVersion" }
jackson-databind = { module = "com.fasterxml.jackson.core:jackson-databind", version.ref = "jacksonVersion" }
jakarta-persistence-api = { module = "jakarta.persistence:jakarta.persistence-api", version.ref = "jakartaPersistenceApiVersion" }
jakarta-servlet = { module = "org.glassfish.web:jakarta.servlet.jsp.jstl", version.ref = "jakartaServletVersion" }
jakarta-xml = { module = "jakarta.xml.bind:jakarta.xml.bind-api", version.ref = "jakartaXmlVersion" }
jcommander = { module = "org.jcommander:jcommander", version.ref = "jcommanderVersion" }
log4j-api = { module = "org.apache.logging.log4j:log4j-api", version.ref = "log4jVersion" }
log4j-core = { module = "org.apache.logging.log4j:log4j-core", version.ref = "log4jVersion" }
log4j-spring-boot = { module = "org.apache.logging.log4j:log4j-spring-boot", version.ref = "log4jVersion" }
lombok = { module = "org.projectlombok:lombok", version.ref = "lombokVersion" }
mariadb-java-client = { module = "org.mariadb.jdbc:mariadb-java-client", version.ref = "mariadbVersion" }
minimal-json = { module = "com.eclipsesource.minimal-json:minimal-json", version.ref = "minimalJsonVersion" }
@ -68,17 +58,14 @@ spring-boot-starter-log4j2 = { module = "org.springframework.boot:spring-boot-st
spring-boot-starter-tomcat = { module = "org.springframework.boot:spring-boot-starter-tomcat", version.ref = "springBootVersion" }
spring-boot-starter-validation = { module = "org.springframework.boot:spring-boot-starter-validation", version.ref = "springBootVersion" }
spring-boot-starter-web = { module = "org.springframework.boot:spring-boot-starter-web", version.ref = "springBootVersion" }
#spring-framework-webmvc = { module = "org.springframework:spring-webmvc", version.ref = "springCoreVersion" }
#spring-framework-web = { module = "org.springframework:spring-web", version.ref = "springCoreVersion" }
spring-retry = { module = "org.springframework.retry:spring-retry", version.ref = "springRetryVersion" }
tomcat-embed-jasper = { module = "org.apache.tomcat.embed:tomcat-embed-jasper", version.ref = "tomcatVersion" }
testng = { module = "org.testng:testng", version.ref = "testngVersion" }
# test dependencies
hamcrest = { module = "org.hamcrest:hamcrest", version.ref = "hamcrestVersion" }
hsqldb = { module = "org.hsqldb:hsqldb", version.ref = "hsqldbVersion" }
junit-jupiter = { module = "org.junit.jupiter:junit-jupiter", version.ref = "junitJupiterVersion" }
junit-platform-launcher = { module = "org.junit.platform:junit-platform-launcher", version.ref = "junitPlatformVersion" }
mockito-core = { module = "org.mockito:mockito-core", version.ref = "mockitoVersion" }
spring-test = { module = "org.springframework:spring-test", version.ref = "springTestVersion" }
spring-boot-starter-test = { module = "org.springframework.boot:spring-boot-starter-test", version.ref = "springBootVersion" }
spotbugs-annotations = { module = "com.github.spotbugs:spotbugs-annotations", version.ref = "spotBugAnnotationVersion" }

View File

@ -1,6 +1,6 @@
distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists
distributionUrl=https\://services.gradle.org/distributions/gradle-8.3-bin.zip
distributionUrl=https\://services.gradle.org/distributions/gradle-8.11.1-bin.zip
networkTimeout=10000
zipStoreBase=GRADLE_USER_HOME
zipStorePath=wrapper/dists

View File

@ -16,12 +16,12 @@ dependencies {
implementation libs.glassfish.jakarta.json
implementation libs.glassfish.jaxb.runtime
implementation libs.guava
implementation libs.hibernate.core
implementation libs.jcommander
implementation libs.jackson.databind
implementation libs.jakarta.persistence.api
implementation libs.jakarta.xml
implementation libs.log4j.core
implementation libs.spring.boot.starter.log4j2
implementation libs.spring.boot.starter.data.jpa
compileOnly libs.lombok
annotationProcessor libs.lombok