mirror of
https://github.com/nsacyber/HIRS.git
synced 2024-12-18 20:47:58 +00:00
issue_863: Updated gradle version, fixed more vulnerabilities, now figuring what to do with the remaining vulnerabilities.
Some checks failed
Dotnet Provisioner Unit Tests / Restore and Run Unit Tests (ubuntu-20.04) (push) Has been cancelled
Dotnet Provisioner Unit Tests / Restore and Run Unit Tests (windows-2022) (push) Has been cancelled
HIRS Build and Unit Test / ACA_Provisioner_Unit_Tests (push) Has been cancelled
HIRS System Tests / DockerTests (push) Has been cancelled
Dotnet Provisioner Unit Tests / Evaluate Tests (push) Has been cancelled
Some checks failed
Dotnet Provisioner Unit Tests / Restore and Run Unit Tests (ubuntu-20.04) (push) Has been cancelled
Dotnet Provisioner Unit Tests / Restore and Run Unit Tests (windows-2022) (push) Has been cancelled
HIRS Build and Unit Test / ACA_Provisioner_Unit_Tests (push) Has been cancelled
HIRS System Tests / DockerTests (push) Has been cancelled
Dotnet Provisioner Unit Tests / Evaluate Tests (push) Has been cancelled
This commit is contained in:
parent
301689ddb6
commit
1c39f8d9d5
@ -1,5 +1,5 @@
|
||||
plugins {
|
||||
id 'io.spring.dependency-management' version '1.1.0'
|
||||
id 'io.spring.dependency-management' version '1.1.2'
|
||||
id 'com.google.protobuf' version '0.9.4'
|
||||
}
|
||||
|
||||
@ -18,28 +18,28 @@ dependencies {
|
||||
implementation libs.commons.codec
|
||||
implementation libs.commons.io
|
||||
implementation libs.commons.lang3
|
||||
implementation libs.hibernate.core
|
||||
implementation libs.guava
|
||||
implementation libs.jackson.core
|
||||
implementation libs.jackson.databind
|
||||
implementation libs.jakarta.persistence.api
|
||||
implementation libs.jakarta.xml
|
||||
implementation libs.log4j.api
|
||||
implementation libs.log4j.core
|
||||
implementation libs.spring.boot.starter.log4j2
|
||||
implementation libs.minimal.json
|
||||
|
||||
// pull the pci dependency and ...
|
||||
implementation(libs.pci) {
|
||||
// replace the default apache http client transitive dependency
|
||||
// explicitly exclude the default apache http client transitive dependency
|
||||
exclude group: 'org.apache.httpcomponents', module: 'httpclient'
|
||||
}
|
||||
// with the non-vulnerable version of the apache http client dependency
|
||||
// and explicitly include the patched version of the apache http client dependency
|
||||
implementation libs.apacheHttpClient
|
||||
|
||||
implementation libs.protobuf.java
|
||||
implementation libs.spring.boot.starter.data.jpa
|
||||
implementation libs.spring.retry
|
||||
implementation libs.spring.boot.starter.web
|
||||
|
||||
// pull the spring-boot-starter-web dependency and ...
|
||||
implementation(libs.spring.boot.starter.web)
|
||||
|
||||
compileOnly libs.lombok
|
||||
annotationProcessor libs.lombok
|
||||
@ -48,11 +48,7 @@ dependencies {
|
||||
annotationProcessor libs.spotbugs.annotations
|
||||
|
||||
testImplementation libs.commons.io
|
||||
testImplementation libs.hamcrest
|
||||
testImplementation libs.junit.jupiter
|
||||
testImplementation libs.junit.platform.launcher
|
||||
testImplementation libs.mockito.core
|
||||
testImplementation libs.spring.test
|
||||
testImplementation libs.spring.boot.starter.test
|
||||
|
||||
testCompileOnly libs.lombok
|
||||
testAnnotationProcessor libs.lombok
|
||||
|
@ -3,7 +3,7 @@ plugins {
|
||||
id 'war'
|
||||
id 'com.netflix.nebula.ospackage' version '11.8.0'
|
||||
id 'org.springframework.boot' version '3.0.8'
|
||||
id 'io.spring.dependency-management' version '1.1.0'
|
||||
id 'io.spring.dependency-management' version '1.1.2'
|
||||
}
|
||||
|
||||
// Get version from main project gradle
|
||||
@ -35,18 +35,20 @@ dependencies {
|
||||
implementation libs.jakarta.persistence.api
|
||||
implementation libs.jakarta.servlet
|
||||
implementation libs.jakarta.xml
|
||||
implementation libs.log4j.spring.boot
|
||||
|
||||
// pull the pci dependency and ...
|
||||
implementation(libs.pci) {
|
||||
// replace the default apache http client transitive dependency
|
||||
// explicitly exclude the default apache http client transitive dependency
|
||||
exclude group: 'org.apache.httpcomponents', module: 'httpclient'
|
||||
}
|
||||
// with the non-vulnerable version of the apache http client dependency
|
||||
// and explicitly include the patched version of the apache http client dependency
|
||||
implementation libs.apacheHttpClient
|
||||
|
||||
implementation libs.mariadb.java.client
|
||||
implementation libs.spring.boot.starter.web
|
||||
|
||||
// pull the spring-boot-starter-web dependency and ...
|
||||
implementation(libs.spring.boot.starter.web)
|
||||
|
||||
implementation libs.spring.boot.starter.validation
|
||||
implementation libs.spring.boot.starter.data.jpa
|
||||
implementation libs.spring.boot.starter.log4j2
|
||||
@ -57,7 +59,6 @@ dependencies {
|
||||
|
||||
providedRuntime libs.spring.boot.starter.tomcat
|
||||
|
||||
testImplementation libs.junit.jupiter
|
||||
testImplementation libs.hsqldb
|
||||
testImplementation libs.spring.boot.starter.test
|
||||
|
||||
|
@ -4,10 +4,7 @@ dependencies {
|
||||
compileOnly libs.lombok
|
||||
annotationProcessor libs.lombok
|
||||
|
||||
// testCompile libs.mockito
|
||||
testImplementation libs.junit.jupiter
|
||||
testImplementation libs.junit.platform.launcher
|
||||
testImplementation libs.hamcrest
|
||||
testImplementation libs.spring.boot.starter.test
|
||||
|
||||
testCompileOnly libs.lombok
|
||||
testAnnotationProcessor libs.lombok
|
||||
|
@ -21,16 +21,15 @@ dependencies {
|
||||
implementation libs.jackson.databind
|
||||
implementation libs.jakarta.persistence.api
|
||||
implementation libs.jakarta.xml
|
||||
implementation libs.log4j.core
|
||||
implementation libs.log4j.api
|
||||
implementation libs.spring.boot.starter.log4j2
|
||||
implementation libs.minimal.json
|
||||
|
||||
// pull the pci dependency and ...
|
||||
implementation(libs.pci) {
|
||||
// replace the default apache http client transitive dependency
|
||||
// explicitly exclude the default apache http client transitive dependency
|
||||
exclude group: 'org.apache.httpcomponents', module: 'httpclient'
|
||||
}
|
||||
// with the non-vulnerable version of the apache http client dependency
|
||||
// and explicitly include the patched version of the apache http client dependency
|
||||
implementation libs.apacheHttpClient
|
||||
|
||||
implementation libs.slf4j.simple
|
||||
@ -38,10 +37,7 @@ dependencies {
|
||||
compileOnly libs.lombok
|
||||
annotationProcessor libs.lombok
|
||||
|
||||
testImplementation libs.junit.jupiter
|
||||
testImplementation libs.junit.platform.launcher
|
||||
testImplementation libs.hamcrest
|
||||
testImplementation libs.mockito.core
|
||||
testImplementation libs.spring.boot.starter.test
|
||||
testImplementation project(path: ':HIRS_AttestationCA')
|
||||
|
||||
testCompileOnly libs.lombok
|
||||
|
@ -1,3 +1,5 @@
|
||||
import com.github.spotbugs.snom.SpotBugsTask
|
||||
|
||||
import java.util.concurrent.TimeUnit
|
||||
|
||||
plugins {
|
||||
@ -50,7 +52,7 @@ subprojects {
|
||||
excludeFilter = file('config/spotbugs/spotbugs-exclude.xml')
|
||||
}
|
||||
|
||||
tasks.withType(com.github.spotbugs.snom.SpotBugsTask).configureEach {
|
||||
tasks.withType(SpotBugsTask).configureEach {
|
||||
reports {
|
||||
html.required = true
|
||||
}
|
||||
|
@ -2,5 +2,4 @@ excludeGroups=rhel-6,performance
|
||||
includeGroups=
|
||||
org.gradle.daemon=true
|
||||
org.gradle.jvmargs=-Xms1g -Xmx4g
|
||||
org.gradle.caching=true
|
||||
org.gradle.parallel=true
|
||||
org.gradle.caching=true
|
@ -8,32 +8,26 @@ gsonVersion = "2.11.0"
|
||||
glassfishJakartaJsonVersion = "2.0.1"
|
||||
glassfishJaxbRuntimeVersion = "4.0.5"
|
||||
guavaVersion = "33.3.1-jre"
|
||||
hibernateCoreVersion = "6.2.32.Final"
|
||||
jacksonVersion = "2.18.0"
|
||||
jacksonVersion = "2.18.2"
|
||||
jakartaPersistenceApiVersion = "3.2.0"
|
||||
jakartaServletVersion = "3.0.0"
|
||||
jakartaXmlVersion = "4.0.2"
|
||||
jcommanderVersion = "1.85"
|
||||
log4jVersion = "2.24.2"
|
||||
lombokVersion = "1.18.34"
|
||||
mariadbVersion = "3.4.0"
|
||||
minimalJsonVersion = "0.9.5"
|
||||
ospackageVersion = "11.2.0"
|
||||
pciVersion = "0.3"
|
||||
protobufJavaVersion = "4.28.3"
|
||||
springBootVersion = "3.0.8"
|
||||
springBootVersion = "3.4.0"
|
||||
springRetryVersion = "2.0.10"
|
||||
springCoreVersion = "6.2.1"
|
||||
testngVersion = "7.10.2"
|
||||
tomcatVersion = "10.1.33"
|
||||
|
||||
#test dependencies versions
|
||||
hamcrestVersion = "3.0"
|
||||
hsqldbVersion = "2.7.3"
|
||||
junitJupiterVersion = "5.11.3"
|
||||
junitPlatformVersion = "1.11.3"
|
||||
mockitoVersion = "5.14.2"
|
||||
slf4jVersion = "2.0.16"
|
||||
springTestVersion = "6.0.8"
|
||||
spotBugAnnotationVersion = "4.8.6"
|
||||
|
||||
[libraries]
|
||||
@ -46,16 +40,12 @@ gson = { module = "com.google.code.gson:gson", version.ref = "gsonVersion" }
|
||||
glassfish-jakarta-json = { module = "org.glassfish:jakarta.json", version.ref = "glassfishJakartaJsonVersion" }
|
||||
glassfish-jaxb-runtime = { module = "org.glassfish.jaxb:jaxb-runtime", version.ref = "glassfishJaxbRuntimeVersion" }
|
||||
guava = { module = "com.google.guava:guava", version.ref = "guavaVersion" }
|
||||
hibernate-core = { module = "org.hibernate:hibernate-core", version.ref = "hibernateCoreVersion" }
|
||||
jackson-core = { module = "com.fasterxml.jackson.core:jackson-core", version.ref = "jacksonVersion" }
|
||||
jackson-databind = { module = "com.fasterxml.jackson.core:jackson-databind", version.ref = "jacksonVersion" }
|
||||
jakarta-persistence-api = { module = "jakarta.persistence:jakarta.persistence-api", version.ref = "jakartaPersistenceApiVersion" }
|
||||
jakarta-servlet = { module = "org.glassfish.web:jakarta.servlet.jsp.jstl", version.ref = "jakartaServletVersion" }
|
||||
jakarta-xml = { module = "jakarta.xml.bind:jakarta.xml.bind-api", version.ref = "jakartaXmlVersion" }
|
||||
jcommander = { module = "org.jcommander:jcommander", version.ref = "jcommanderVersion" }
|
||||
log4j-api = { module = "org.apache.logging.log4j:log4j-api", version.ref = "log4jVersion" }
|
||||
log4j-core = { module = "org.apache.logging.log4j:log4j-core", version.ref = "log4jVersion" }
|
||||
log4j-spring-boot = { module = "org.apache.logging.log4j:log4j-spring-boot", version.ref = "log4jVersion" }
|
||||
lombok = { module = "org.projectlombok:lombok", version.ref = "lombokVersion" }
|
||||
mariadb-java-client = { module = "org.mariadb.jdbc:mariadb-java-client", version.ref = "mariadbVersion" }
|
||||
minimal-json = { module = "com.eclipsesource.minimal-json:minimal-json", version.ref = "minimalJsonVersion" }
|
||||
@ -68,17 +58,14 @@ spring-boot-starter-log4j2 = { module = "org.springframework.boot:spring-boot-st
|
||||
spring-boot-starter-tomcat = { module = "org.springframework.boot:spring-boot-starter-tomcat", version.ref = "springBootVersion" }
|
||||
spring-boot-starter-validation = { module = "org.springframework.boot:spring-boot-starter-validation", version.ref = "springBootVersion" }
|
||||
spring-boot-starter-web = { module = "org.springframework.boot:spring-boot-starter-web", version.ref = "springBootVersion" }
|
||||
#spring-framework-webmvc = { module = "org.springframework:spring-webmvc", version.ref = "springCoreVersion" }
|
||||
#spring-framework-web = { module = "org.springframework:spring-web", version.ref = "springCoreVersion" }
|
||||
spring-retry = { module = "org.springframework.retry:spring-retry", version.ref = "springRetryVersion" }
|
||||
tomcat-embed-jasper = { module = "org.apache.tomcat.embed:tomcat-embed-jasper", version.ref = "tomcatVersion" }
|
||||
testng = { module = "org.testng:testng", version.ref = "testngVersion" }
|
||||
|
||||
# test dependencies
|
||||
hamcrest = { module = "org.hamcrest:hamcrest", version.ref = "hamcrestVersion" }
|
||||
hsqldb = { module = "org.hsqldb:hsqldb", version.ref = "hsqldbVersion" }
|
||||
junit-jupiter = { module = "org.junit.jupiter:junit-jupiter", version.ref = "junitJupiterVersion" }
|
||||
junit-platform-launcher = { module = "org.junit.platform:junit-platform-launcher", version.ref = "junitPlatformVersion" }
|
||||
mockito-core = { module = "org.mockito:mockito-core", version.ref = "mockitoVersion" }
|
||||
spring-test = { module = "org.springframework:spring-test", version.ref = "springTestVersion" }
|
||||
spring-boot-starter-test = { module = "org.springframework.boot:spring-boot-starter-test", version.ref = "springBootVersion" }
|
||||
spotbugs-annotations = { module = "com.github.spotbugs:spotbugs-annotations", version.ref = "spotBugAnnotationVersion" }
|
||||
|
||||
|
2
gradle/wrapper/gradle-wrapper.properties
vendored
2
gradle/wrapper/gradle-wrapper.properties
vendored
@ -1,6 +1,6 @@
|
||||
distributionBase=GRADLE_USER_HOME
|
||||
distributionPath=wrapper/dists
|
||||
distributionUrl=https\://services.gradle.org/distributions/gradle-8.3-bin.zip
|
||||
distributionUrl=https\://services.gradle.org/distributions/gradle-8.11.1-bin.zip
|
||||
networkTimeout=10000
|
||||
zipStoreBase=GRADLE_USER_HOME
|
||||
zipStorePath=wrapper/dists
|
||||
|
@ -16,12 +16,12 @@ dependencies {
|
||||
implementation libs.glassfish.jakarta.json
|
||||
implementation libs.glassfish.jaxb.runtime
|
||||
implementation libs.guava
|
||||
implementation libs.hibernate.core
|
||||
implementation libs.jcommander
|
||||
implementation libs.jackson.databind
|
||||
implementation libs.jakarta.persistence.api
|
||||
implementation libs.jakarta.xml
|
||||
implementation libs.log4j.core
|
||||
implementation libs.spring.boot.starter.log4j2
|
||||
implementation libs.spring.boot.starter.data.jpa
|
||||
|
||||
compileOnly libs.lombok
|
||||
annotationProcessor libs.lombok
|
||||
|
Loading…
Reference in New Issue
Block a user