issue_863: Updated gradle plugins version, fixed more vulnerabilities, now figuring what to do with the remaining vulnerabilities.

2024-12-19 21:17:59 +00:00 · 2024-12-18 16:44:41 -05:00 · 2024-12-18 16:44:41 -05:00 · 3d795a56ee
commit 3d795a56ee
parent 1c39f8d9d5
6 changed files with 16 additions and 32 deletions
--- a/HIRS_AttestationCA/build.gradle
+++ b/HIRS_AttestationCA/build.gradle
@ -1,5 +1,5 @@
 plugins {
-    id 'io.spring.dependency-management' version '1.1.2'
+    id 'io.spring.dependency-management' version '1.1.7'
    id 'com.google.protobuf' version '0.9.4'
 }

@ -13,7 +13,6 @@ dependencies {
    implementation project(':HIRS_Utils')
    implementation project(':HIRS_Structs')

-
    implementation libs.bouncycastle
    implementation libs.commons.codec
    implementation libs.commons.io
@ -27,19 +26,15 @@ dependencies {
    implementation libs.minimal.json

    // pull the pci dependency and ...
-    implementation(libs.pci) {
-        // explicitly exclude the default apache http client transitive dependency
-        exclude group: 'org.apache.httpcomponents', module: 'httpclient'
-    }
+    implementation libs.pci
    // and explicitly include the patched version of the apache http client dependency
    implementation libs.apacheHttpClient

    implementation libs.protobuf.java
    implementation libs.spring.boot.starter.data.jpa
    implementation libs.spring.retry
-
-    // pull the spring-boot-starter-web dependency and ...
-    implementation(libs.spring.boot.starter.web)
+    implementation libs.spring.boot.starter.web
+    implementation libs.spring.framework.webmvc

    compileOnly libs.lombok
    annotationProcessor libs.lombok
--- a/HIRS_AttestationCAPortal/build.gradle
+++ b/HIRS_AttestationCAPortal/build.gradle
@ -1,9 +1,9 @@
 plugins {
    id 'application'
    id 'war'
-    id 'com.netflix.nebula.ospackage' version '11.8.0'
-    id 'org.springframework.boot' version '3.0.8'
-    id 'io.spring.dependency-management' version '1.1.2'
+    id 'com.netflix.nebula.ospackage' version '11.10.0'
+    id 'org.springframework.boot' version '3.0.13'
+    id 'io.spring.dependency-management' version '1.1.7'
 }

 // Get version from main project gradle
@ -37,18 +37,13 @@ dependencies {
    implementation libs.jakarta.xml

    // pull the pci dependency and ...
-    implementation(libs.pci) {
-        // explicitly exclude the default apache http client transitive dependency
-        exclude group: 'org.apache.httpcomponents', module: 'httpclient'
-    }
+    implementation libs.pci
    // and explicitly include the patched version of the apache http client dependency
    implementation libs.apacheHttpClient

    implementation libs.mariadb.java.client
-
-    // pull the spring-boot-starter-web dependency and ...
-    implementation(libs.spring.boot.starter.web)
-
+    implementation libs.spring.boot.starter.web
+    //implementation libs.spring.framework.webmvc
    implementation libs.spring.boot.starter.validation
    implementation libs.spring.boot.starter.data.jpa
    implementation libs.spring.boot.starter.log4j2
@ -64,7 +59,6 @@ dependencies {

    testCompileOnly libs.lombok
    testAnnotationProcessor libs.lombok
-
 }

 test {
--- a/HIRS_Utils/build.gradle
+++ b/HIRS_Utils/build.gradle
@ -25,10 +25,7 @@ dependencies {
    implementation libs.minimal.json

    // pull the pci dependency and ...
-    implementation(libs.pci) {
-        // explicitly exclude the default apache http client transitive dependency
-        exclude group: 'org.apache.httpcomponents', module: 'httpclient'
-    }
+    implementation libs.pci
    // and explicitly include the patched version of the apache http client dependency
    implementation libs.apacheHttpClient

--- a/build.gradle
+++ b/build.gradle
@ -6,7 +6,7 @@ plugins {
    // Apply the application plugin to add support for building a CLI application in Java.
    id 'application'
    id 'checkstyle'
-    id 'com.github.spotbugs' version '6.0.4' apply false
+    id 'com.github.spotbugs' version '6.0.13' apply false
    id 'java'
 }

--- a/gradle/versions.toml
+++ b/gradle/versions.toml
@ -20,8 +20,8 @@ ospackageVersion = "11.2.0"
 pciVersion = "0.3"
 protobufJavaVersion = "4.28.3"
 springBootVersion = "3.4.0"
-springRetryVersion = "2.0.10"
 springCoreVersion = "6.2.1"
+springRetryVersion = "2.0.10"
 testngVersion = "7.10.2"
 tomcatVersion = "10.1.33"

@ -58,8 +58,7 @@ spring-boot-starter-log4j2 = { module = "org.springframework.boot:spring-boot-st
 spring-boot-starter-tomcat = { module = "org.springframework.boot:spring-boot-starter-tomcat", version.ref = "springBootVersion" }
 spring-boot-starter-validation = { module = "org.springframework.boot:spring-boot-starter-validation", version.ref = "springBootVersion" }
 spring-boot-starter-web = { module = "org.springframework.boot:spring-boot-starter-web", version.ref = "springBootVersion" }
-#spring-framework-webmvc = { module = "org.springframework:spring-webmvc", version.ref = "springCoreVersion" }
-#spring-framework-web = { module = "org.springframework:spring-web", version.ref = "springCoreVersion" }
+spring-framework-webmvc = { module = "org.springframework:spring-webmvc", version.ref = "springCoreVersion" }
 spring-retry = { module = "org.springframework.retry:spring-retry", version.ref = "springRetryVersion" }
 tomcat-embed-jasper = { module = "org.apache.tomcat.embed:tomcat-embed-jasper", version.ref = "tomcatVersion" }
 testng = { module = "org.testng:testng", version.ref = "testngVersion" }
--- a/tools/tcg_rim_tool/build.gradle
+++ b/tools/tcg_rim_tool/build.gradle
@ -1,6 +1,6 @@
 plugins {
-    id 'com.netflix.nebula.ospackage' version '11.4.0'
-    id 'com.intershop.gradle.jaxb' version '5.1.0'
+    id 'com.netflix.nebula.ospackage' version '11.10.0'
+    id 'com.intershop.gradle.jaxb' version '7.0.1'
 }

 // Get version from main project gradle
@ -10,7 +10,6 @@ def jarVersion = properties.get("jarVersion");
 dependencies {
    implementation project(':HIRS_Utils')

-
    implementation libs.bouncycastle
    implementation libs.commons.codec
    implementation libs.glassfish.jakarta.json