Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(impl):[TRI-XXX] update spring boot #345

Merged
merged 2 commits into from
Jun 2, 2023
Merged

feat(impl):[TRI-XXX] update spring boot #345

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
928aff1
feat(impl):[TRI-XXX] update spring boot
ds-ext-kmassalski Jun 2, 2023
ec24230
feat(impl):[TRI-XXX] supress owasp finding
ds-ext-kmassalski Jun 2, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions .config/owasp-suppressions.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -138,4 +138,11 @@
<gav regex="true">com\.google\.guava:guava.*</gav>
<vulnerabilityName>CVE-2020-8908</vulnerabilityName>
</suppress>
<suppress>
<notes><![CDATA[
Vulnerability method not in IRS codebase (Files.createTempDir from guava).
]]></notes>
<gav regex="true">com\.google\.guava:guava.*</gav>
<vulnerabilityName>CVE-2023-2976</vulnerabilityName>
</suppress>
</suppressions>
88 changes: 46 additions & 42 deletions DEPENDENCIES
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,16 @@ maven/mavencentral/ch.qos.logback/logback-classic/1.4.7, EPL-1.0 OR LGPL-2.1-onl
maven/mavencentral/ch.qos.logback/logback-core/1.4.7, EPL-1.0 OR LGPL-2.1-only, approved, #3373
maven/mavencentral/com.carrotsearch.thirdparty/simple-xml-safe/2.7.1, Apache-2.0, approved, clearlydefined
maven/mavencentral/com.fasterxml.jackson.core/jackson-annotations/2.13.4, Apache-2.0, approved, clearlydefined
maven/mavencentral/com.fasterxml.jackson.core/jackson-annotations/2.14.2, Apache-2.0, approved, #5303
maven/mavencentral/com.fasterxml.jackson.core/jackson-annotations/2.14.3, Apache-2.0, approved, #5303
maven/mavencentral/com.fasterxml.jackson.core/jackson-core/2.13.4, Apache-2.0, approved, #2133
maven/mavencentral/com.fasterxml.jackson.core/jackson-core/2.14.2, Apache-2.0 AND MIT, approved, #4303
maven/mavencentral/com.fasterxml.jackson.core/jackson-core/2.14.3, Apache-2.0 AND MIT, approved, #4303
maven/mavencentral/com.fasterxml.jackson.core/jackson-databind/2.14.2, Apache-2.0, approved, #4105
maven/mavencentral/com.fasterxml.jackson.core/jackson-databind/2.14.3, Apache-2.0, approved, #4105
maven/mavencentral/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml/2.14.2, Apache-2.0, approved, #5933
maven/mavencentral/com.fasterxml.jackson.datatype/jackson-datatype-jdk8/2.14.2, Apache-2.0, approved, clearlydefined
maven/mavencentral/com.fasterxml.jackson.datatype/jackson-datatype-jsr310/2.14.2, Apache-2.0, approved, #4699
maven/mavencentral/com.fasterxml.jackson.module/jackson-module-parameter-names/2.14.2, Apache-2.0, approved, #5938
maven/mavencentral/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml/2.14.3, Apache-2.0, approved, #5933
maven/mavencentral/com.fasterxml.jackson.datatype/jackson-datatype-jdk8/2.14.3, Apache-2.0, approved, #8597
maven/mavencentral/com.fasterxml.jackson.datatype/jackson-datatype-jsr310/2.14.3, Apache-2.0, approved, #4699
maven/mavencentral/com.fasterxml.jackson.module/jackson-module-parameter-names/2.14.3, Apache-2.0, approved, #5938
maven/mavencentral/com.fasterxml/classmate/1.5.1, Apache-2.0, approved, clearlydefined
maven/mavencentral/com.github.docker-java/docker-java-api/3.2.13, Apache-2.0, approved, clearlydefined
maven/mavencentral/com.github.docker-java/docker-java-transport-zerodep/3.2.13, Apache-2.0 AND (Apache-2.0 AND BSD-3-Clause), approved, #3059
Expand Down Expand Up @@ -49,9 +51,9 @@ maven/mavencentral/io.github.resilience4j/resilience4j-retry/2.0.2, Apache-2.0,
maven/mavencentral/io.github.resilience4j/resilience4j-spring-boot3/2.0.2, Apache-2.0, approved, #7276
maven/mavencentral/io.github.resilience4j/resilience4j-spring6/2.0.2, Apache-2.0, approved, #7277
maven/mavencentral/io.github.resilience4j/resilience4j-timelimiter/2.0.2, Apache-2.0, approved, clearlydefined
maven/mavencentral/io.micrometer/micrometer-commons/1.10.6, Apache-2.0 AND (Apache-2.0 AND MIT), approved, #7333
maven/mavencentral/io.micrometer/micrometer-core/1.10.6, Apache-2.0 AND (Apache-2.0 AND MIT), approved, #6977
maven/mavencentral/io.micrometer/micrometer-observation/1.10.6, Apache-2.0, approved, #7331
maven/mavencentral/io.micrometer/micrometer-commons/1.10.7, Apache-2.0 AND (Apache-2.0 AND MIT), approved, #7333
maven/mavencentral/io.micrometer/micrometer-core/1.10.7, Apache-2.0 AND (Apache-2.0 AND MIT), approved, #6977
maven/mavencentral/io.micrometer/micrometer-observation/1.10.7, Apache-2.0, approved, #7331
maven/mavencentral/io.micrometer/micrometer-registry-prometheus/1.10.4, Apache-2.0, approved, #4721
maven/mavencentral/io.minio/minio/8.5.2, Apache-2.0, approved, clearlydefined
maven/mavencentral/io.prometheus/simpleclient/0.16.0, Apache-2.0, approved, clearlydefined
Expand All @@ -67,7 +69,7 @@ maven/mavencentral/io.swagger.core.v3/swagger-models-jakarta/2.2.7, Apache-2.0,
maven/mavencentral/io.swagger.core.v3/swagger-models/2.2.0, Apache-2.0, approved, clearlydefined
maven/mavencentral/io.swagger/swagger-annotations/1.6.8, Apache-2.0, approved, #3792
maven/mavencentral/jakarta.activation/jakarta.activation-api/1.2.1, EPL-2.0 OR BSD-3-Clause OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jaf
maven/mavencentral/jakarta.activation/jakarta.activation-api/2.1.1, EPL-2.0 OR BSD-3-Clause OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jaf
maven/mavencentral/jakarta.activation/jakarta.activation-api/2.1.2, EPL-2.0 OR BSD-3-Clause OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jaf
maven/mavencentral/jakarta.annotation/jakarta.annotation-api/2.1.1, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.ca
maven/mavencentral/jakarta.validation/jakarta.validation-api/3.0.2, Apache-2.0, approved, clearlydefined
maven/mavencentral/jakarta.xml.bind/jakarta.xml.bind-api/2.3.2, BSD-3-Clause, approved, ee4j.jaxb
Expand All @@ -80,8 +82,10 @@ maven/mavencentral/net.java.dev.jna/jna/5.8.0, Apache-2.0 OR LGPL-2.1-or-later,
maven/mavencentral/net.jimblackler.jsonschemafriend/core/0.11.4, Apache-2.0, approved, #3269
maven/mavencentral/net.jimblackler.jsonschemafriend/extra/0.11.4, Apache-2.0, approved, #3270
maven/mavencentral/net.jimblackler/jsonschemafriend/0.11.4, Apache-2.0, approved, #3271
maven/mavencentral/net.minidev/accessors-smart/2.4.11, Apache-2.0, approved, #7515
maven/mavencentral/net.minidev/accessors-smart/2.4.9, Apache-2.0, approved, #7515
maven/mavencentral/net.minidev/json-smart/2.4.10, Apache-2.0, approved, #3288
maven/mavencentral/net.minidev/json-smart/2.4.11, Apache-2.0, approved, #3288
maven/mavencentral/org.apache.commons/commons-compress/1.21, Apache-2.0 AND BSD-3-Clause AND bzip2-1.0.6 AND LicenseRef-Public-Domain, approved, CQ23710
maven/mavencentral/org.apache.commons/commons-compress/1.22, Apache-2.0 AND BSD-3-Clause, approved, #4299
maven/mavencentral/org.apache.commons/commons-lang3/3.12.0, Apache-2.0, approved, clearlydefined
Expand Down Expand Up @@ -124,10 +128,10 @@ maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib/1.7.22, Apache-2.0, approv
maven/mavencentral/org.jetbrains/annotations/15.0, Apache-2.0, approved, clearlydefined
maven/mavencentral/org.jetbrains/annotations/17.0.0, Apache-2.0, approved, clearlydefined
maven/mavencentral/org.jsoup/jsoup/1.15.4, MIT, approved, #3272
maven/mavencentral/org.junit.jupiter/junit-jupiter-api/5.9.2, EPL-2.0, approved, #3133
maven/mavencentral/org.junit.jupiter/junit-jupiter-params/5.9.2, EPL-2.0, approved, #3134
maven/mavencentral/org.junit.jupiter/junit-jupiter/5.9.2, EPL-2.0, approved, #6972
maven/mavencentral/org.junit.platform/junit-platform-commons/1.9.2, EPL-2.0, approved, #3130
maven/mavencentral/org.junit.jupiter/junit-jupiter-api/5.9.3, EPL-2.0, approved, #3133
maven/mavencentral/org.junit.jupiter/junit-jupiter-params/5.9.3, EPL-2.0, approved, #3134
maven/mavencentral/org.junit.jupiter/junit-jupiter/5.9.3, EPL-2.0, approved, #6972
maven/mavencentral/org.junit.platform/junit-platform-commons/1.9.3, EPL-2.0, approved, #3130
maven/mavencentral/org.mockito/mockito-core/4.8.1, MIT, approved, clearlydefined
maven/mavencentral/org.mockito/mockito-junit-jupiter/4.8.1, MIT, approved, clearlydefined
maven/mavencentral/org.opentest4j/opentest4j/1.2.0, Apache-2.0, approved, clearlydefined
Expand All @@ -142,26 +146,26 @@ maven/mavencentral/org.springdoc/springdoc-openapi-common/1.6.7, Apache-2.0, app
maven/mavencentral/org.springdoc/springdoc-openapi-starter-common/2.0.2, Apache-2.0, approved, #5920
maven/mavencentral/org.springdoc/springdoc-openapi-starter-webmvc-api/2.0.2, Apache-2.0, approved, #5950
maven/mavencentral/org.springdoc/springdoc-openapi-starter-webmvc-ui/2.0.2, Apache-2.0, approved, #5923
maven/mavencentral/org.springframework.boot/spring-boot-actuator-autoconfigure/3.0.6, Apache-2.0, approved, #7336
maven/mavencentral/org.springframework.boot/spring-boot-actuator/3.0.6, Apache-2.0, approved, #7334
maven/mavencentral/org.springframework.boot/spring-boot-autoconfigure/3.0.6, Apache-2.0, approved, #6981
maven/mavencentral/org.springframework.boot/spring-boot-starter-actuator/3.0.6, Apache-2.0, approved, #6983
maven/mavencentral/org.springframework.boot/spring-boot-starter-aop/3.0.6, Apache-2.0, approved, #6965
maven/mavencentral/org.springframework.boot/spring-boot-starter-json/3.0.6, Apache-2.0, approved, #7006
maven/mavencentral/org.springframework.boot/spring-boot-starter-log4j2/3.0.6, Apache-2.0, approved, #7332
maven/mavencentral/org.springframework.boot/spring-boot-starter-logging/3.0.6, Apache-2.0, approved, #6982
maven/mavencentral/org.springframework.boot/spring-boot-starter-oauth2-client/3.0.6, Apache-2.0, approved, #5932
maven/mavencentral/org.springframework.boot/spring-boot-starter-oauth2-resource-server/3.0.6, Apache-2.0, approved, #6967
maven/mavencentral/org.springframework.boot/spring-boot-starter-security/3.0.6, Apache-2.0, approved, #7329
maven/mavencentral/org.springframework.boot/spring-boot-starter-test/3.0.6, Apache-2.0, approved, #7001
maven/mavencentral/org.springframework.boot/spring-boot-starter-tomcat/3.0.6, Apache-2.0, approved, #6987
maven/mavencentral/org.springframework.boot/spring-boot-starter-validation/3.0.6, Apache-2.0, approved, #6971
maven/mavencentral/org.springframework.boot/spring-boot-starter-web/3.0.6, Apache-2.0, approved, #5945
maven/mavencentral/org.springframework.boot/spring-boot-starter/3.0.6, Apache-2.0, approved, #7330
maven/mavencentral/org.springframework.boot/spring-boot-test-autoconfigure/3.0.6, Apache-2.0, approved, #6966
maven/mavencentral/org.springframework.boot/spring-boot-test/3.0.6, Apache-2.0, approved, #6976
maven/mavencentral/org.springframework.boot/spring-boot/3.0.6, Apache-2.0, approved, #7327
maven/mavencentral/org.springframework.data/spring-data-commons/3.0.5, Apache-2.0, approved, #5943
maven/mavencentral/org.springframework.boot/spring-boot-actuator-autoconfigure/3.0.7, Apache-2.0, approved, #7336
maven/mavencentral/org.springframework.boot/spring-boot-actuator/3.0.7, Apache-2.0, approved, #7334
maven/mavencentral/org.springframework.boot/spring-boot-autoconfigure/3.0.7, Apache-2.0, approved, #6981
maven/mavencentral/org.springframework.boot/spring-boot-starter-actuator/3.0.7, Apache-2.0, approved, #6983
maven/mavencentral/org.springframework.boot/spring-boot-starter-aop/3.0.7, Apache-2.0, approved, #6965
maven/mavencentral/org.springframework.boot/spring-boot-starter-json/3.0.7, Apache-2.0, approved, #7006
maven/mavencentral/org.springframework.boot/spring-boot-starter-log4j2/3.0.7, Apache-2.0, approved, #7332
maven/mavencentral/org.springframework.boot/spring-boot-starter-logging/3.0.7, Apache-2.0, approved, #6982
maven/mavencentral/org.springframework.boot/spring-boot-starter-oauth2-client/3.0.7, Apache-2.0, approved, #5932
maven/mavencentral/org.springframework.boot/spring-boot-starter-oauth2-resource-server/3.0.7, Apache-2.0, approved, #6967
maven/mavencentral/org.springframework.boot/spring-boot-starter-security/3.0.7, Apache-2.0, approved, #7329
maven/mavencentral/org.springframework.boot/spring-boot-starter-test/3.0.7, Apache-2.0, approved, #7001
maven/mavencentral/org.springframework.boot/spring-boot-starter-tomcat/3.0.7, Apache-2.0, approved, #6987
maven/mavencentral/org.springframework.boot/spring-boot-starter-validation/3.0.7, Apache-2.0, approved, #6971
maven/mavencentral/org.springframework.boot/spring-boot-starter-web/3.0.7, Apache-2.0, approved, #5945
maven/mavencentral/org.springframework.boot/spring-boot-starter/3.0.7, Apache-2.0, approved, #7330
maven/mavencentral/org.springframework.boot/spring-boot-test-autoconfigure/3.0.7, Apache-2.0, approved, #6966
maven/mavencentral/org.springframework.boot/spring-boot-test/3.0.7, Apache-2.0, approved, #6976
maven/mavencentral/org.springframework.boot/spring-boot/3.0.7, Apache-2.0, approved, #7327
maven/mavencentral/org.springframework.data/spring-data-commons/3.0.6, Apache-2.0, approved, #5943
maven/mavencentral/org.springframework.security/spring-security-config/6.0.3, Apache-2.0, approved, #7338
maven/mavencentral/org.springframework.security/spring-security-core/6.0.3, Apache-2.0, approved, #7325
maven/mavencentral/org.springframework.security/spring-security-crypto/6.0.3, Apache-2.0 AND ISC, approved, #7326
Expand All @@ -170,15 +174,15 @@ maven/mavencentral/org.springframework.security/spring-security-oauth2-core/6.0.
maven/mavencentral/org.springframework.security/spring-security-oauth2-jose/6.0.3, Apache-2.0, approved, #7337
maven/mavencentral/org.springframework.security/spring-security-oauth2-resource-server/6.0.3, Apache-2.0, approved, #7335
maven/mavencentral/org.springframework.security/spring-security-web/6.0.3, Apache-2.0, approved, #7328
maven/mavencentral/org.springframework/spring-aop/6.0.8, Apache-2.0, approved, #5940
maven/mavencentral/org.springframework/spring-beans/6.0.8, Apache-2.0, approved, #5937
maven/mavencentral/org.springframework/spring-context/6.0.8, Apache-2.0, approved, #5936
maven/mavencentral/org.springframework/spring-core/6.0.8, Apache-2.0 AND BSD-3-Clause, approved, #5948
maven/mavencentral/org.springframework/spring-expression/6.0.8, Apache-2.0, approved, #3284
maven/mavencentral/org.springframework/spring-jcl/6.0.8, Apache-2.0, approved, #3283
maven/mavencentral/org.springframework/spring-test/6.0.8, Apache-2.0, approved, #7003
maven/mavencentral/org.springframework/spring-web/6.0.8, Apache-2.0, approved, #5942
maven/mavencentral/org.springframework/spring-webmvc/6.0.8, Apache-2.0, approved, #5944
maven/mavencentral/org.springframework/spring-aop/6.0.9, Apache-2.0, approved, #5940
maven/mavencentral/org.springframework/spring-beans/6.0.9, Apache-2.0, approved, #5937
maven/mavencentral/org.springframework/spring-context/6.0.9, Apache-2.0, approved, #5936
maven/mavencentral/org.springframework/spring-core/6.0.9, Apache-2.0 AND BSD-3-Clause, approved, #5948
maven/mavencentral/org.springframework/spring-expression/6.0.9, Apache-2.0, approved, #3284
maven/mavencentral/org.springframework/spring-jcl/6.0.9, Apache-2.0, approved, #3283
maven/mavencentral/org.springframework/spring-test/6.0.9, Apache-2.0, approved, #7003
maven/mavencentral/org.springframework/spring-web/6.0.9, Apache-2.0, approved, #5942
maven/mavencentral/org.springframework/spring-webmvc/6.0.9, Apache-2.0, approved, #5944
maven/mavencentral/org.testcontainers/junit-jupiter/1.17.6, MIT, approved, clearlydefined
maven/mavencentral/org.testcontainers/testcontainers/1.17.6, MIT, approved, #3074
maven/mavencentral/org.webjars/swagger-ui/4.15.5, Apache-2.0 AND MIT, approved, #5921
Expand Down
2 changes: 1 addition & 1 deletion pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@
</sonar.coverage.jacoco.xmlReportPaths>

<!-- Dependencies -->
<springboot.version>3.0.6</springboot.version>
<springboot.version>3.0.7</springboot.version>
<springcloud-feign.version>3.1.5</springcloud-feign.version>
<springdoc.version>1.6.7</springdoc.version>
<micrometer.version>1.10.4</micrometer.version>
Expand Down