chore: Update all patch dependencies (v2.x.x) (#3876)

Signed-off-by: Renovate Bot <[email protected]>
Signed-off-by: Pavel Jareš <[email protected]>
Signed-off-by: nx673747 <[email protected]>
Signed-off-by: ac892247 <[email protected]>
Co-authored-by: Renovate Bot <[email protected]>
Co-authored-by: Pavel Jareš <[email protected]>
Co-authored-by: nx673747 <[email protected]>
Co-authored-by: ac892247 <[email protected]>

.gitignore

@@ -117,7 +117,11 @@ invalidated*.index
 onboarding-enabler-micronaut/target/
 onboarding-enabler-micronaut/out/
 onboarding-enabler-nodejs-sample-app/tools/
-
+onboarding-enabler-nodejs/coverage/
+onboarding-enabler-nodejs/lib/
 file/
 
 zowe-cli-id-federation-plugin/*.jcl
+
+data/*
+index/*

.npmrc

@@ -0,0 +1,2 @@
+legacy-peer-deps=true
+registry=https://zowe.jfrog.io/artifactory/api/npm/npm-org/

api-catalog-ui/frontend/.npmrc

@@ -0,0 +1,2 @@
+legacy-peer-deps=true
+registry=https://zowe.jfrog.io/artifactory/api/npm/npm-org/

api-catalog-ui/frontend/package.json

@@ -15,7 +15,7 @@
         "@mui/material": "5.15.18",
         "@react-loadable/revised": "1.5.0",
         "@types/enzyme": "3.10.18",
-        "@types/jest": "29.5.13",
+        "@types/jest": "29.5.14",
         "@types/react": "18.2.79",
         "@wojtekmaj/enzyme-adapter-react-17": "0.8.0",
         "agentkeepalive": "4.5.0",
@@ -87,7 +87,7 @@
         "ajv": "8.13.0",
         "ansi-regex": "5.0.1",
         "body-parser": "1.20.3",
-        "caniuse-lite": "1.0.30001669",
+        "caniuse-lite": "1.0.30001692",
         "concurrently": "5.3.0",
         "cors": "2.8.5",
         "cross-env": "7.0.3",
@@ -104,7 +104,7 @@
         "eslint-plugin-jsx-a11y": "6.6.0",
         "eslint-plugin-prettier": "3.4.1",
         "eslint-plugin-react": "7.30.1",
-        "express": "4.21.1",
+        "express": "4.21.2",
         "html-loader": "4.2.0",
         "jest": "29.7.0",
         "jest-environment-enzyme": "7.1.2",
@@ -114,7 +114,7 @@
         "jest-mock": "29.7.0",
         "jest-watch-typeahead": "2.2.2",
         "json-schema": "0.4.0",
-        "mini-css-extract-plugin": "2.9.1",
+        "mini-css-extract-plugin": "2.9.2",
         "nodemon": "2.0.22",
         "nth-check": "2.1.1",
         "prettier": "2.8.8",
@@ -123,10 +123,10 @@
         "react-app-rewired": "2.2.1",
         "react-error-overlay": "6.0.11",
         "react-scripts": "5.0.1",
-        "redux-mock-store": "1.5.4",
+        "redux-mock-store": "1.5.5",
         "rimraf": "3.0.2",
         "source-map-explorer": "2.5.3",
-        "start-server-and-test": "2.0.8",
+        "start-server-and-test": "2.0.9",
         "tmpl": "1.0.5",
         "yaml": "1.10.2"
     },
@@ -144,7 +144,9 @@
         "dompurify": "3.1.7",
         "serve-static": "1.16.2",
         "body-parser": "1.20.3",
-        "axios": "1.7.7"
+        "axios": "1.7.9",
+        "path-to-regexp": "1.9.0",
+        "cookie": "0.7.0"
     },
     "engines": {
         "npm": "=9.3.1",

cloud-gateway-service/src/main/java/org/zowe/apiml/cloudgatewayservice/config/WebSecurity.java

@@ -24,28 +24,19 @@
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseCookie;
+import org.springframework.http.server.reactive.ServerHttpRequestDecorator;
 import org.springframework.http.server.reactive.ServerHttpResponse;
 import org.springframework.security.config.web.server.ServerHttpSecurity;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.ReactiveUserDetailsService;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
-import org.springframework.security.oauth2.client.AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager;
-import org.springframework.security.oauth2.client.InMemoryReactiveOAuth2AuthorizedClientService;
-import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
-import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientManager;
-import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProvider;
-import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder;
-import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientService;
+import org.springframework.security.oauth2.client.*;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.client.registration.InMemoryReactiveClientRegistrationRepository;
 import org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository;
-import org.springframework.security.oauth2.client.web.server.AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository;
-import org.springframework.security.oauth2.client.web.server.DefaultServerOAuth2AuthorizationRequestResolver;
-import org.springframework.security.oauth2.client.web.server.ServerAuthorizationRequestRepository;
-import org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizationRequestResolver;
-import org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizedClientRepository;
+import org.springframework.security.oauth2.client.web.server.*;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
@@ -59,22 +50,16 @@
 import org.springframework.security.web.server.util.matcher.PathPatternParserServerWebExchangeMatcher;
 import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers;
 import org.springframework.web.server.ServerWebExchange;
+import org.springframework.web.server.WebFilter;
 import org.zowe.apiml.cloudgatewayservice.config.oidc.ClientConfiguration;
 import org.zowe.apiml.product.constants.CoreService;
 import reactor.core.publisher.Mono;
 
 import javax.annotation.PostConstruct;
-
 import java.nio.charset.StandardCharsets;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Base64;
-import java.util.Collections;
-import java.util.List;
-import java.util.Optional;
-import java.util.Set;
+import java.util.*;
 import java.util.function.Predicate;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
@@ -424,4 +409,24 @@ public Mono<OAuth2AuthorizationRequest> removeAuthorizationRequest(ServerWebExch
 
     }
 
+    @Bean
+    @Order(Ordered.HIGHEST_PRECEDENCE)
+    WebFilter writeableHeaders() {
+        return (exchange, chain) -> {
+            HttpHeaders writeableHeaders = HttpHeaders.writableHttpHeaders(
+                exchange.getRequest().getHeaders());
+            ServerHttpRequestDecorator writeableRequest = new ServerHttpRequestDecorator(
+                exchange.getRequest()) {
+                @Override
+                public HttpHeaders getHeaders() {
+                    return writeableHeaders;
+                }
+            };
+            ServerWebExchange writeableExchange = exchange.mutate()
+                .request(writeableRequest)
+                .build();
+            return chain.filter(writeableExchange);
+        };
+    }
+
 }

cloud-gateway-service/src/main/java/org/zowe/apiml/cloudgatewayservice/filters/RequestAttributesProvider.java

@@ -17,6 +17,7 @@
 import org.springframework.cloud.gateway.filter.GlobalFilter;
 import org.springframework.core.Ordered;
 import org.springframework.http.server.reactive.AbstractServerHttpRequest;
+import org.springframework.http.server.reactive.ServerHttpRequestDecorator;
 import org.springframework.stereotype.Component;
 import org.springframework.web.server.ServerWebExchange;
 import org.springframework.web.server.WebFilter;
@@ -27,8 +28,18 @@
 @Component
 public class RequestAttributesProvider implements WebFilter, GlobalFilter, Ordered {
 
+    private <R> R getRequest(ServerWebExchange exchange) {
+        Object request = exchange.getRequest();
+        while (request instanceof ServerHttpRequestDecorator) {
+            Object delegatedRequest = ((ServerHttpRequestDecorator) request).getDelegate();
+            if (request == delegatedRequest) break;
+            request = delegatedRequest;
+        }
+        return (R) request;
+    }
+
     private void copyAttributes(ServerWebExchange exchange) {
-        AbstractServerHttpRequest request = (AbstractServerHttpRequest) exchange.getRequest();
+        AbstractServerHttpRequest request = getRequest(exchange);
         RequestFacade requestFacade;
         try {
             requestFacade = request.getNativeRequest();

gradle/versions.gradle

@@ -13,8 +13,8 @@ dependencyResolutionManagement {
             version('springCloudCB', '2.1.8')
             version('springCloudGateway', '3.1.9')
             version('springSecurity') {
-                strictly '[5.8.13,6.0.0['
-                prefer '5.8.13'
+                strictly '[5.8.16,6.0.0['
+                prefer '5.8.16'
             }
             version('springFramework') {
                 strictly '[5.3.39,6.0.0['
@@ -27,11 +27,11 @@ dependencyResolutionManagement {
             version('zosUtils', '2.0.5')
             version('archaius', '0.7.12')
             version('awaitility', '4.2.2')
-            version('awsJavaSdk', '1.12.774')
+            version('awsJavaSdk', '1.12.780')
             version('bouncyCastle', '1.78.1')
             // forced version in root gradle.build file. Version 3.x requieres Java 11
             version('caffeine', '2.9.3')
-            version('commonsCodec', '1.17.1')
+            version('commonsCodec', '1.17.2')
             version('commonsConfiguration', '1.10')
             version('commonsLang3', '3.16.0')
             version('commonsLogging', '1.3.4')
@@ -41,7 +41,7 @@ dependencyResolutionManagement {
             version('ehCache', '3.10.8')
             version('eureka', '1.10.18')
             version('findBugs', '3.0.2')
-            version('githubClassgraph', '4.8.177')
+            version('githubClassgraph', '4.8.179')
             version('gradleGitProperties', '2.2.4') // Used in classpath dependencies
             version('gradleNode', '3.6.0') // Used in classpath dependencies
             version('gson', '2.11.0')
@@ -64,7 +64,7 @@ dependencyResolutionManagement {
             version('jaxbApi', '2.3.1')
             version('jersey', '2.44')
             version('jerseySun', '1.19.4')
-            version('jettyWebSocketClient', '9.4.56.v20240826')
+            version('jettyWebSocketClient', '9.4.57.v20241219')
             version('jettison', '1.5.4')
             version('jjwt', '0.11.5')
             version('jjwtFull', '0.9.1')
@@ -86,7 +86,7 @@ dependencyResolutionManagement {
                 strictly '[1.2.13, 1.3['
                 prefer '1.2.13'
             }
-            version('lombok', '1.18.34')
+            version('lombok', '1.18.36')
             version('mockitoCore') {
                 // version 5.x requires Java 11
                 strictly '[4.11.0, 5.0.0['
@@ -99,7 +99,7 @@ dependencyResolutionManagement {
             }
             version('netflixCommonsUtil', '0.3.0')
             version('netflixServo', '0.13.2')
-            version('netty', '4.1.114.Final')
+            version('netty', '4.1.116.Final')
             version('nettyReactor', '1.1.23')
             version('nimbusJoseJwt', '9.40')
             version('openApiDiff', '2.0.1')
@@ -124,20 +124,20 @@ dependencyResolutionManagement {
                 strictly '[1.6.15, 1.7.0['
                 prefer '1.6.15'
             }
-            version('swagger3Core', '2.2.25')
-            version('swagger3Parser', '2.1.22')
+            version('swagger3Core', '2.2.27')
+            version('swagger3Parser', '2.1.24')
             version('swaggerCore', '1.6.14')
             version('swaggerInflector', '2.0.12')
-            version('swaggerJaxrs2', '2.2.25')
-            version('thymeleaf', '3.1.2.RELEASE')
-            version('tomcat', '9.0.96')
-            version('velocity', '2.4')
+            version('swaggerJaxrs2', '2.2.27')
+            version('thymeleaf', '3.1.3.RELEASE')
+            version('tomcat', '9.0.98')
+            version('velocity', '2.4.1')
             version('woodstoxCore', '6.7.0')
             version('woodstoxStax2', '4.2.2')
             version('xstream') {
                 // older versions are vulnerable to CVE-2022-40151, CVE-2022-40152, and CVE-2022-41966
-                strictly '[1.4.20,2.0['
-                prefer '1.4.20'
+                strictly '[1.4.21,2.0['
+                prefer '1.4.21'
             }
 
             // version 6.x is not compatible with gradleGitProperties and requires Java 11

metrics-service-ui/frontend/.npmrc

@@ -0,0 +1,2 @@
+legacy-peer-deps=true
+registry=https://zowe.jfrog.io/artifactory/api/npm/npm-org/