Skip to content

Commit

Permalink
Merge branch 'master' into test-swagger-publish-off-master
Browse files Browse the repository at this point in the history
  • Loading branch information
@lang-ben
lang-ben authored Jun 3, 2024
2 parents 2f05c42 + dc5ae13 commit a62dcec
Show file tree
Hide file tree
Showing 4 changed files with 22 additions and 46 deletions.
25 changes: 9 additions & 16 deletions build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,7 @@ ext {
lombokVersion = '1.18.28'
reformLogging = '6.0.1'
springCloudVersion = '2022.0.3'
springSecurity = '6.1.2'
springSecurity = '6.1.5'
limits = [
'instruction': 6,
'branch' : 8,
Expand All @@ -116,8 +116,8 @@ ext {

ext['junit-jupiter.version'] = '5.10.0'
ext['junit-vintage.version'] = '5.10.0'
ext['spring-framework.version'] = '6.0.11'
ext['jackson.version'] = '2.15.3'
ext['spring-framework.version'] = '6.0.14'
ext['jackson.version'] = '2.16.0'
ext['snakeyaml.version'] = '2.1'

dependencyManagement {
Expand All @@ -134,7 +134,7 @@ dependencyManagement {
}

dependencies {
implementation group: 'org.projectlombok', name: 'lombok', version: lombokVersion
compileOnly group: 'org.projectlombok', name: 'lombok', version: lombokVersion
annotationProcessor group: 'org.projectlombok', name: 'lombok', version: lombokVersion
implementation group: 'com.github.hmcts.java-logging', name: 'logging', version: reformLogging
implementation group: 'com.github.hmcts.java-logging', name: 'logging-appinsights', version: reformLogging
Expand All @@ -158,6 +158,11 @@ dependencies {
implementation group: 'com.zaxxer', name: 'HikariCP', version: '5.0.1'
runtimeOnly group: 'org.postgresql', name: 'postgresql', version: '42.6.0'
implementation group: 'com.github.hmcts', name: 'auth-checker-lib', version: '2.1.5'
constraints {
implementation('com.google.guava:guava:33.1.0-jre') {
because 'previous versions of this transitive dependency have CVEs'
}
}
implementation group: 'javax.inject', name: 'javax.inject', version: '1'

implementation group: 'commons-fileupload', name: 'commons-fileupload', version: '1.5'
Expand All @@ -173,18 +178,6 @@ dependencies {
implementation group: 'org.springframework.security', name: 'spring-security-web', version: springSecurity
implementation group: 'org.springframework.security', name: 'spring-security-crypto', version: springSecurity

// dependency check
implementation 'org.owasp:dependency-check-gradle'
constraints {
implementation('org.owasp:dependency-check-gradle:9.0.9') {
}
implementation('org.owasp:dependency-check-core:9.0.9') {
}
}

// CVE-2021-28170
implementation "org.glassfish:jakarta.el:4.0.2"

aatImplementation 'com.github.hmcts:service-auth-provider-java-client:5.1.0'
codacy 'com.github.codacy:codacy-coverage-reporter:13.13.7'
testImplementation "org.junit.jupiter:junit-jupiter-api"
Expand Down
4 changes: 2 additions & 2 deletions charts/ccd-user-profile-api/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,11 @@ description: CCD User profile
name: ccd-user-profile-api
apiVersion: v2
home: https://github.com/hmcts/ccd-user-profile-api
version: 1.6.12
version: 1.6.15
maintainers:
- name: HMCTS CCD Dev Team
email: [email protected]
dependencies:
- name: java
version: 5.0.0
version: 5.2.0
repository: 'https://hmctspublic.azurecr.io/helm/v1/repo/'
8 changes: 4 additions & 4 deletions charts/ccd-user-profile-api/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,12 @@ java:
applicationPort: 4453
aadIdentityName: ccd
autoscaling:
enabled: true
enabled: false
maxReplicas: 8
environment:
USER_PROFILE_S2S_AUTHORISED_SERVICES: ccd_data,ccd_definition,ccd_admin,rd_professional_api
IDAM_S2S_URL: http://rpe-service-auth-provider-{{ .Values.global.environment }}.service.core-compute-{{ .Values.global.environment }}.internal
USER_PROFILE_DB_HOST: ccd-user-profile-api-postgres-db-{{ .Values.global.environment }}.postgres.database.azure.com
USER_PROFILE_DB_HOST: ccd-user-profile-api-postgres-db-v15-{{ .Values.global.environment }}.postgres.database.azure.com
USER_PROFILE_DB_PORT: 5432
USER_PROFILE_DB_NAME: ccd_user_profile
USER_PROFILE_DB_OPTIONS: "?stringtype=unspecified&gssEncMode=disable"
Expand All @@ -16,9 +16,9 @@ java:
keyVaults:
ccd:
secrets:
- name: user-profile-api-POSTGRES-USER
- name: user-profile-api-POSTGRES-USER-V15
alias: USER_PROFILE_DB_USERNAME
- name: user-profile-api-POSTGRES-PASS
- name: user-profile-api-POSTGRES-PASS-V15
alias: USER_PROFILE_DB_PASSWORD
- name: app-insights-connection-string
alias: app-insights-connection-string
31 changes: 7 additions & 24 deletions dependency-check-suppressions.xml
View file
Original file line number Diff line number Diff line change
@@ -1,35 +1,18 @@
<?xml version="1.0" encoding="UTF-8"?><suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
<suppress>
<notes>Temporary Suppression
CVE-2023-2976 refer [Ticket]
CVE-2023-41080 refer [Ticket]
CVE-2023-42795 refer [Ticket]
CVE-2023-45648 refer [Ticket]
CVE-2023-44487 refer [Ticket]
CVE-2020-8908 refer [Ticket]
CVE-2023-34053 refer [Ticket]
CVE-2023-33202 refer [Ticket]
CVE-2024-1597 refer [Ticket]
CVE-2023-34055 refer [Ticket]
CVE-2023-34042 refer [Ticket]
CVE-2024-25710 refer [Ticket]
CVE-2024-26308 refer [Ticket]</notes>
<cve>CVE-2023-42795</cve>
<cve>CVE-2023-45648</cve>
<cve>CVE-2023-44487</cve>
<cve>CVE-2023-34053</cve>
<cve>CVE-2023-34055</cve>
<cve>CVE-2023-46589</cve>
<cve>CVE-2023-35116</cve>
<cve>CVE-2023-33202</cve>
<cve>CVE-2024-25710</cve>
<cve>CVE-2024-26308</cve>
<cve>CVE-2023-35116</cve>
<cve>CVE-2023-34053</cve>
CVE-2023-44487 refer [Ticket]
CVE-2023-46589 refer [Ticket]
CVE-2023-42795 refer [Ticket]
CVE-2023-45648 refer [Ticket]</notes>
<cve>CVE-2024-1597</cve>
<cve>CVE-2023-34055</cve>
<cve>CVE-2023-34042</cve>
<cve>CVE-2023-44487</cve>
<cve>CVE-2023-46589</cve>
<cve>CVE-2023-42795</cve>
<cve>CVE-2023-45648</cve>
<cve>CVE-2024-1597</cve>
</suppress>
</suppressions>

0 comments on commit a62dcec

Please sign in to comment.