update dependencies igloo-boot 250101

.gitlab-ci.yml

@@ -27,11 +27,11 @@ maven-build:
       junit:
         - "**/target/surefire-reports/TEST-*.xml"
   rules:
-  - if: $CHECK_DEPENDENCIES
-    when: never
-  - if: $CI_PIPELINE_SOURCE == 'api'
-    when: never
-  - when: on_success
+    - if: $CHECK_DEPENDENCIES
+      when: never
+    - if: $CI_PIPELINE_SOURCE == 'api'
+      when: never
+    - when: on_success
   tags:
     - docker
   services:
@@ -62,9 +62,9 @@ maven-dependencies:
     - "source gitlab-ci.build.conf"
     - "./ci/maven-dependencies.sh"
   rules:
-  - if: $CHECK_DEPENDENCIES
-  - if: $CI_PIPELINE_SOURCE == 'api'
-    when: never
+    - if: $CI_PIPELINE_SOURCE == 'api'
+      when: never
+    - if: $CHECK_DEPENDENCIES == "true"
   tags:
     - docker
 
@@ -94,17 +94,16 @@ test-init:
     basic-application org.iglooproject.archetype CURRENT_IGLOO_VERSION basicapp
     BasicApplication basicApplication "Basic Application" basic_application
   rules:
-  - if: $CHECK_DEPENDENCIES
-    when: never
-  - if: $CI_PIPELINE_SOURCE == 'api'
-    when: never
-  - if: $CI_COMMIT_BRANCH == "dev"
-  - if: $CI_COMMIT_BRANCH == "master"
-  - if: $CI_COMMIT_BRANCH == "main"
-  - if: $CI_COMMIT_BRANCH == "igloo-boot"
-  - if: $CI_COMMIT_BRANCH == "igloo-boot-dev"
-  - if: $CI_COMMIT_BRANCH =~ /^ft-.*-deploy$/
-
+    - if: $CHECK_DEPENDENCIES
+      when: never
+    - if: $CI_PIPELINE_SOURCE == 'api'
+      when: never
+    - if: $CI_COMMIT_BRANCH == "dev"
+    - if: $CI_COMMIT_BRANCH == "master"
+    - if: $CI_COMMIT_BRANCH == "main"
+    - if: $CI_COMMIT_BRANCH == "igloo-boot"
+    - if: $CI_COMMIT_BRANCH == "igloo-boot-dev"
+    - if: $CI_COMMIT_BRANCH =~ /^ft-.*-deploy$/
   tags:
   - docker
 
@@ -128,7 +127,7 @@ basic-application-init:
     "$ARTIFACT_ID" "$GROUP_ID" "$VERSION" "$PACKAGE"
     "$ARCHETYPE_APPLICATION_NAME_PREFIX" "$ARCHETYPE_SPRING_ANNOTATION_VALUE_PREFIX" "$ARCHETYPE_FULL_APPLICTION_NAME" "$ARCHETYPE_DATABASE_PREFIX"
   rules:
-  - if: $CI_PIPELINE_SOURCE == 'api'
+    - if: $CI_PIPELINE_SOURCE == 'api'
   tags:
     - docker
 
@@ -138,18 +137,18 @@ maven-deploy:
   script:
     - "mvn -U deploy -DperformRelease -Ddistribution=igloo-release -DskipTests"
   rules:
-  - if: $CI_PIPELINE_SOURCE == 'api'
-    when: never
-  - if: $CHECK_DEPENDENCIES
-    when: never
-  - if: $CI_COMMIT_BRANCH == "main"
-  - if: $CI_COMMIT_BRANCH == "master"
-  - if: $CI_COMMIT_BRANCH == "dev"
-  - if: $CI_COMMIT_BRANCH == "igloo-boot"
-  - if: $CI_COMMIT_BRANCH == "igloo-boot-dev"
-  - if: $CI_COMMIT_BRANCH =~ /^ft-.*-deploy$/
-  - if: $CI_COMMIT_BRANCH =~ /^hf-.*$/
-  - if: $CI_COMMIT_BRANCH =~ /^igloo-boot-hf-.*$/
+    - if: $CI_PIPELINE_SOURCE == 'api'
+      when: never
+    - if: $CHECK_DEPENDENCIES
+      when: never
+    - if: $CI_COMMIT_BRANCH == "main"
+    - if: $CI_COMMIT_BRANCH == "master"
+    - if: $CI_COMMIT_BRANCH == "dev"
+    - if: $CI_COMMIT_BRANCH == "igloo-boot"
+    - if: $CI_COMMIT_BRANCH == "igloo-boot-dev"
+    - if: $CI_COMMIT_BRANCH =~ /^ft-.*-deploy$/
+    - if: $CI_COMMIT_BRANCH =~ /^hf-.*$/
+    - if: $CI_COMMIT_BRANCH =~ /^igloo-boot-hf-.*$/
   tags:
     - docker
 
@@ -163,10 +162,10 @@ sonar-analyze:
       -DskipTests
       -Dsonar.host.url="https://sonar.tools.kobalt.fr"
   rules:
-  - if: $CI_PIPELINE_SOURCE == 'api'
-    when: never
-  - if: $CHECK_DEPENDENCIES
-    when: never
-  - when: on_success
+    - if: $CI_PIPELINE_SOURCE == 'api'
+      when: never
+    - if: $CHECK_DEPENDENCIES
+      when: never
+    - when: on_success
   tags:
     - docker

basic-application/basic-application-back/src/main/resources/log4j2.properties

@@ -55,8 +55,3 @@ logger.property.level=INFO
 # avoid displaying "You are asking Spring Security to ignore 'ignoredRequest'. This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead." warning message
 logger.WebSecurity.name=org.springframework.security.config.annotation.web.builders.WebSecurity
 logger.WebSecurity.level=ERROR
-
-# Protobuf
-# avoid displaying "Protobuf gencode version 4.28.0 is older than the runtime version 4.28.2"
-logger.RuntimeVersion.name=com.google.protobuf.RuntimeVersion
-logger.RuntimeVersion.level=ERROR

igloo/igloo-components/igloo-component-sass/pom.xml

@@ -23,10 +23,6 @@
 			<groupId>de.larsgrefer.sass</groupId>
 			<artifactId>sass-embedded-host</artifactId>
 		</dependency>
-		<dependency>
-			<groupId>com.google.protobuf</groupId>
-			<artifactId>protobuf-java</artifactId>
-		</dependency>
 		<dependency>
 			<groupId>com.google.guava</groupId>
 			<artifactId>guava</artifactId>

igloo/igloo-webjars/igloojs/package.json

@@ -19,14 +19,14 @@
     "bootstrap": "^5.3.2"
   },
   "devDependencies": {
-    "@rollup/plugin-node-resolve" : "^15.3.0",
+    "@rollup/plugin-node-resolve" : "^16.0.0",
     "@rollup/plugin-babel": "^6.0.4",
-    "@rollup/plugin-commonjs": "^28.0.0",
-    "@babel/preset-env": "^7.25.4",
-    "@babel/core": "^7.25.2",
-    "rollup": "^4.22.5",
+    "@rollup/plugin-commonjs": "^28.0.2",
+    "@babel/preset-env": "^7.26.0",
+    "@babel/core": "^7.26.0",
+    "rollup": "^4.28.1",
     "npm-run-all": "^4.1.5",
-    "nodemon": "^3.1.7",
+    "nodemon": "^3.1.9",
     "karma": "^6.4.4",
     "karma-browserstack-launcher": "1.6.0",
     "karma-chrome-launcher": "^3.2.0",

igloo/igloo-webjars/igloojs/pom.xml

@@ -16,7 +16,7 @@
 
 	<properties>
 		<frontend.npm.arguments>run js</frontend.npm.arguments>
-		<node.version>v20.17.0</node.version>
+		<node.version>v22.12.0</node.version>
 	</properties>
 
 	<dependencies>

owasp-suppressions.xml

@@ -39,33 +39,6 @@
 		<packageUrl regex="true">^pkg:javascript/bootstrap@.*$</packageUrl>
 		<vulnerabilityName>CVE-2024-6531</vulnerabilityName>
 	</suppress>
-	<suppress>
-		<notes><![CDATA[
-		file name: bootstrap4-4.6.0.jar: bootstrap.bundle.min.js
-		
-		same than CVE-2024-6484 : we don't use bootstrap carousel component on Igloo
-	]]></notes>
-		<packageUrl regex="true">^pkg:javascript/bootstrap@.*$</packageUrl>
-		<vulnerabilityName>CVE-2024-6531</vulnerabilityName>
-	</suppress>
-	<suppress>
-		<notes><![CDATA[
-	file name: bootstrap4-4.6.0.jar: bootstrap.js
-	
-	
-	]]></notes>
-		<packageUrl regex="true">^pkg:javascript/bootstrap@.*$</packageUrl>
-		<vulnerabilityName>CVE-2024-6531</vulnerabilityName>
-	</suppress>
-	<suppress>
-		<notes><![CDATA[
-		file name: bootstrap4-4.6.0.jar: bootstrap.min.js
-		
-		same than CVE-2024-6484 : we don't use bootstrap carousel component on Igloo
-	]]></notes>
-		<packageUrl regex="true">^pkg:javascript/bootstrap@.*$</packageUrl>
-		<vulnerabilityName>CVE-2024-6531</vulnerabilityName>
-	</suppress>
 	<suppress>
 		<notes><![CDATA[
 		file name: prometheus-metrics-core-1.2.1.jar
@@ -84,4 +57,14 @@
 		<packageUrl regex="true">^pkg:maven/org\.webjars\.npm/select2\-bootstrap\-5\-theme@.*$</packageUrl>
 		<cve>CVE-2016-10744</cve>
 	</suppress>
+	<suppress>
+		<notes><![CDATA[
+		file name: querydsl-jpa-5.1.0.jar
+		
+		Igloo 5 don't use QueryDSL with orderBy parameter in URL.
+		]]></notes>
+		<packageUrl regex="true">^pkg:maven/com\.querydsl/querydsl-jpa@.*$</packageUrl>
+		<vulnerabilityName>CVE-2024-49203</vulnerabilityName>
+	</suppress>
+
 </suppressions>

pom.xml

@@ -19,12 +19,12 @@
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 		<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
 
-		<maven-toolchains-plugin.version>3.2.0</maven-toolchains-plugin.version>
+		<maven-toolchains-plugin.version>3.2.1</maven-toolchains-plugin.version>
 		<maven-site-plugin.version>4.0.0-M16</maven-site-plugin.version>
 		<igloo.wagon-ssh-external-plugin.version>3.4.1</igloo.wagon-ssh-external-plugin.version>
-		<maven-project-info-reports-plugin.version>3.7.0</maven-project-info-reports-plugin.version>
-		<igloo.owasp-maven-plugin.version>10.0.4</igloo.owasp-maven-plugin.version>
-		<igloo.versions-maven-plugin.version>2.17.1</igloo.versions-maven-plugin.version>
+		<maven-project-info-reports-plugin.version>3.8.0</maven-project-info-reports-plugin.version>
+		<igloo.owasp-maven-plugin.version>11.1.1</igloo.owasp-maven-plugin.version>
+		<igloo.versions-maven-plugin.version>2.18.0</igloo.versions-maven-plugin.version>
 	</properties>
 
 	<profiles>