Skip to content

Commit

Permalink
CB-23218 Upgrade to the latest Spring Security 5.8.6 and Spring Boot …
Browse files Browse the repository at this point in the history
…2.7.15
  • Loading branch information
bergerdenes authored and horadla23 committed Jan 10, 2024
1 parent 65c5da4 commit 748984b
Show file tree
Hide file tree
Showing 15 changed files with 27 additions and 18 deletions.
1 change: 1 addition & 0 deletions auth-connector/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ dependencies {
api project(':grpc-common')

implementation group: 'org.springframework.boot', name: 'spring-boot-starter-jersey', version: springBootVersion
implementation group: 'org.springframework.security', name: 'spring-security-jwt', version: springSecurityJwtVersion
implementation group: 'org.springframework.security', name: 'spring-security-core', version: springSecurityVersion
implementation group: 'org.bouncycastle', name: 'bcprov-jdk18on', version: bouncycastleVersion
implementation group: 'org.bouncycastle', name: 'bcpkix-jdk18on', version: bouncycastleVersion
Expand Down
3 changes: 3 additions & 0 deletions build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -105,6 +105,9 @@ allprojects {
force "org.codehaus.jackson:jackson-xc:1.9.13-atlassian-2"
force "org.testng:testng:$testNgVersion"
force "org.springframework:spring-messaging:$springFrameworkVersion"
force "org.springframework.security:spring-security-web:$springSecurityVersion"
force "io.swagger:swagger-jersey2-jaxrs:$swaggerVersion"
force "io.swagger:swagger-annotations:$swaggerVersion"
force "org.ow2.asm:asm:9.2"
force "com.google.protobuf:protobuf-java:$protobufVersion"
force "com.google.guava:guava:$guavaVersion"
Expand Down
3 changes: 2 additions & 1 deletion cloud-common/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -34,8 +34,9 @@ dependencies {
implementation group: 'org.springframework.boot', name: 'spring-boot-starter-actuator', version: springBootVersion
implementation group: 'org.springframework.boot', name: 'spring-boot-starter-freemarker', version: springBootVersion
implementation group: 'org.springframework.boot', name: 'spring-boot-starter-jersey', version: springBootVersion
implementation group: 'org.springframework.security', name: 'spring-security-jwt', version: springSecurityJwtVersion
implementation group: 'org.springframework', name: 'spring-context-support', version: springFrameworkVersion
implementation (group: 'org.springframework.vault', name: 'spring-vault-core', version: '2.3.3') {
implementation (group: 'org.springframework.vault', name: 'spring-vault-core', version: sprintVaultCoreVersion) {
exclude group: 'org.springframework'
}
implementation group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: jacksonDatabindVersion
Expand Down
9 changes: 5 additions & 4 deletions common/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ dependencies {
api group: 'org.hibernate', name: 'hibernate-micrometer', version: hibernateCoreVersion
api group: 'org.springframework', name: 'spring-web', version: springFrameworkVersion
api group: 'org.springframework.boot', name: 'spring-boot-starter-quartz', version: springBootVersion
api group: 'org.springframework.retry', name: 'spring-retry', version: '1.3.4'
api group: 'org.springframework.retry', name: 'spring-retry', version: springRetryVersion
api group: 'javax.servlet', name: 'javax.servlet-api', version: '4.0.1'
api group: 'javax.transaction', name: 'javax.transaction-api', version: '1.3'
api group: 'javax.persistence', name: 'javax.persistence-api', version: '2.2'
Expand All @@ -78,9 +78,10 @@ dependencies {
api group: 'org.springframework.boot', name: 'spring-boot-starter-actuator', version: springBootVersion
api group: 'com.zaxxer', name: 'HikariCP', version: hikariCPVersion
implementation group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: { strictly jacksonDatabindVersion }
api group: 'org.springframework.security', name: 'spring-security-core', version: springSecurityVersion
api group: 'org.springframework.security', name: 'spring-security-config', version: springSecurityVersion
api group: 'com.cloudera.crypto', name: 'openssl-provider', version: clouderaCryptoOpenSslProviderVersion
api group: 'org.springframework.security', name: 'spring-security-jwt', version: springSecurityJwtVersion
api group: 'org.springframework.security', name: 'spring-security-core', version: springSecurityVersion
api group: 'org.springframework.security', name: 'spring-security-config', version: springSecurityVersion
api group: 'com.cloudera.crypto', name: 'openssl-provider', version: clouderaCryptoOpenSslProviderVersion
implementation group: 'org.aspectj', name: 'aspectjtools', version: '1.9.19'

testImplementation group: 'org.springframework.boot', name: 'spring-boot-starter-test', version: springBootVersion
Expand Down
4 changes: 2 additions & 2 deletions core/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -139,7 +139,7 @@ dependencyManagement {
dependency group: 'com.google.http-client', name: 'google-http-client-jackson2', version: '1.43.3'
dependency group: 'dnsjava', name: 'dnsjava', version: '3.5.2'

dependency group: 'org.springframework.retry', name: 'spring-retry', version: '1.3.4'
dependency group: 'org.springframework.retry', name: 'spring-retry', version: springRetryVersion
dependency group: 'org.springframework', name: 'spring-context-support', version: springFrameworkVersion

dependency group: 'com.google.code.gson', name: 'gson', version: gsonVersion
Expand Down Expand Up @@ -171,7 +171,7 @@ dependencies {

implementation group: 'org.springframework.data', name: 'spring-data-envers', version: springDataJpaFrameworkVersion

implementation group: 'org.springframework.kafka', name: 'spring-kafka', version: '2.9.9'
implementation group: 'org.springframework.kafka', name: 'spring-kafka', version: springKafkaVersion

implementation group: 'org.springframework.retry', name: 'spring-retry'

Expand Down
1 change: 0 additions & 1 deletion custom-configurations-api/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@ repositories {
dependencies {
implementation project(':common')
implementation group: 'jakarta.ws.rs', name: 'jakarta.ws.rs-api', version: '2.1.6'
implementation group: 'org.springframework.boot', name: 'spring-boot-starter-security', version: springBootVersion
implementation group: 'io.swagger.core.v3', name: 'swagger-jaxrs2', version: swaggerCoreVersion
implementation group: 'org.hibernate', name: 'hibernate-validator', version: hibernateValidatorVersion
implementation group: 'javax.el', name: 'javax.el-api', version: '3.0.0'
Expand Down
1 change: 0 additions & 1 deletion custom-configurations/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,6 @@ dependencies {

implementation group: 'org.springframework.data', name: 'spring-data-jpa', version: springDataJpaFrameworkVersion
implementation group: 'org.springframework.boot', name: 'spring-boot-starter-web', version: springBootVersion
implementation group: 'org.springframework.boot', name: 'spring-boot-starter-security', version: springBootVersion

runtimeOnly group: 'org.postgresql', name: 'postgresql', version: postgreSQLVersion

Expand Down
9 changes: 7 additions & 2 deletions dependencies.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,15 @@ ext {

// Spring
caffeineVersion = '2.8.1'
springBootVersion = '2.7.13'
springBootVersion = '2.7.15'
springDataJpaFrameworkVersion = '2.7.12'
springFrameworkVersion = '5.3.28'
springSecurityVersion = '5.6.9'
springKafkaVersion = '2.9.9'
springRetryVersion = '1.3.4'
springSecurityJwtVersion = '1.1.1.RELEASE'
springSecurityVersion = '5.8.6'
sprintStateMachineCoreVersion = '1.0.1.RELEASE'
sprintVaultCoreVersion = '2.3.3'

// Polling
dyngrPollingVersion = '1.1.3'
Expand Down
2 changes: 1 addition & 1 deletion flow/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ dependencies {
implementation group: 'org.springframework', name: 'spring-beans', version: springFrameworkVersion
implementation group: 'org.springframework', name: 'spring-context', version: springFrameworkVersion
implementation group: 'org.springframework.boot', name: 'spring-boot-starter-data-jpa', version: springBootVersion
api group: 'org.springframework.statemachine', name: 'spring-statemachine-core', version: '1.0.1.RELEASE'
api group: 'org.springframework.statemachine', name: 'spring-statemachine-core', version: sprintStateMachineCoreVersion
implementation group: 'org.springframework.boot', name: 'spring-boot-starter-quartz', version: springBootVersion

implementation group: 'commons-io', name: 'commons-io', version: apacheCommonsIoVersion
Expand Down
2 changes: 1 addition & 1 deletion mock-infrastructure/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ dependencies {
implementation group: 'org.springframework.boot', name: 'spring-boot-starter-actuator', version: springBootVersion
implementation group: 'org.springframework', name: 'spring-aspects', version: springFrameworkVersion
implementation group: 'org.springframework', name: 'spring-context-support', version: springFrameworkVersion
implementation group: 'org.springframework.security', name: 'spring-security-jwt', version: '1.1.1.RELEASE'
implementation group: 'org.springframework.security', name: 'spring-security-jwt', version: springSecurityJwtVersion
implementation group: 'com.fasterxml.jackson.core', name: 'jackson-core', version: jacksonVersion
implementation group: 'com.google.protobuf', name: 'protobuf-java-util', version: protobufVersion
implementation group: 'io.jsonwebtoken', name: 'jjwt', version: '0.9.1'
Expand Down
3 changes: 1 addition & 2 deletions mock-thunderhead/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -65,8 +65,7 @@ dependencies {
implementation group: 'org.springframework.boot', name: 'spring-boot-starter-web', version: springBootVersion
implementation group: 'org.springframework.boot', name: 'spring-boot-starter-actuator', version: springBootVersion
implementation group: 'org.springframework', name: 'spring-context-support', version: springFrameworkVersion
// vulnerable library but this jar is not scanned by aquasec
implementation group: 'org.springframework.security', name: 'spring-security-jwt', version: '1.1.1.RELEASE'
implementation group: 'org.springframework.security', name: 'spring-security-jwt', version: springSecurityJwtVersion
implementation group: 'com.fasterxml.jackson.core', name: 'jackson-core', version: jacksonVersion
implementation group: 'com.google.protobuf', name: 'protobuf-java-util', version: protobufVersion
implementation group: 'io.jsonwebtoken', name: 'jjwt', version: '0.9.1'
Expand Down
1 change: 1 addition & 0 deletions sdx-connector/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ dependencies {
implementation project(":auth-connector")

implementation group: 'org.springframework.boot', name: 'spring-boot-starter-jersey', version: springBootVersion
implementation group: 'org.springframework.security', name: 'spring-security-jwt', version: springSecurityJwtVersion
implementation group: 'org.springframework.security', name: 'spring-security-core', version: springSecurityVersion
implementation group: 'org.bouncycastle', name: 'bcprov-jdk18on', version: bouncycastleVersion
implementation group: 'org.bouncycastle', name: 'bcpkix-jdk18on', version: bouncycastleVersion
Expand Down
2 changes: 1 addition & 1 deletion secret-engine/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ dependencies {
implementation group: 'com.google.code.gson', name: 'gson', version: gsonVersion
implementation group: 'javax.validation', name: 'validation-api', version: '2.0.1.Final'
implementation group: 'net.jcip', name: 'jcip-annotations', version: '1.0'
api (group: 'org.springframework.vault', name: 'spring-vault-core', version: '2.3.3') {
api (group: 'org.springframework.vault', name: 'spring-vault-core', version: sprintVaultCoreVersion) {
exclude group: 'org.springframework'
}
implementation group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: { strictly jacksonDatabindVersion }
Expand Down
2 changes: 1 addition & 1 deletion structuredevent-service-cdp/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ dependencies {
implementation project(':secret-engine')
implementation project(':flow')

implementation group: 'org.springframework.kafka', name: 'spring-kafka', version: '2.9.9'
implementation group: 'org.springframework.kafka', name: 'spring-kafka', version: springKafkaVersion
implementation group: 'com.google.protobuf', name: 'protobuf-java-util', version: protobufVersion

testImplementation group: 'org.springframework.boot', name: 'spring-boot-starter-test', version: springBootVersion
Expand Down
2 changes: 1 addition & 1 deletion structuredevent-service-legacy/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ jar {
}

dependencies {
implementation group: 'org.springframework.kafka', name: 'spring-kafka', version: '2.9.9'
implementation group: 'org.springframework.kafka', name: 'spring-kafka', version: springKafkaVersion
implementation group: 'org.skyscreamer', name: 'jsonassert', version: '1.5.1'

implementation project(':structuredevent-model')
Expand Down

0 comments on commit 748984b

Please sign in to comment.