diff --git a/auth-connector/build.gradle b/auth-connector/build.gradle index 48b30cd2d88..06155e0c042 100644 --- a/auth-connector/build.gradle +++ b/auth-connector/build.gradle @@ -19,6 +19,7 @@ dependencies { api project(':grpc-common') implementation group: 'org.springframework.boot', name: 'spring-boot-starter-jersey', version: springBootVersion + implementation group: 'org.springframework.security', name: 'spring-security-jwt', version: springSecurityJwtVersion implementation group: 'org.springframework.security', name: 'spring-security-core', version: springSecurityVersion implementation group: 'org.bouncycastle', name: 'bcprov-jdk18on', version: bouncycastleVersion implementation group: 'org.bouncycastle', name: 'bcpkix-jdk18on', version: bouncycastleVersion diff --git a/build.gradle b/build.gradle index e75a3858cbd..c8cd27a80fe 100644 --- a/build.gradle +++ b/build.gradle @@ -105,6 +105,9 @@ allprojects { force "org.codehaus.jackson:jackson-xc:1.9.13-atlassian-2" force "org.testng:testng:$testNgVersion" force "org.springframework:spring-messaging:$springFrameworkVersion" + force "org.springframework.security:spring-security-web:$springSecurityVersion" + force "io.swagger:swagger-jersey2-jaxrs:$swaggerVersion" + force "io.swagger:swagger-annotations:$swaggerVersion" force "org.ow2.asm:asm:9.2" force "com.google.protobuf:protobuf-java:$protobufVersion" force "com.google.guava:guava:$guavaVersion" diff --git a/cloud-common/build.gradle b/cloud-common/build.gradle index 70fba04ebfc..437fe82f9d3 100644 --- a/cloud-common/build.gradle +++ b/cloud-common/build.gradle @@ -34,8 +34,9 @@ dependencies { implementation group: 'org.springframework.boot', name: 'spring-boot-starter-actuator', version: springBootVersion implementation group: 'org.springframework.boot', name: 'spring-boot-starter-freemarker', version: springBootVersion implementation group: 'org.springframework.boot', name: 'spring-boot-starter-jersey', version: springBootVersion + implementation group: 'org.springframework.security', name: 'spring-security-jwt', version: springSecurityJwtVersion implementation group: 'org.springframework', name: 'spring-context-support', version: springFrameworkVersion - implementation (group: 'org.springframework.vault', name: 'spring-vault-core', version: '2.3.3') { + implementation (group: 'org.springframework.vault', name: 'spring-vault-core', version: sprintVaultCoreVersion) { exclude group: 'org.springframework' } implementation group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: jacksonDatabindVersion diff --git a/common/build.gradle b/common/build.gradle index e3c216fc399..7ab96740e56 100644 --- a/common/build.gradle +++ b/common/build.gradle @@ -66,7 +66,7 @@ dependencies { api group: 'org.hibernate', name: 'hibernate-micrometer', version: hibernateCoreVersion api group: 'org.springframework', name: 'spring-web', version: springFrameworkVersion api group: 'org.springframework.boot', name: 'spring-boot-starter-quartz', version: springBootVersion - api group: 'org.springframework.retry', name: 'spring-retry', version: '1.3.4' + api group: 'org.springframework.retry', name: 'spring-retry', version: springRetryVersion api group: 'javax.servlet', name: 'javax.servlet-api', version: '4.0.1' api group: 'javax.transaction', name: 'javax.transaction-api', version: '1.3' api group: 'javax.persistence', name: 'javax.persistence-api', version: '2.2' @@ -78,9 +78,10 @@ dependencies { api group: 'org.springframework.boot', name: 'spring-boot-starter-actuator', version: springBootVersion api group: 'com.zaxxer', name: 'HikariCP', version: hikariCPVersion implementation group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: { strictly jacksonDatabindVersion } - api group: 'org.springframework.security', name: 'spring-security-core', version: springSecurityVersion - api group: 'org.springframework.security', name: 'spring-security-config', version: springSecurityVersion - api group: 'com.cloudera.crypto', name: 'openssl-provider', version: clouderaCryptoOpenSslProviderVersion + api group: 'org.springframework.security', name: 'spring-security-jwt', version: springSecurityJwtVersion + api group: 'org.springframework.security', name: 'spring-security-core', version: springSecurityVersion + api group: 'org.springframework.security', name: 'spring-security-config', version: springSecurityVersion + api group: 'com.cloudera.crypto', name: 'openssl-provider', version: clouderaCryptoOpenSslProviderVersion implementation group: 'org.aspectj', name: 'aspectjtools', version: '1.9.19' testImplementation group: 'org.springframework.boot', name: 'spring-boot-starter-test', version: springBootVersion diff --git a/core/build.gradle b/core/build.gradle index 9a9e2ebd91e..92f8d7347e6 100644 --- a/core/build.gradle +++ b/core/build.gradle @@ -139,7 +139,7 @@ dependencyManagement { dependency group: 'com.google.http-client', name: 'google-http-client-jackson2', version: '1.43.3' dependency group: 'dnsjava', name: 'dnsjava', version: '3.5.2' - dependency group: 'org.springframework.retry', name: 'spring-retry', version: '1.3.4' + dependency group: 'org.springframework.retry', name: 'spring-retry', version: springRetryVersion dependency group: 'org.springframework', name: 'spring-context-support', version: springFrameworkVersion dependency group: 'com.google.code.gson', name: 'gson', version: gsonVersion @@ -171,7 +171,7 @@ dependencies { implementation group: 'org.springframework.data', name: 'spring-data-envers', version: springDataJpaFrameworkVersion - implementation group: 'org.springframework.kafka', name: 'spring-kafka', version: '2.9.9' + implementation group: 'org.springframework.kafka', name: 'spring-kafka', version: springKafkaVersion implementation group: 'org.springframework.retry', name: 'spring-retry' diff --git a/custom-configurations-api/build.gradle b/custom-configurations-api/build.gradle index a7dcac3245f..a9079b94b77 100644 --- a/custom-configurations-api/build.gradle +++ b/custom-configurations-api/build.gradle @@ -11,7 +11,6 @@ repositories { dependencies { implementation project(':common') implementation group: 'jakarta.ws.rs', name: 'jakarta.ws.rs-api', version: '2.1.6' - implementation group: 'org.springframework.boot', name: 'spring-boot-starter-security', version: springBootVersion implementation group: 'io.swagger.core.v3', name: 'swagger-jaxrs2', version: swaggerCoreVersion implementation group: 'org.hibernate', name: 'hibernate-validator', version: hibernateValidatorVersion implementation group: 'javax.el', name: 'javax.el-api', version: '3.0.0' diff --git a/custom-configurations/build.gradle b/custom-configurations/build.gradle index 76e39204043..217fe92f801 100644 --- a/custom-configurations/build.gradle +++ b/custom-configurations/build.gradle @@ -14,7 +14,6 @@ dependencies { implementation group: 'org.springframework.data', name: 'spring-data-jpa', version: springDataJpaFrameworkVersion implementation group: 'org.springframework.boot', name: 'spring-boot-starter-web', version: springBootVersion - implementation group: 'org.springframework.boot', name: 'spring-boot-starter-security', version: springBootVersion runtimeOnly group: 'org.postgresql', name: 'postgresql', version: postgreSQLVersion diff --git a/dependencies.gradle b/dependencies.gradle index eab14c8d724..0b9105f9bcb 100644 --- a/dependencies.gradle +++ b/dependencies.gradle @@ -6,10 +6,15 @@ ext { // Spring caffeineVersion = '2.8.1' - springBootVersion = '2.7.13' + springBootVersion = '2.7.15' springDataJpaFrameworkVersion = '2.7.12' springFrameworkVersion = '5.3.28' - springSecurityVersion = '5.6.9' + springKafkaVersion = '2.9.9' + springRetryVersion = '1.3.4' + springSecurityJwtVersion = '1.1.1.RELEASE' + springSecurityVersion = '5.8.6' + sprintStateMachineCoreVersion = '1.0.1.RELEASE' + sprintVaultCoreVersion = '2.3.3' // Polling dyngrPollingVersion = '1.1.3' diff --git a/flow/build.gradle b/flow/build.gradle index ef054984b42..d2142a65380 100644 --- a/flow/build.gradle +++ b/flow/build.gradle @@ -30,7 +30,7 @@ dependencies { implementation group: 'org.springframework', name: 'spring-beans', version: springFrameworkVersion implementation group: 'org.springframework', name: 'spring-context', version: springFrameworkVersion implementation group: 'org.springframework.boot', name: 'spring-boot-starter-data-jpa', version: springBootVersion - api group: 'org.springframework.statemachine', name: 'spring-statemachine-core', version: '1.0.1.RELEASE' + api group: 'org.springframework.statemachine', name: 'spring-statemachine-core', version: sprintStateMachineCoreVersion implementation group: 'org.springframework.boot', name: 'spring-boot-starter-quartz', version: springBootVersion implementation group: 'commons-io', name: 'commons-io', version: apacheCommonsIoVersion diff --git a/mock-infrastructure/build.gradle b/mock-infrastructure/build.gradle index 9415445b58a..b3904d49975 100644 --- a/mock-infrastructure/build.gradle +++ b/mock-infrastructure/build.gradle @@ -67,7 +67,7 @@ dependencies { implementation group: 'org.springframework.boot', name: 'spring-boot-starter-actuator', version: springBootVersion implementation group: 'org.springframework', name: 'spring-aspects', version: springFrameworkVersion implementation group: 'org.springframework', name: 'spring-context-support', version: springFrameworkVersion - implementation group: 'org.springframework.security', name: 'spring-security-jwt', version: '1.1.1.RELEASE' + implementation group: 'org.springframework.security', name: 'spring-security-jwt', version: springSecurityJwtVersion implementation group: 'com.fasterxml.jackson.core', name: 'jackson-core', version: jacksonVersion implementation group: 'com.google.protobuf', name: 'protobuf-java-util', version: protobufVersion implementation group: 'io.jsonwebtoken', name: 'jjwt', version: '0.9.1' diff --git a/mock-thunderhead/build.gradle b/mock-thunderhead/build.gradle index 73881dcb862..e194913ec1c 100644 --- a/mock-thunderhead/build.gradle +++ b/mock-thunderhead/build.gradle @@ -65,8 +65,7 @@ dependencies { implementation group: 'org.springframework.boot', name: 'spring-boot-starter-web', version: springBootVersion implementation group: 'org.springframework.boot', name: 'spring-boot-starter-actuator', version: springBootVersion implementation group: 'org.springframework', name: 'spring-context-support', version: springFrameworkVersion - // vulnerable library but this jar is not scanned by aquasec - implementation group: 'org.springframework.security', name: 'spring-security-jwt', version: '1.1.1.RELEASE' + implementation group: 'org.springframework.security', name: 'spring-security-jwt', version: springSecurityJwtVersion implementation group: 'com.fasterxml.jackson.core', name: 'jackson-core', version: jacksonVersion implementation group: 'com.google.protobuf', name: 'protobuf-java-util', version: protobufVersion implementation group: 'io.jsonwebtoken', name: 'jjwt', version: '0.9.1' diff --git a/sdx-connector/build.gradle b/sdx-connector/build.gradle index 8dfbcc9115d..d62738378b0 100644 --- a/sdx-connector/build.gradle +++ b/sdx-connector/build.gradle @@ -22,6 +22,7 @@ dependencies { implementation project(":auth-connector") implementation group: 'org.springframework.boot', name: 'spring-boot-starter-jersey', version: springBootVersion + implementation group: 'org.springframework.security', name: 'spring-security-jwt', version: springSecurityJwtVersion implementation group: 'org.springframework.security', name: 'spring-security-core', version: springSecurityVersion implementation group: 'org.bouncycastle', name: 'bcprov-jdk18on', version: bouncycastleVersion implementation group: 'org.bouncycastle', name: 'bcpkix-jdk18on', version: bouncycastleVersion diff --git a/secret-engine/build.gradle b/secret-engine/build.gradle index af0f68060bc..53c3ab5b6e9 100644 --- a/secret-engine/build.gradle +++ b/secret-engine/build.gradle @@ -24,7 +24,7 @@ dependencies { implementation group: 'com.google.code.gson', name: 'gson', version: gsonVersion implementation group: 'javax.validation', name: 'validation-api', version: '2.0.1.Final' implementation group: 'net.jcip', name: 'jcip-annotations', version: '1.0' - api (group: 'org.springframework.vault', name: 'spring-vault-core', version: '2.3.3') { + api (group: 'org.springframework.vault', name: 'spring-vault-core', version: sprintVaultCoreVersion) { exclude group: 'org.springframework' } implementation group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: { strictly jacksonDatabindVersion } diff --git a/structuredevent-service-cdp/build.gradle b/structuredevent-service-cdp/build.gradle index 16b1c143bc0..3784f4e7be2 100644 --- a/structuredevent-service-cdp/build.gradle +++ b/structuredevent-service-cdp/build.gradle @@ -23,7 +23,7 @@ dependencies { implementation project(':secret-engine') implementation project(':flow') - implementation group: 'org.springframework.kafka', name: 'spring-kafka', version: '2.9.9' + implementation group: 'org.springframework.kafka', name: 'spring-kafka', version: springKafkaVersion implementation group: 'com.google.protobuf', name: 'protobuf-java-util', version: protobufVersion testImplementation group: 'org.springframework.boot', name: 'spring-boot-starter-test', version: springBootVersion diff --git a/structuredevent-service-legacy/build.gradle b/structuredevent-service-legacy/build.gradle index ca71d13af1a..00c912f31d1 100644 --- a/structuredevent-service-legacy/build.gradle +++ b/structuredevent-service-legacy/build.gradle @@ -11,7 +11,7 @@ jar { } dependencies { - implementation group: 'org.springframework.kafka', name: 'spring-kafka', version: '2.9.9' + implementation group: 'org.springframework.kafka', name: 'spring-kafka', version: springKafkaVersion implementation group: 'org.skyscreamer', name: 'jsonassert', version: '1.5.1' implementation project(':structuredevent-model')