Update All patch-minor dependencies

hmcts · Jul 3, 2023 · 0d5d1ce · 0d5d1ce
1 parent 45bbabb
commit 0d5d1ce
Show file tree

Hide file tree

Showing 8 changed files with 432 additions and 334 deletions.
diff --git a/build.gradle b/build.gradle
@@ -1,12 +1,12 @@
 plugins {
   id 'application'
   id 'jacoco'
-  id 'io.spring.dependency-management' version '1.0.10.RELEASE'
-  id 'org.springframework.boot' version '2.4.4'
-  id 'com.github.ben-manes.versions' version '0.36.0'
-  id 'org.sonarqube' version '3.0'
+  id 'io.spring.dependency-management' version '1.1.0'
+  id 'org.springframework.boot' version '2.7.13'
+  id 'com.github.ben-manes.versions' version '0.47.0'
+  id 'org.sonarqube' version '3.5.0.2730'
   id 'uk.gov.hmcts.java' version '0.12.43'
-  id 'com.github.spacialcircumstances.gradle-cucumber-reporting' version '0.1.23'
+  id 'com.github.spacialcircumstances.gradle-cucumber-reporting' version '0.1.25'
 }
 
 ext['spring-framework.version'] = '5.3.26'
@@ -208,12 +208,12 @@ dependencyCheck {
 
 dependencyManagement {
   imports {
-    mavenBom "org.springframework.cloud:spring-cloud-dependencies:2020.0.1"
+    mavenBom "org.springframework.cloud:spring-cloud-dependencies:2020.0.6"
   }
   dependencies {
-    dependency group: 'org.bouncycastle', name: 'bcpkix-jdk15on', version: '1.67'
+    dependency group: 'org.bouncycastle', name: 'bcpkix-jdk15on', version: '1.70'
     // CVE-2018-10237 - Unbounded memory allocation
-    dependencySet(group: 'com.google.guava', version: '30.0-jre') {
+    dependencySet(group: 'com.google.guava', version: '30.1.1-jre') {
       entry 'guava'
     }
   }
@@ -234,15 +234,15 @@ repositories {
 }
 
 def versions = [
-  junit           : '5.7.0',
-  junitPlatform   : '1.7.0',
+  junit           : '5.9.3',
+  junitPlatform   : '1.9.3',
   reformLogging   : '5.1.9',
-  junitVintageVersion : '5.7.0',
+  junitVintageVersion : '5.9.3',
   springBoot      : springBoot.class.package.implementationVersion,
   springfoxSwagger: '3.0.0',
-  testcontainers  : '1.15.1',
-  netty           : '4.1.86.Final',
-  tomcatVersion   : '9.0.73'
+  testcontainers  : '1.18.3',
+  netty           : '4.1.94.Final',
+  tomcatVersion   : '9.0.76'
 ]
 
 ext.libraries = [
@@ -257,7 +257,7 @@ ext.libraries = [
 ]
 
 dependencies {
-  implementation group: 'org.springframework.cloud', name: 'spring-cloud-starter-bootstrap', version: '3.0.1'
+  implementation group: 'org.springframework.cloud', name: 'spring-cloud-starter-bootstrap', version: '3.1.7'
 
   implementation group: 'org.springframework.boot', name: 'spring-boot-starter-web'
   implementation group: 'org.springframework.boot', name: 'spring-boot-starter-actuator'
@@ -282,38 +282,38 @@ dependencies {
   implementation group: 'io.netty', name:'netty-transport-native-kqueue', version: versions.netty
   implementation group: 'io.netty', name:'netty-transport-native-unix-common', version: versions.netty
 
-  implementation group: 'org.glassfish', name: 'jakarta.el', version: '4.0.1' // CVE-2021-28170
+  implementation group: 'org.glassfish', name: 'jakarta.el', version: '4.0.2' // CVE-2021-28170
   // CVE-2021-42550
-  implementation group: 'ch.qos.logback', name: 'logback-classic', version: '1.2.10'
-  implementation group: 'ch.qos.logback', name: 'logback-core', version: '1.2.10'
+  implementation group: 'ch.qos.logback', name: 'logback-classic', version: '1.4.8'
+  implementation group: 'ch.qos.logback', name: 'logback-core', version: '1.4.8'
 
-  implementation group: 'io.hawt', name: 'hawtio-springboot', version: '2.12.0'
+  implementation group: 'io.hawt', name: 'hawtio-springboot', version: '2.17.4'
 
   implementation group: 'io.springfox', name: 'springfox-swagger2', version: versions.springfoxSwagger
 
   implementation group: 'com.github.hmcts.java-logging', name: 'logging', version: versions.reformLogging
   implementation group: 'com.github.hmcts.java-logging', name: 'logging-appinsights', version: versions.reformLogging
 
-  implementation group: 'com.vladmihalcea', name: 'hibernate-types-52', version: '2.10.0'
+  implementation group: 'com.vladmihalcea', name: 'hibernate-types-52', version: '2.21.1'
 
   implementation group: 'org.projectlombok', name: 'lombok', version: versions.lombok
   annotationProcessor group: 'org.projectlombok', name: 'lombok', version: versions.lombok
 
-  implementation group: 'org.hibernate', name: 'hibernate-core', version: '5.4.25.Final' // For CVE-2020-25638
-  implementation group: 'org.apache.httpcomponents', name: 'httpclient', version: '4.5.13' // For CVE-2020-13956
-  implementation group: 'org.apache.activemq', name: 'activemq-client', version: '5.16.1' // For CVE-2021-26117
-  implementation group: 'org.apache.activemq', name: 'activemq-broker', version: '5.16.1' // For CVE-2021-26117
-  implementation group: 'net.minidev', name: 'json-smart', version: '2.4.7'
-  implementation group: 'commons-io', name: 'commons-io', version: '2.8.0'
+  implementation group: 'org.hibernate', name: 'hibernate-core', version: '5.6.15.Final' // For CVE-2020-25638
+  implementation group: 'org.apache.httpcomponents', name: 'httpclient', version: '4.5.14' // For CVE-2020-13956
+  implementation group: 'org.apache.activemq', name: 'activemq-client', version: '5.18.2' // For CVE-2021-26117
+  implementation group: 'org.apache.activemq', name: 'activemq-broker', version: '5.18.2' // For CVE-2021-26117
+  implementation group: 'net.minidev', name: 'json-smart', version: '2.4.11'
+  implementation group: 'commons-io', name: 'commons-io', version: '2.13.0'
   implementation group: 'commons-fileupload', name: 'commons-fileupload', version: '1.5'
 
   compile group: 'org.apache.tomcat.embed', name: 'tomcat-embed-core', version: versions.tomcatVersion
   compile group: 'org.apache.tomcat.embed', name: 'tomcat-embed-websocket', version: versions.tomcatVersion
 
-  runtime group: 'org.postgresql', name: 'postgresql', version: '42.5.1'
-  runtime group: 'com.zaxxer', name: 'HikariCP', version: '4.0.2'
+  runtime group: 'org.postgresql', name: 'postgresql', version: '42.6.0'
+  runtime group: 'com.zaxxer', name: 'HikariCP', version: '4.0.3'
 
-  aatImplementation group: 'com.github.hmcts', name: 'ccd-test-definitions', version: '7.14.0'
+  aatImplementation group: 'com.github.hmcts', name: 'ccd-test-definitions', version: '7.19.12'
   aatImplementation group: 'com.github.hmcts', name: 'befta-fw', version: '8.7.11'
   aatImplementation group: 'org.apache.poi', name: 'poi-ooxml-schemas', version: '4.1.2' //For CVE-2019-12415
   aatImplementation group: 'commons-lang', name: 'commons-lang', version: '2.6'

diff --git a/charts/ccd-message-publisher/Chart.yaml b/charts/ccd-message-publisher/Chart.yaml
@@ -2,14 +2,14 @@ apiVersion: v2
 description: A Helm chart for the HMCTS CCD Message Publisher
 name: ccd-message-publisher
 home: https://github.com/hmcts/ccd-message-publisher
-version: 0.1.12
+version: 0.1.13
 maintainers:
   - name: HMCTS CCD Dev Team
 dependencies:
   - name: java
-    version: 4.0.13
+    version: 4.1.4
     repository: 'https://hmctspublic.azurecr.io/helm/v1/repo/'
   - name: servicebus
-    version: 1.0.2
+    version: 1.0.4
     repository: 'https://hmctspublic.azurecr.io/helm/v1/repo/'
     condition: servicebus.enabled
diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties
@@ -1,5 +1,5 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-6.7.1-all.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-6.9.4-all.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists