From e608a3da1f132e72e371e3fd83857f378d1c6e45 Mon Sep 17 00:00:00 2001 From: David Jones Date: Wed, 17 Jul 2024 17:13:41 +0100 Subject: [PATCH 1/8] PAY-7240: Pipeline-Fix --- api/build.gradle | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/api/build.gradle b/api/build.gradle index 7fd73a0f4..dc496e0bc 100644 --- a/api/build.gradle +++ b/api/build.gradle @@ -67,6 +67,23 @@ sonarqube { } } +dependencyManagement { + dependencies { + dependencySet( + group: 'org.codehaus.groovy.modules.http-builder', + version: '0.7.1' + ) { + entry 'http-builder' + } + dependencySet( + group: 'org.ajoberstar', + version: '1.7.2' + ) { + entry 'grgit' + } + } +} + def javaLoggingVersion = '6.0.1' dependencies { implementation project(':fees-register-model') From 73c501c7b24eeabc649e6b3b56f02bd37a289bf5 Mon Sep 17 00:00:00 2001 From: David Jones Date: Wed, 17 Jul 2024 17:30:57 +0100 Subject: [PATCH 2/8] PAY-7240: Pipeline-Fix --- api/build.gradle | 17 ----------------- build.gradle | 15 +++++++++++++++ cve-resolution-strategy.gradle | 8 ++++++++ 3 files changed, 23 insertions(+), 17 deletions(-) diff --git a/api/build.gradle b/api/build.gradle index dc496e0bc..7fd73a0f4 100644 --- a/api/build.gradle +++ b/api/build.gradle @@ -67,23 +67,6 @@ sonarqube { } } -dependencyManagement { - dependencies { - dependencySet( - group: 'org.codehaus.groovy.modules.http-builder', - version: '0.7.1' - ) { - entry 'http-builder' - } - dependencySet( - group: 'org.ajoberstar', - version: '1.7.2' - ) { - entry 'grgit' - } - } -} - def javaLoggingVersion = '6.0.1' dependencies { implementation project(':fees-register-model') diff --git a/build.gradle b/build.gradle index f4c3ddde7..431b09279 100644 --- a/build.gradle +++ b/build.gradle @@ -63,6 +63,21 @@ allprojects { mavenBom "org.springframework.boot:spring-boot-dependencies:2.7.18" mavenBom 'org.apache.logging.log4j:log4j-bom:2.17.1' } + + dependencies { + dependencySet( + group: 'org.codehaus.groovy.modules.http-builder', + version: '0.7.1' + ) { + entry 'http-builder' + } + dependencySet( + group: 'org.ajoberstar', + version: '1.7.2' + ) { + entry 'grgit' + } + } } } diff --git a/cve-resolution-strategy.gradle b/cve-resolution-strategy.gradle index 706a99cbf..90f595463 100644 --- a/cve-resolution-strategy.gradle +++ b/cve-resolution-strategy.gradle @@ -132,6 +132,14 @@ configurations.all { if (det.requested.name == 'jjwt') { det.useVersion '0.12.5' } + + if (det.requested.name == 'http-builder') { + det.useVersion '0.7.1' + } + + if (det.requested.name == 'grgit') { + det.useVersion '1.7.2' + } } } } From 8e7eab1d2ff95c8c337ebe8afbf8e6a2d3eaab6a Mon Sep 17 00:00:00 2001 From: David Jones Date: Wed, 17 Jul 2024 17:43:25 +0100 Subject: [PATCH 3/8] PAY-7240: Pipeline-Fix --- build.gradle | 1 + 1 file changed, 1 insertion(+) diff --git a/build.gradle b/build.gradle index 431b09279..dcca37d4e 100644 --- a/build.gradle +++ b/build.gradle @@ -54,6 +54,7 @@ allprojects { mavenCentral() jcenter() maven { url 'https://jitpack.io' } + maven { url 'https://repo.spring.io/libs-milestone' } } apply from: "${rootDir}/cve-resolution-strategy.gradle" From 453f4354aa5b3716adf7ce065761daaceab78102 Mon Sep 17 00:00:00 2001 From: David Jones Date: Wed, 17 Jul 2024 18:08:54 +0100 Subject: [PATCH 4/8] PAY-7240: Pipeline-Fix --- build.gradle | 2 ++ cve-resolution-strategy.gradle | 8 -------- 2 files changed, 2 insertions(+), 8 deletions(-) diff --git a/build.gradle b/build.gradle index dcca37d4e..8a35b3eca 100644 --- a/build.gradle +++ b/build.gradle @@ -149,6 +149,8 @@ subprojects { implementation group: 'org.springdoc', name: 'springdoc-openapi-webmvc-core', version: '1.7.0' implementation group: 'com.fasterxml.jackson.core', name: 'jackson-core', version: '2.17.1' implementation group: 'com.fasterxml.jackson.core', name: 'jackson-annotations', version: '2.17.1' + implementation group: 'org.codehaus.groovy.modules.http-builder', name: 'http-builder', version: '0.7.2' + implementation group: 'org.ajoberstar', name: 'grgit', version: '1.9.3' } task sourcesJar(type: Jar, dependsOn: classes) { diff --git a/cve-resolution-strategy.gradle b/cve-resolution-strategy.gradle index 90f595463..706a99cbf 100644 --- a/cve-resolution-strategy.gradle +++ b/cve-resolution-strategy.gradle @@ -132,14 +132,6 @@ configurations.all { if (det.requested.name == 'jjwt') { det.useVersion '0.12.5' } - - if (det.requested.name == 'http-builder') { - det.useVersion '0.7.1' - } - - if (det.requested.name == 'grgit') { - det.useVersion '1.7.2' - } } } } From ac79aed27c45380216dbbc07741252b58a549303 Mon Sep 17 00:00:00 2001 From: David Jones Date: Wed, 17 Jul 2024 18:17:05 +0100 Subject: [PATCH 5/8] PAY-7240: Pipeline-Fix --- dependency-check-suppressions.xml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/dependency-check-suppressions.xml b/dependency-check-suppressions.xml index 11a65d7a9..54da11d5d 100644 --- a/dependency-check-suppressions.xml +++ b/dependency-check-suppressions.xml @@ -301,6 +301,27 @@ CVE-2023-6378 + + + + What is going on here. + + CVE-2019-10086 + CVE-2008-5730 + CVE-2008-5742 + CVE-2022-23437 + CVE-2014-0114 + CVE-2022-24839 + CVE-2016-5725 + CVE-2023-4759 + CVE-2008-5727 + CVE-2015-2214 + CVE-2008-5728 + CVE-2015-6420 + CVE-2008-5729 + CVE-2018-2799 + + From f98b6f3a092234286f3f5dc3fc6ac828e82ecc32 Mon Sep 17 00:00:00 2001 From: David Jones Date: Wed, 17 Jul 2024 18:33:06 +0100 Subject: [PATCH 6/8] PAY-7240: Pipeline-Fix --- api/build.gradle | 4 ++++ build.gradle | 31 +++---------------------------- 2 files changed, 7 insertions(+), 28 deletions(-) diff --git a/api/build.gradle b/api/build.gradle index 7fd73a0f4..60060d6c6 100644 --- a/api/build.gradle +++ b/api/build.gradle @@ -1,5 +1,9 @@ buildscript { + ext { + springBootVersion = '2.7.18' + } dependencies { + classpath("org.springframework.boot:spring-boot-gradle-plugin:${springBootVersion}") classpath "net.serenity-bdd:serenity-gradle-plugin:3.2.3" classpath "net.serenity-bdd:serenity-single-page-report:3.2.3" } diff --git a/build.gradle b/build.gradle index 8a35b3eca..7af91645b 100644 --- a/build.gradle +++ b/build.gradle @@ -5,7 +5,7 @@ plugins { id 'io.spring.dependency-management' version '1.0.15.RELEASE' id 'org.owasp.dependencycheck' version '9.1.0' id "uk.gov.hmcts.java" version '0.12.0' - id "com.gorylenko.gradle-git-properties" version "1.4.21" + id "com.gorylenko.gradle-git-properties" version "2.4.2" id 'jacoco' id 'maven-publish' id 'com.jfrog.bintray' version '1.8.5' @@ -52,34 +52,11 @@ allprojects { repositories { mavenLocal() mavenCentral() - jcenter() - maven { url 'https://jitpack.io' } - maven { url 'https://repo.spring.io/libs-milestone' } + maven { url "https://repo.maven.apache.org/maven2" } + maven { url "https://jitpack.io" } } apply from: "${rootDir}/cve-resolution-strategy.gradle" - - dependencyManagement { - imports { - mavenBom "org.springframework.boot:spring-boot-dependencies:2.7.18" - mavenBom 'org.apache.logging.log4j:log4j-bom:2.17.1' - } - - dependencies { - dependencySet( - group: 'org.codehaus.groovy.modules.http-builder', - version: '0.7.1' - ) { - entry 'http-builder' - } - dependencySet( - group: 'org.ajoberstar', - version: '1.7.2' - ) { - entry 'grgit' - } - } - } } @@ -149,8 +126,6 @@ subprojects { implementation group: 'org.springdoc', name: 'springdoc-openapi-webmvc-core', version: '1.7.0' implementation group: 'com.fasterxml.jackson.core', name: 'jackson-core', version: '2.17.1' implementation group: 'com.fasterxml.jackson.core', name: 'jackson-annotations', version: '2.17.1' - implementation group: 'org.codehaus.groovy.modules.http-builder', name: 'http-builder', version: '0.7.2' - implementation group: 'org.ajoberstar', name: 'grgit', version: '1.9.3' } task sourcesJar(type: Jar, dependsOn: classes) { From 7bd5fbb75b559fba5510c4bc9b39f49bb9bb8c35 Mon Sep 17 00:00:00 2001 From: David Jones Date: Wed, 17 Jul 2024 18:39:40 +0100 Subject: [PATCH 7/8] PAY-7240: Pipeline-Fix --- api/build.gradle | 4 ---- build.gradle | 11 ++++++++++- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/api/build.gradle b/api/build.gradle index 60060d6c6..7fd73a0f4 100644 --- a/api/build.gradle +++ b/api/build.gradle @@ -1,9 +1,5 @@ buildscript { - ext { - springBootVersion = '2.7.18' - } dependencies { - classpath("org.springframework.boot:spring-boot-gradle-plugin:${springBootVersion}") classpath "net.serenity-bdd:serenity-gradle-plugin:3.2.3" classpath "net.serenity-bdd:serenity-single-page-report:3.2.3" } diff --git a/build.gradle b/build.gradle index 7af91645b..0534ec147 100644 --- a/build.gradle +++ b/build.gradle @@ -1,3 +1,12 @@ +buildscript { + ext { + springBootVersion = '2.7.18' + } + dependencies { + classpath("org.springframework.boot:spring-boot-gradle-plugin:${springBootVersion}") + } +} + plugins { id 'application' id "org.sonarqube" version "3.0" @@ -5,7 +14,7 @@ plugins { id 'io.spring.dependency-management' version '1.0.15.RELEASE' id 'org.owasp.dependencycheck' version '9.1.0' id "uk.gov.hmcts.java" version '0.12.0' - id "com.gorylenko.gradle-git-properties" version "2.4.2" + id "com.gorylenko.gradle-git-properties" version "2.4.1" id 'jacoco' id 'maven-publish' id 'com.jfrog.bintray' version '1.8.5' From 86f5fdb22a001f652034b8dd22e299690ba711a5 Mon Sep 17 00:00:00 2001 From: David Jones Date: Sun, 21 Jul 2024 19:43:40 +0100 Subject: [PATCH 8/8] PAY-7240: Update classpath for http-builder library --- build.gradle | 25 ++++++++++++++++--------- dependency-check-suppressions.xml | 21 --------------------- 2 files changed, 16 insertions(+), 30 deletions(-) diff --git a/build.gradle b/build.gradle index 0534ec147..b78ddee27 100644 --- a/build.gradle +++ b/build.gradle @@ -1,9 +1,9 @@ buildscript { - ext { - springBootVersion = '2.7.18' - } dependencies { - classpath("org.springframework.boot:spring-boot-gradle-plugin:${springBootVersion}") + classpath('com.jfrog.bintray.gradle:gradle-bintray-plugin:1.8.5') { + exclude(module: 'http-builder') + } + classpath('org.codehaus.groovy.modules.http-builder:http-builder:0.7.1') } } @@ -13,11 +13,10 @@ plugins { id 'org.springframework.boot' version '2.7.18' id 'io.spring.dependency-management' version '1.0.15.RELEASE' id 'org.owasp.dependencycheck' version '9.1.0' - id "uk.gov.hmcts.java" version '0.12.0' + id "uk.gov.hmcts.java" version '0.12.47' id "com.gorylenko.gradle-git-properties" version "2.4.1" id 'jacoco' id 'maven-publish' - id 'com.jfrog.bintray' version '1.8.5' id "au.com.dius.pact" version "4.6.10" } @@ -61,11 +60,19 @@ allprojects { repositories { mavenLocal() mavenCentral() - maven { url "https://repo.maven.apache.org/maven2" } + jcenter() + maven { url 'https://repo.spring.io/libs-milestone' } maven { url "https://jitpack.io" } } apply from: "${rootDir}/cve-resolution-strategy.gradle" + + dependencyManagement { + imports { + mavenBom "org.springframework.boot:spring-boot-dependencies:2.7.18" + mavenBom 'org.apache.logging.log4j:log4j-bom:2.17.1' + } + } } @@ -129,8 +136,8 @@ subprojects { annotationProcessor 'org.projectlombok:lombok:1.18.28' compileOnly group: 'com.google.code.findbugs', name: 'annotations', version: '3.0.1' compileOnly group: 'joda-time', name: 'joda-time', version: '2.9.9' - implementation group: 'org.springframework.boot', name: 'spring-boot-starter-validation' - implementation group: 'org.springframework.boot', name: 'spring-boot-starter-actuator' + implementation group: 'org.springframework.boot', name: 'spring-boot-starter-validation', version: '2.7.18' + implementation group: 'org.springframework.boot', name: 'spring-boot-starter-actuator', version: '2.7.18' implementation group: 'org.springdoc', name: 'springdoc-openapi-ui', version: '1.7.0' implementation group: 'org.springdoc', name: 'springdoc-openapi-webmvc-core', version: '1.7.0' implementation group: 'com.fasterxml.jackson.core', name: 'jackson-core', version: '2.17.1' diff --git a/dependency-check-suppressions.xml b/dependency-check-suppressions.xml index 54da11d5d..11a65d7a9 100644 --- a/dependency-check-suppressions.xml +++ b/dependency-check-suppressions.xml @@ -301,27 +301,6 @@ CVE-2023-6378 - - - - What is going on here. - - CVE-2019-10086 - CVE-2008-5730 - CVE-2008-5742 - CVE-2022-23437 - CVE-2014-0114 - CVE-2022-24839 - CVE-2016-5725 - CVE-2023-4759 - CVE-2008-5727 - CVE-2015-2214 - CVE-2008-5728 - CVE-2015-6420 - CVE-2008-5729 - CVE-2018-2799 - -