CIV-4458 bulk claim fee (#94)

* Update README.md * CVE updates * CVE updates * CVE updates CVE-2023-6378 CVE-2023-34055 CVE-2023-34053 CVE-2023-46589 * Chart.yaml * Bumping chart version/ fixing aliases * point at civil * Update CVE-2023-33202 * Update CVE-2023-6481 --------- Co-authored-by: hmcts-jenkins-a-to-c <62422075+hmcts-jenkins-a-to-c[bot]@users.noreply.github.com>
hmcts · Jan 24, 2024 · 0a8ee0d · 0a8ee0d
1 parent 6d814bf
commit 0a8ee0d
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 17 deletions.
diff --git a/build.gradle b/build.gradle
@@ -6,7 +6,7 @@ plugins {
   id 'checkstyle'
   id 'jacoco'
   id 'io.spring.dependency-management' version '1.1.2'
-  id 'org.springframework.boot' version '3.1.4'
+  id 'org.springframework.boot' version '3.2.0'
   id 'org.owasp.dependencycheck' version '9.0.4'
   id 'com.github.ben-manes.versions' version '0.47.0'
   id 'org.sonarqube' version '4.4.0.3356'
@@ -230,7 +230,7 @@ dependencies {
   implementation group: 'org.springframework.boot', name: 'spring-boot-starter-aop'
   implementation group: 'org.springframework.boot', name: 'spring-boot-starter-json'
   implementation group: 'org.springframework.boot', name: 'spring-boot-starter-validation'
-  implementation group: 'org.springdoc', name: 'springdoc-openapi-starter-webmvc-ui', version: '2.1.0'
+  implementation group: 'org.springdoc', name: 'springdoc-openapi-starter-webmvc-ui', version: '2.2.0'
 
   implementation 'javax.ws.rs:jsr311-api:1.1.1'
   implementation group: 'javax.xml.bind', name: 'jaxb-api', version: '2.3.1'
@@ -259,9 +259,9 @@ dependencies {
   testAnnotationProcessor group: 'org.projectlombok', name: 'lombok', version: lombokVersion
   testCompileOnly group: 'org.projectlombok', name: 'lombok', version: lombokVersion
 
-  implementation group: 'org.springframework.cloud', name: 'spring-cloud-starter-netflix-hystrix', version: '2.2.10.RELEASE'
-  implementation group: 'org.springframework.cloud', name: 'spring-cloud-starter-openfeign', version: '4.0.3'
-  implementation group: 'org.springframework.cloud', name: 'spring-cloud-openfeign-core', version: '4.0.3'
+  implementation group: 'org.apache.commons', name: 'commons-lang3', version: '3.14.0'
+  implementation group: 'org.springframework.cloud', name: 'spring-cloud-starter-openfeign', version: '4.1.0'
+  implementation group: 'org.springframework.cloud', name: 'spring-cloud-openfeign-core', version: '4.1.0'
 
   implementation group: 'com.github.hmcts', name: 'ccd-client', version: '4.9.2'
   implementation group: 'com.github.hmcts', name: 'idam-java-client', version: '3.0.1'
@@ -280,11 +280,16 @@ dependencies {
 dependencyManagement {
   dependencies {
 // Fix CVE-2023-42795, CVE-2023-45648
-    dependencySet(group: 'org.apache.tomcat.embed', version: '10.1.15') {
+    dependencySet(group: 'org.apache.tomcat.embed', version: '10.1.16') {
       entry 'tomcat-embed-core'
       entry 'tomcat-embed-el'
       entry 'tomcat-embed-websocket'
     }
+    // CVE-2023-6378
+    dependencySet(group: 'ch.qos.logback', version: '1.4.14') {
+      entry 'logback-core'
+      entry 'logback-classic'
+    }
   }
 }
 

diff --git a/charts/civil-orchestrator-service/Chart.yaml b/charts/civil-orchestrator-service/Chart.yaml
@@ -3,15 +3,15 @@ appVersion: "1.0"
 description: A Helm chart for civil-orchestrator-service App
 name: civil-orchestrator-service
 home: https://github.com/hmcts/civil-orchestrator-service
-version: 0.0.17
+version: 0.0.18
 maintainers:
   - name: HMCTS civil team
 dependencies:
   - name: java
     version: 5.0.0
     repository: 'https://hmctspublic.azurecr.io/helm/v1/repo/'
   - name: civil-service
-    version: 0.0.48
+    version: 0.0.58
     repository: 'https://hmctspublic.azurecr.io/helm/v1/repo/'
     condition: civil-service.enabled
   - name: ccd
@@ -27,6 +27,6 @@ dependencies:
     repository: 'https://hmctspublic.azurecr.io/helm/v1/repo/'
     condition: idam-pr.enabled
   - name: camunda-bpm
-    version: 0.0.39
+    version: 0.0.44
     repository: 'https://hmctspublic.azurecr.io/helm/v1/repo/'
     condition: camunda-bpm.enabled
diff --git a/config/owasp/suppressions.xml b/config/owasp/suppressions.xml
@@ -20,12 +20,5 @@
     <cve>CVE-2023-41080</cve>
     <cve>CVE-2023-5072</cve>
   </suppress>
-  <suppress until="2024-01-14">
-    <cve>CVE-2023-33202</cve>
-    <cve>CVE-2023-34053</cve>
-    <cve>CVE-2023-34055</cve>
-    <cve>CVE-2023-46589</cve>
-    <cve>CVE-2023-6378</cve>
-  </suppress>
   <!--End of temporary suppression section -->
 </suppressions>
diff --git a/src/main/java/uk/gov/hmcts/reform/civil/model/casedata/Party.java b/src/main/java/uk/gov/hmcts/reform/civil/model/casedata/Party.java
@@ -5,7 +5,7 @@
 import lombok.Builder;
 import lombok.Data;
 import lombok.NoArgsConstructor;
-import org.apache.commons.lang.StringUtils;
+import org.apache.commons.lang3.StringUtils;
 
 @Data
 @Builder(toBuilder = true)