PUB-2618 - Updated dependencies (#470)

* PUB-2618 - Updated dependencies

* PUB-2618 - Updated suppressions

* PUB-2618 - Updated data models

build.gradle

@@ -4,11 +4,11 @@ plugins {
   id 'pmd'
   id 'jacoco'
   id 'io.spring.dependency-management' version '1.1.6'
-  id 'org.springframework.boot' version '3.3.2'
-  id 'org.owasp.dependencycheck' version '10.0.0'
+  id 'org.springframework.boot' version '3.3.3'
+  id 'org.owasp.dependencycheck' version '10.0.3'
   id 'com.github.ben-manes.versions' version '0.51.0'
   id 'org.sonarqube' version '5.1.0.4882'
-  id 'io.freefair.lombok' version '8.6'
+  id 'io.freefair.lombok' version '8.10.2'
 }
 
 apply plugin: 'org.owasp.dependencycheck'
@@ -108,12 +108,12 @@ task smoke(type: Test) {
 
 checkstyle {
   maxWarnings = 0
-  toolVersion = '10.17.0'
+  toolVersion = '10.18.2'
   getConfigDirectory().set(new File(rootDir, 'config/checkstyle'))
 }
 
 pmd {
-  toolVersion = "7.4.0"
+  toolVersion = "7.6.0"
   sourceSets = [sourceSets.main, sourceSets.test, sourceSets.integrationTest, sourceSets.functionalTest, sourceSets.smokeTest]
   reportsDir = file("$project.buildDir/reports/pmd")
   ruleSetFiles = files("config/pmd/ruleset.xml")
@@ -161,8 +161,8 @@ repositories {
 }
 
 ext {
-  log4JVersion = '2.23.1'
-  reformLogging = '6.1.5'
+  log4JVersion = '2.24.1'
+  reformLogging = '6.1.6'
 }
 
 
@@ -175,7 +175,7 @@ dependencies {
   implementation group: 'org.springframework.boot', name: 'spring-boot-starter-oauth2-resource-server'
   implementation group: 'org.springframework.boot', name: 'spring-boot-starter-oauth2-client'
   implementation group: 'org.springframework.boot', name: 'spring-boot-starter-webflux'
-  implementation group: 'com.azure.spring', name: 'spring-cloud-azure-starter-active-directory', version: '5.15.0'
+  implementation group: 'com.azure.spring', name: 'spring-cloud-azure-starter-active-directory', version: '5.16.0'
   implementation group: 'org.springdoc', name: 'springdoc-openapi-starter-webmvc-ui', version: '2.6.0'
   implementation group: 'com.github.hmcts.java-logging', name: 'logging', version: reformLogging
   implementation group: 'com.github.hmcts.java-logging', name: 'logging-appinsights', version: reformLogging
@@ -186,20 +186,20 @@ dependencies {
   implementation group: 'net.logstash.logback', name: 'logstash-logback-encoder', version: '8.0'
 
   implementation group: 'uk.gov.service.notify', name: 'notifications-java-client', version: '5.2.0-RELEASE'
-  implementation group: 'com.github.hmcts', name: 'pip-data-models', version: '2.1.30', {
+  implementation group: 'com.github.hmcts', name: 'pip-data-models', version: '2.1.31', {
     exclude group: 'org.springframework.boot', module: 'spring-boot-starter-data-jpa'
   }
 
   implementation group: 'org.apache.logging.log4j', name: 'log4j-api', version: '2.23.1'
   implementation group: 'org.apache.logging.log4j', name: 'log4j-to-slf4j', version: '2.23.1'
   implementation group: 'com.opencsv', name: 'opencsv', version: '5.9'
   implementation group: 'org.apache.poi', name: 'poi-ooxml', version: '5.3.0'
-  implementation group: 'org.redisson', name: 'redisson', version: '3.34.1'
+  implementation group: 'org.redisson', name: 'redisson', version: '3.37.0'
   implementation group: 'com.giffing.bucket4j.spring.boot.starter', name: 'bucket4j-spring-boot-starter', version: '0.12.7'
 
   testImplementation group: 'org.springframework.security', name: 'spring-security-test'
 
-  testImplementation(platform('org.junit:junit-bom:5.10.3'))
+  testImplementation(platform('org.junit:junit-bom:5.11.2'))
   testRuntimeOnly 'org.junit.jupiter:junit-jupiter-engine'
 
   testImplementation group: 'org.springframework.boot', name: 'spring-boot-starter-test', {
@@ -209,12 +209,11 @@ dependencies {
   testImplementation group: 'com.squareup.okhttp3', name: 'mockwebserver', version: '4.12.0'
   testImplementation group: 'com.squareup.okhttp3', name: 'okhttp', version: '4.12.0'
   testImplementation group: 'com.squareup.okhttp3', name: 'okhttp-tls', version: '4.12.0'
-  testImplementation group: 'org.apache.pdfbox', name: 'pdfbox', version: '3.0.2'
+  testImplementation group: 'org.apache.pdfbox', name: 'pdfbox', version: '3.0.3'
   testImplementation group: 'com.redis', name: 'testcontainers-redis', version: '2.2.2'
   testImplementation group: 'org.testcontainers', name: 'junit-jupiter'
   testImplementation group: 'io.github.hakky54', name: 'logcaptor', version: '2.9.3'
-  testImplementation group: 'com.github.hmcts', name: 'fortify-client', version: '1.4.3', classifier: 'all'
-
+  testImplementation group: 'com.github.hmcts', name: 'fortify-client', version: '1.4.4', classifier: 'all'
   functionalTestImplementation group: 'io.rest-assured', name: 'rest-assured'
 }
 

config/owasp/suppressions.xml

@@ -5,11 +5,6 @@
     <packageUrl regex="true">^pkg:maven/com\.azure\.spring/spring\-cloud\-azure\-starter\-active\-directory@.*$</packageUrl>
     <cve>CVE-2021-42306</cve>
   </suppress>
-  <suppress>
-    <notes>The vulnerability exists in the latest version of lib too. Need to wait for new version with the fix</notes>
-    <packageUrl regex="true">^pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.15.4</packageUrl>
-    <cve>CVE-2023-35116</cve>
-  </suppress>
   <suppress>
     <notes><![CDATA[file name: azure-identity-1.11.4.jar]]></notes>
     <packageUrl regex="true">^pkg:maven/com\.azure/azure\-identity@.*$</packageUrl>
@@ -20,12 +15,6 @@
     <packageUrl regex="true">^pkg:maven/com\.azure/azure.*$</packageUrl>
     <cve>CVE-2023-36052</cve>
   </suppress>
-  <suppress>
-    <notes>Vulnerability in commons-compress. Already on latest version of parent</notes>
-    <packageUrl regex="true">^pkg:maven/org.apache.commons/commons-compress@1.25.0</packageUrl>
-    <cve>CVE-2024-25710</cve>
-    <cve>CVE-2024-26308</cve>
-  </suppress>
   <suppress>
     <notes>This vulnerability exists across azure identity and microsoft authentication libraries </notes>
     <cve>CVE-2024-35255</cve>

gradle/wrapper/gradle-wrapper.properties

@@ -1,6 +1,6 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.9-all.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.10.2-all.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME

gradlew

@@ -15,6 +15,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
+# SPDX-License-Identifier: Apache-2.0
+#
 
 ##############################################################################
 #
@@ -84,7 +86,8 @@ done
 # shellcheck disable=SC2034
 APP_BASE_NAME=${0##*/}
 # Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
-APP_HOME=$( cd "${APP_HOME:-./}" > /dev/null && pwd -P ) || exit
+APP_HOME=$( cd -P "${APP_HOME:-./}" > /dev/null && printf '%s
+' "$PWD" ) || exit
 
 # Use the maximum available, or set MAX_FD != -1 to use that value.
 MAX_FD=maximum

gradlew.bat

@@ -13,6 +13,8 @@
 @rem See the License for the specific language governing permissions and
 @rem limitations under the License.
 @rem
+@rem SPDX-License-Identifier: Apache-2.0
+@rem
 
 @if "%DEBUG%"=="" @echo off
 @rem ##########################################################################

infrastructure/.terraform-version

@@ -1 +1 @@
-1.9.4
+1.9.7

infrastructure/providers.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "3.114.0"
+      version = "4.3.0"
     }
   }
 }