Merge pull request #28 from catenax-ng/main

Update DEPENDENCIES file and pom to fix vulnerability
eclipse-tractusx · Jul 25, 2023 · 46c83b0 · 46c83b0
2 parents 5f15a2d + 2784aef
commit 46c83b0
Show file tree

Hide file tree

Showing 3 changed files with 54 additions and 72 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -17,31 +17,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Changed
 - Mapped between API and new Data Model for getting Suppliers and Customers.
-- Updated libraries:
-  - com.github.tomakehurst:wiremock-standalone to 3.0.0-beta-10
-  - io.hypersistence:hypersistence-utils-hibernate-60 to 3.5.1
-  - org.hibernate:hibernate-core to 6.2.6.Final
-  - org.liquibase:liquibase-core to 4.23.0
-  - org.mapstruct:mapstruct to 1.5.5.Final
-  - org.openapitools:jackson-databind-nullable to 0.2.6
-  - org.owasp.esapi:esapi to 2.5.2.0
-  - org.postgresql:postgresql to 42.6.0
-  - org.projectlombok:lombok to 1.18.28
-  - org.springdoc:springdoc-openapi-starter-webmvc-ui to 2.1.0
-  - org.springframework.boot:spring-boot-starter-actuator to 3.1.1
-  - org.springframework.boot:spring-boot-starter-cache to 3.1.1
-  - org.springframework.boot:spring-boot-starter-data-jpa to 3.1.1
-  - org.springframework.boot:spring-boot-starter-oauth2-resource-server to 3.1.1
-  - org.springframework.boot:spring-boot-starter-test to 3.1.1
-  - org.springframework.boot:spring-boot-starter-validation to 3.1.1
-  - org.springframework.boot:spring-boot-starter-web to 3.1.1
-  - org.springframework.cloud:spring-cloud-starter-bootstrap to 4.0.3
+- Major Updated libraries:
+  - Updated spring boot parent version to 3.1.2
+  - org.springframework.boot:spring-boot-starter-web to 3.1.2
   - org.springframework.security:spring-security-web to 6.1.1
-  - org.testcontainers:junit-jupiter to 1.18.3
-  - org.testcontainers:postgresql to 1.18.3
-  - org.zalando:problem-spring-web to 0.26.0
 - Changed Dependencies file with new library versions.
 
+
 ### Fixes
 - Upgraded version of spring-boot-autoconfigure to fix vulnerability to 3.1.1.
 - Upgraded lib on object mapper after org.zalando:problem-spring-web update.

diff --git a/DEPENDENCIES b/DEPENDENCIES
@@ -26,9 +26,9 @@ maven/mavencentral/commons-lang/commons-lang/2.6, Apache-2.0, approved, CQ6183
 maven/mavencentral/commons-logging/commons-logging/1.2, Apache-2.0, approved, CQ10162
 maven/mavencentral/io.hypersistence/hypersistence-tsid/2.0.0, MIT, approved, clearlydefined
 maven/mavencentral/io.hypersistence/hypersistence-utils-hibernate-60/3.5.1, Apache-2.0, approved, #9651
-maven/mavencentral/io.micrometer/micrometer-commons/1.11.1, Apache-2.0 AND (Apache-2.0 AND MIT), approved, #9243
-maven/mavencentral/io.micrometer/micrometer-core/1.11.1, Apache-2.0 AND (Apache-2.0 AND MIT), approved, #9238
-maven/mavencentral/io.micrometer/micrometer-observation/1.11.1, Apache-2.0, approved, #9242
+maven/mavencentral/io.micrometer/micrometer-commons/1.11.2, Apache-2.0 AND (Apache-2.0 AND MIT), approved, #9243
+maven/mavencentral/io.micrometer/micrometer-core/1.11.2, Apache-2.0 AND (Apache-2.0 AND MIT), approved, #9238
+maven/mavencentral/io.micrometer/micrometer-observation/1.11.2, Apache-2.0, approved, #9242
 maven/mavencentral/io.netty/netty-buffer/4.1.94.Final, Apache-2.0, approved, CQ21842
 maven/mavencentral/io.netty/netty-codec-dns/4.1.94.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
 maven/mavencentral/io.netty/netty-codec-http/4.1.94.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
@@ -46,9 +46,9 @@ maven/mavencentral/io.netty/netty-transport-classes-epoll/4.1.94.Final, Apache-2
 maven/mavencentral/io.netty/netty-transport-native-epoll/4.1.94.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
 maven/mavencentral/io.netty/netty-transport-native-unix-common/4.1.94.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
 maven/mavencentral/io.netty/netty-transport/4.1.94.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
-maven/mavencentral/io.projectreactor.netty/reactor-netty-core/1.1.8, Apache-2.0, approved, #5946
-maven/mavencentral/io.projectreactor.netty/reactor-netty-http/1.1.8, Apache-2.0, approved, #6999
-maven/mavencentral/io.projectreactor/reactor-core/3.5.7, Apache-2.0, approved, #5934
+maven/mavencentral/io.projectreactor.netty/reactor-netty-core/1.1.9, Apache-2.0, approved, #5946
+maven/mavencentral/io.projectreactor.netty/reactor-netty-http/1.1.9, Apache-2.0, approved, #6999
+maven/mavencentral/io.projectreactor/reactor-core/3.5.8, Apache-2.0, approved, #5934
 maven/mavencentral/io.swagger.core.v3/swagger-annotations-jakarta/2.2.9, Apache-2.0, approved, #5947
 maven/mavencentral/io.swagger.core.v3/swagger-core-jakarta/2.2.9, Apache-2.0, approved, #5929
 maven/mavencentral/io.swagger.core.v3/swagger-models-jakarta/2.2.9, Apache-2.0, approved, #5919
@@ -73,9 +73,9 @@ maven/mavencentral/org.apache.httpcomponents.core5/httpcore5-h2/5.2.2, Apache-2.
 maven/mavencentral/org.apache.httpcomponents.core5/httpcore5/5.2.2, Apache-2.0, approved, #9652
 maven/mavencentral/org.apache.logging.log4j/log4j-api/2.20.0, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.apache.logging.log4j/log4j-to-slf4j/2.20.0, Apache-2.0, approved, #8799
-maven/mavencentral/org.apache.tomcat.embed/tomcat-embed-core/10.1.10, Apache-2.0 AND (EPL-2.0 OR GPL-2.0-only WITH Classpath-exception-2.0) AND (CDDL-1.0 OR GPL-2.0-only WITH Classpath-exception-2.0) AND W3C AND CC0-1.0, approved, #5949
-maven/mavencentral/org.apache.tomcat.embed/tomcat-embed-el/10.1.10, Apache-2.0, approved, #6997
-maven/mavencentral/org.apache.tomcat.embed/tomcat-embed-websocket/10.1.10, Apache-2.0, approved, #7920
+maven/mavencentral/org.apache.tomcat.embed/tomcat-embed-core/10.1.11, Apache-2.0 AND (EPL-2.0 OR GPL-2.0-only WITH Classpath-exception-2.0) AND (CDDL-1.0 OR GPL-2.0-only WITH Classpath-exception-2.0) AND W3C AND CC0-1.0, approved, #5949
+maven/mavencentral/org.apache.tomcat.embed/tomcat-embed-el/10.1.11, Apache-2.0, approved, #6997
+maven/mavencentral/org.apache.tomcat.embed/tomcat-embed-websocket/10.1.11, Apache-2.0, approved, #7920
 maven/mavencentral/org.apache.xmlgraphics/batik-constants/1.16, Apache-2.0, approved, #4276
 maven/mavencentral/org.apache.xmlgraphics/batik-css/1.16, Apache-2.0, approved, #4289
 maven/mavencentral/org.apache.xmlgraphics/batik-i18n/1.16, Apache-2.0, approved, #4282
@@ -88,9 +88,9 @@ maven/mavencentral/org.bouncycastle/bcpkix-jdk15on/1.69, MIT, approved, clearlyd
 maven/mavencentral/org.bouncycastle/bcprov-jdk15on/1.69, MIT, approved, clearlydefined
 maven/mavencentral/org.bouncycastle/bcutil-jdk15on/1.69, MIT, approved, clearlydefined
 maven/mavencentral/org.hibernate.orm/hibernate-core/6.2.6.Final, LGPL-2.1-only AND Apache-2.0 AND MIT AND CC-PDDC AND (EPL-2.0 OR BSD-3-Clause), approved, #9121
-maven/mavencentral/org.hibernate.validator/hibernate-validator/8.0.0.Final, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.hibernate.validator/hibernate-validator/8.0.1.Final, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.htmlunit/neko-htmlunit/3.1.0, Apache-2.0, approved, clearlydefined
-maven/mavencentral/org.jboss.logging/jboss-logging/3.5.1.Final, Apache-2.0, approved, #9471
+maven/mavencentral/org.jboss.logging/jboss-logging/3.5.3.Final, Apache-2.0, approved, #9471
 maven/mavencentral/org.liquibase/liquibase-core/4.23.0, Apache-2.0, approved, #9650
 maven/mavencentral/org.mapstruct/mapstruct/1.5.5.Final, Apache-2.0, approved, #6277
 maven/mavencentral/org.openapitools/jackson-databind-nullable/0.2.6, Apache-2.0, approved, #3294
@@ -105,55 +105,55 @@ maven/mavencentral/org.slf4j/slf4j-api/2.0.7, MIT, approved, #5915
 maven/mavencentral/org.springdoc/springdoc-openapi-starter-common/2.1.0, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.springdoc/springdoc-openapi-starter-webmvc-api/2.1.0, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.springdoc/springdoc-openapi-starter-webmvc-ui/2.1.0, Apache-2.0, approved, clearlydefined
-maven/mavencentral/org.springframework.boot/spring-boot-actuator-autoconfigure/3.1.1, Apache-2.0, approved, #9348
-maven/mavencentral/org.springframework.boot/spring-boot-actuator/3.1.1, Apache-2.0, approved, #9342
-maven/mavencentral/org.springframework.boot/spring-boot-autoconfigure/3.1.1, Apache-2.0, approved, #9341
-maven/mavencentral/org.springframework.boot/spring-boot-starter-actuator/3.1.1, Apache-2.0, approved, #9344
-maven/mavencentral/org.springframework.boot/spring-boot-starter-aop/3.1.1, Apache-2.0, approved, #9338
-maven/mavencentral/org.springframework.boot/spring-boot-starter-cache/3.1.1, Apache-2.0, approved, #9653
-maven/mavencentral/org.springframework.boot/spring-boot-starter-data-jpa/3.1.1, Apache-2.0, approved, clearlydefined
-maven/mavencentral/org.springframework.boot/spring-boot-starter-jdbc/3.1.1, Apache-2.0, approved, clearlydefined
-maven/mavencentral/org.springframework.boot/spring-boot-starter-json/3.1.1, Apache-2.0, approved, #9336
-maven/mavencentral/org.springframework.boot/spring-boot-starter-logging/3.1.1, Apache-2.0, approved, #9343
+maven/mavencentral/org.springframework.boot/spring-boot-actuator-autoconfigure/3.1.2, Apache-2.0, approved, #9348
+maven/mavencentral/org.springframework.boot/spring-boot-actuator/3.1.2, Apache-2.0, approved, #9342
+maven/mavencentral/org.springframework.boot/spring-boot-autoconfigure/3.1.2, Apache-2.0, approved, #9341
+maven/mavencentral/org.springframework.boot/spring-boot-starter-actuator/3.1.2, Apache-2.0, approved, #9344
+maven/mavencentral/org.springframework.boot/spring-boot-starter-aop/3.1.2, Apache-2.0, approved, #9338
+maven/mavencentral/org.springframework.boot/spring-boot-starter-cache/3.1.2, Apache-2.0, approved, #9653
+maven/mavencentral/org.springframework.boot/spring-boot-starter-data-jpa/3.1.2, Apache-2.0, approved, #9733
+maven/mavencentral/org.springframework.boot/spring-boot-starter-jdbc/3.1.2, Apache-2.0, approved, #9737
+maven/mavencentral/org.springframework.boot/spring-boot-starter-json/3.1.2, Apache-2.0, approved, #9336
+maven/mavencentral/org.springframework.boot/spring-boot-starter-logging/3.1.2, Apache-2.0, approved, #9343
 maven/mavencentral/org.springframework.boot/spring-boot-starter-oauth2-client/3.1.1, Apache-2.0, approved, #8806
 maven/mavencentral/org.springframework.boot/spring-boot-starter-oauth2-resource-server/3.1.1, Apache-2.0, approved, #8804
-maven/mavencentral/org.springframework.boot/spring-boot-starter-reactor-netty/3.1.1, Apache-2.0, approved, clearlydefined
-maven/mavencentral/org.springframework.boot/spring-boot-starter-tomcat/3.1.1, Apache-2.0, approved, #9351
-maven/mavencentral/org.springframework.boot/spring-boot-starter-validation/3.1.1, Apache-2.0, approved, #9335
-maven/mavencentral/org.springframework.boot/spring-boot-starter-web/3.1.1, Apache-2.0, approved, #9347
-maven/mavencentral/org.springframework.boot/spring-boot-starter-webflux/3.1.1, Apache-2.0, approved, clearlydefined
-maven/mavencentral/org.springframework.boot/spring-boot-starter/3.1.1, Apache-2.0, approved, #9349
-maven/mavencentral/org.springframework.boot/spring-boot/3.1.1, Apache-2.0, approved, #9352
+maven/mavencentral/org.springframework.boot/spring-boot-starter-reactor-netty/3.1.2, Apache-2.0, approved, #9738
+maven/mavencentral/org.springframework.boot/spring-boot-starter-tomcat/3.1.2, Apache-2.0, approved, #9351
+maven/mavencentral/org.springframework.boot/spring-boot-starter-validation/3.1.2, Apache-2.0, approved, #9335
+maven/mavencentral/org.springframework.boot/spring-boot-starter-web/3.1.2, Apache-2.0, approved, #9347
+maven/mavencentral/org.springframework.boot/spring-boot-starter-webflux/3.1.2, Apache-2.0, approved, #9739
+maven/mavencentral/org.springframework.boot/spring-boot-starter/3.1.2, Apache-2.0, approved, #9349
+maven/mavencentral/org.springframework.boot/spring-boot/3.1.2, Apache-2.0, approved, #9352
 maven/mavencentral/org.springframework.cloud/spring-cloud-commons/4.0.3, Apache-2.0, approved, #7292
 maven/mavencentral/org.springframework.cloud/spring-cloud-context/4.0.3, Apache-2.0, approved, #7306
 maven/mavencentral/org.springframework.cloud/spring-cloud-starter-bootstrap/4.0.3, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.springframework.cloud/spring-cloud-starter/4.0.3, Apache-2.0, approved, #7299
-maven/mavencentral/org.springframework.data/spring-data-commons/3.1.1, Apache-2.0, approved, #8805
-maven/mavencentral/org.springframework.data/spring-data-jpa/3.1.1, Apache-2.0, approved, #9120
+maven/mavencentral/org.springframework.data/spring-data-commons/3.1.2, Apache-2.0, approved, #8805
+maven/mavencentral/org.springframework.data/spring-data-jpa/3.1.2, Apache-2.0, approved, #9120
 maven/mavencentral/org.springframework.security.oauth/spring-security-oauth2/2.5.2.RELEASE, Apache-2.0, approved, clearlydefined
-maven/mavencentral/org.springframework.security/spring-security-config/6.1.1, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.springframework.security/spring-security-config/6.1.2, Apache-2.0, approved, #9736
 maven/mavencentral/org.springframework.security/spring-security-core/6.1.1, Apache-2.0, approved, clearlydefined
-maven/mavencentral/org.springframework.security/spring-security-crypto/6.1.1, Apache-2.0, approved, clearlydefined
-maven/mavencentral/org.springframework.security/spring-security-oauth2-client/6.1.1, Apache-2.0, approved, clearlydefined
-maven/mavencentral/org.springframework.security/spring-security-oauth2-core/6.1.1, Apache-2.0, approved, clearlydefined
-maven/mavencentral/org.springframework.security/spring-security-oauth2-jose/6.1.1, Apache-2.0, approved, #9345
-maven/mavencentral/org.springframework.security/spring-security-oauth2-resource-server/6.1.1, Apache-2.0, approved, #8798
+maven/mavencentral/org.springframework.security/spring-security-crypto/6.1.2, Apache-2.0 AND ISC, approved, #9735
+maven/mavencentral/org.springframework.security/spring-security-oauth2-client/6.1.2, Apache-2.0, approved, #9740
+maven/mavencentral/org.springframework.security/spring-security-oauth2-core/6.1.2, Apache-2.0, approved, #9741
+maven/mavencentral/org.springframework.security/spring-security-oauth2-jose/6.1.2, Apache-2.0, approved, #9345
+maven/mavencentral/org.springframework.security/spring-security-oauth2-resource-server/6.1.2, Apache-2.0, approved, #8798
 maven/mavencentral/org.springframework.security/spring-security-rsa/1.0.11.RELEASE, Apache-2.0, approved, CQ20647
 maven/mavencentral/org.springframework.security/spring-security-web/6.1.1, Apache-2.0, approved, clearlydefined
-maven/mavencentral/org.springframework/spring-aop/6.0.10, Apache-2.0, approved, #5940
-maven/mavencentral/org.springframework/spring-aspects/6.0.10, Apache-2.0, approved, #5930
-maven/mavencentral/org.springframework/spring-beans/6.0.10, Apache-2.0, approved, #5937
-maven/mavencentral/org.springframework/spring-context-support/6.0.10, Apache-2.0, approved, #6960
-maven/mavencentral/org.springframework/spring-context/6.0.10, Apache-2.0, approved, #5936
+maven/mavencentral/org.springframework/spring-aop/6.0.11, Apache-2.0, approved, #5940
+maven/mavencentral/org.springframework/spring-aspects/6.0.11, Apache-2.0, approved, #5930
+maven/mavencentral/org.springframework/spring-beans/6.0.11, Apache-2.0, approved, #5937
+maven/mavencentral/org.springframework/spring-context-support/6.0.11, Apache-2.0, approved, #6960
+maven/mavencentral/org.springframework/spring-context/6.0.11, Apache-2.0, approved, #5936
 maven/mavencentral/org.springframework/spring-core/6.0.8, Apache-2.0 AND BSD-3-Clause, approved, #5948
 maven/mavencentral/org.springframework/spring-expression/6.0.8, Apache-2.0, approved, #3284
-maven/mavencentral/org.springframework/spring-jcl/6.0.10, Apache-2.0, approved, #3283
-maven/mavencentral/org.springframework/spring-jdbc/6.0.10, Apache-2.0, approved, #5924
-maven/mavencentral/org.springframework/spring-orm/6.0.10, Apache-2.0, approved, #5925
-maven/mavencentral/org.springframework/spring-tx/6.0.10, Apache-2.0, approved, #5926
-maven/mavencentral/org.springframework/spring-web/6.0.10, Apache-2.0, approved, #5942
-maven/mavencentral/org.springframework/spring-webflux/6.0.10, Apache-2.0, approved, #6964
-maven/mavencentral/org.springframework/spring-webmvc/6.0.10, Apache-2.0, approved, #5944
+maven/mavencentral/org.springframework/spring-jcl/6.0.11, Apache-2.0, approved, #3283
+maven/mavencentral/org.springframework/spring-jdbc/6.0.11, Apache-2.0, approved, #5924
+maven/mavencentral/org.springframework/spring-orm/6.0.11, Apache-2.0, approved, #5925
+maven/mavencentral/org.springframework/spring-tx/6.0.11, Apache-2.0, approved, #5926
+maven/mavencentral/org.springframework/spring-web/6.0.11, Apache-2.0, approved, #5942
+maven/mavencentral/org.springframework/spring-webflux/6.0.11, Apache-2.0, approved, #6964
+maven/mavencentral/org.springframework/spring-webmvc/6.0.11, Apache-2.0, approved, #5944
 maven/mavencentral/org.webjars/swagger-ui/4.18.2, Apache-2.0, approved, #7850
 maven/mavencentral/org.yaml/snakeyaml/2.0, Apache-2.0 AND (Apache-2.0 OR BSD-3-Clause OR EPL-1.0 OR GPL-2.0-or-later OR LGPL-2.1-or-later), approved, #7275
 maven/mavencentral/org.zalando/faux-pas/0.8.0, MIT, approved, clearlydefined

diff --git a/pom.xml b/pom.xml
@@ -23,7 +23,7 @@
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>3.1.1</version>
+        <version>3.1.2</version>
         <relativePath/> <!-- lookup parent from repository -->
     </parent>
     <groupId>org.eclipse.tractusx</groupId>
@@ -38,7 +38,7 @@
         <org.projectlombok.version>1.18.28</org.projectlombok.version>
         <liquibase.version>4.23.0</liquibase.version>
         <liquibase-hibernate5.version>4.22.0</liquibase-hibernate5.version>
-        <spring-boot.version>3.1.1</spring-boot.version>
+        <spring-boot.version>3.1.2</spring-boot.version>
         <org.zalando.problem-spring-web>0.26.0</org.zalando.problem-spring-web>
         <org.springdoc.springdoc-openapi-ui>2.1.0</org.springdoc.springdoc-openapi-ui>
         <org.springframework.cloud>4.0.3</org.springframework.cloud>