feat: update Java dependemcies

matihost · Dec 22, 2024 · 251d732 · 251d732
1 parent 8492ffa
commit 251d732
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 8 deletions.
diff --git a/java/pom.xml b/java/pom.xml
@@ -45,7 +45,7 @@
     <maven.test.skip>false</maven.test.skip>
 
     <!-- Spring Boot -->
-    <spring.boot.version>3.3.5</spring.boot.version>
+    <spring.boot.version>3.4.1</spring.boot.version>
 
     <encoding>UTF-8</encoding>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
@@ -61,15 +61,15 @@
 
     <!-- Scala 3-->
     <scala.compat.version>3</scala.compat.version>
-    <scala.version>${scala.compat.version}.6.1</scala.version>
+    <scala.version>${scala.compat.version}.6.2</scala.version>
     <scala.spec2.version>5.5.8</scala.spec2.version>
     <scala.test.version>3.2.19</scala.test.version>
     <scala.test.plus.version>3.2.19.0</scala.test.plus.version>
     <!-- Scala 3 still depends on Scala 2 for backward compatibility -->
     <scala2.version>2.13.15</scala2.version>
 
     <!-- IBM MQ client -->
-    <mq.version>9.4.1.0</mq.version>
+    <mq.version>9.4.1.1</mq.version>
   </properties>
 
   <profiles>
@@ -375,12 +375,14 @@
             </execution>
           </executions>
           <configuration>
-          <excludeVulnerabilityIds>
+            <excludeVulnerabilityIds>
               <!--
-                org.xmlunit:xmlunit-core:jar:2.9.1:test; https://ossindex.sonatype.org/component/pkg:maven/org.xmlunit/[email protected]?utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
-                * [CVE-2024-31573] CWE-1188 (9.2); https://ossindex.sonatype.org/vulnerability/CVE-2024-31573?component-type=maven&component-name=org.xmlunit%2Fxmlunit-core&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
+                ch.qos.logback:logback-core:jar:1.5.12:compile; https://ossindex.sonatype.org/component/pkg:maven/ch.qos.logback/[email protected]?utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
+                * [CVE-2024-12798] CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') (5.9); https://ossindex.sonatype.org/vulnerability/CVE-2024-12798?component-type=maven&component-name=ch.qos.logback%2Flogback-core&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
+                * [CVE-2024-12801] CWE-918: Server-Side Request Forgery (SSRF) (2.4); https://ossindex.sonatype.org/vulnerability/CVE-2024-12801?component-type=maven&component-name=ch.qos.logback%2Flogback-core&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
               -->
-              <exclude>CVE-2024-31573</exclude>
+              <exclude>CVE-2024-12798</exclude>
+              <exclude>CVE-2024-12801</exclude>
             </excludeVulnerabilityIds>
             <reportFile>${project.build.directory}/audit-report.json</reportFile>
           </configuration>

diff --git a/terraform/gcp/keycloak/module/keycloak/api.tf b/terraform/gcp/keycloak/module/keycloak/api.tf
@@ -1,5 +1,5 @@
 locals {
-  required-apis = ["run", "sql-component", "binaryauthorization", "sqladmin"]
+  required-apis = ["run", "sql-component", "binaryauthorization", "sqladmin", "secretmanager"]
 }
 
 resource "google_project_service" "required" {