diff --git a/build.gradle b/build.gradle index 31e06b05fe4..2d7a5452a87 100644 --- a/build.gradle +++ b/build.gradle @@ -1,12 +1,12 @@ buildscript { ext { - springBootVersion = '2.6.10' + springBootVersion = '2.7.13' } dependencies { - classpath 'org.jsonschema2pojo:jsonschema2pojo-gradle-plugin:1.1.1' + classpath 'org.jsonschema2pojo:jsonschema2pojo-gradle-plugin:1.2.1' } dependencies { - classpath 'org.sonarsource.scanner.gradle:sonarqube-gradle-plugin:2.7' + classpath 'org.sonarsource.scanner.gradle:sonarqube-gradle-plugin:2.8.0.1969' } dependencies { classpath("org.springframework.boot:spring-boot-gradle-plugin:${springBootVersion}") @@ -15,19 +15,19 @@ buildscript { plugins { id 'application' - id 'com.github.ben-manes.versions' version '0.20.0' - id 'io.spring.dependency-management' version '1.0.10.RELEASE' - id 'org.sonarqube' version '2.7' + id 'com.github.ben-manes.versions' version '0.47.0' + id 'io.spring.dependency-management' version '1.1.0' + id 'org.sonarqube' version '2.8' id 'jacoco' - id 'com.github.kt3k.coveralls' version '2.8.2' - id 'se.patrikerdes.use-latest-versions' version '0.2.7' + id 'com.github.kt3k.coveralls' version '2.12.2' + id 'se.patrikerdes.use-latest-versions' version '0.2.18' id 'net.ltgt.apt' version '0.21' - id 'com.github.spacialcircumstances.gradle-cucumber-reporting' version '0.1.23' - id "org.jetbrains.gradle.plugin.idea-ext" version "0.7" - id "info.solidsoft.pitest" version '1.4.0' - id "io.freefair.lombok" version "5.3.0" - id 'uk.gov.hmcts.java' version '0.12.40' - id 'au.com.dius.pact' version '4.1.0' + id 'com.github.spacialcircumstances.gradle-cucumber-reporting' version '0.1.25' + id "org.jetbrains.gradle.plugin.idea-ext" version "0.10" + id "info.solidsoft.pitest" version '1.9.11' + id "io.freefair.lombok" version "5.3.3.3" + id 'uk.gov.hmcts.java' version '0.12.43' + id 'au.com.dius.pact' version '4.6.1' } apply plugin: 'java' @@ -46,7 +46,7 @@ apply plugin: 'se.patrikerdes.use-latest-versions' apply from: './gradle/suppress.gradle' def versions = [ - pact_version : '4.1.7', + pact_version : '4.6.1', ] ext['spring-security.version'] = '5.6.9' ext['spring-framework.version'] = '5.3.26' @@ -83,14 +83,14 @@ repositories { // end::repositories[] ext { - junitJupiterVersion = '5.8.2' - junitVintageVersion = '5.8.2' - powermockVersion = '2.0.7' + junitJupiterVersion = '5.9.3' + junitVintageVersion = '5.9.3' + powermockVersion = '2.0.9' reformLogging = '5.1.9' appInsightsVersion = '2.4.1' swagger2Version = '3.0.0' - hibernateVersion = '5.6.10.Final' - hazelcastVersion = '5.2.1' + hibernateVersion = '5.6.15.Final' + hazelcastVersion = '5.3.1' limits = [ 'instruction': 90, 'branch' : 85, @@ -99,7 +99,7 @@ ext { 'method' : 90, 'class' : 98 ] - springCloudVersion = '2021.0.3' + springCloudVersion = '2021.0.8' } group 'uk.gov.hmcts.ccd' @@ -139,17 +139,17 @@ tasks.withType(Test) { } dependencies { - implementation 'com.google.code.gson:gson:2.8.9' - implementation group: 'org.springframework.cloud', name: 'spring-cloud-starter-bootstrap', version: '3.1.3' - implementation group: 'org.springframework.cloud', name: 'spring-cloud-starter-openfeign', version: '3.1.3' + implementation 'com.google.code.gson:gson:2.10.1' + implementation group: 'org.springframework.cloud', name: 'spring-cloud-starter-bootstrap', version: '3.1.7' + implementation group: 'org.springframework.cloud', name: 'spring-cloud-starter-openfeign', version: '3.1.8' implementation group: 'com.github.hmcts.java-logging', name: 'logging', version: reformLogging implementation group: 'com.github.hmcts.java-logging', name: 'logging-appinsights', version: reformLogging - implementation 'org.mapstruct:mapstruct-jdk8:1.3.1.Final' - implementation 'org.projectlombok:lombok:1.18.16' - annotationProcessor 'org.mapstruct:mapstruct-processor:1.3.1.Final', 'org.projectlombok:lombok:1.18.16', 'org.projectlombok:lombok-mapstruct-binding:0.2.0' - testAnnotationProcessor 'org.mapstruct:mapstruct-processor:1.3.1.Final', 'org.projectlombok:lombok:1.18.16', 'org.projectlombok:lombok-mapstruct-binding:0.2.0' + implementation 'org.mapstruct:mapstruct-jdk8:1.5.5.Final' + implementation 'org.projectlombok:lombok:1.18.28' + annotationProcessor 'org.mapstruct:mapstruct-processor:1.5.5.Final', 'org.projectlombok:lombok:1.18.28', 'org.projectlombok:lombok-mapstruct-binding:0.2.0' + testAnnotationProcessor 'org.mapstruct:mapstruct-processor:1.5.5.Final', 'org.projectlombok:lombok:1.18.28', 'org.projectlombok:lombok-mapstruct-binding:0.2.0' implementation('org.springframework.boot:spring-boot-starter-actuator') @@ -166,47 +166,47 @@ dependencies { implementation group: 'com.hazelcast', name: 'hazelcast-spring', version: hazelcastVersion implementation group: 'javax.inject', name: 'javax.inject', version: '1' - implementation group: 'org.apache.commons', name: 'commons-lang3', version: '3.7' - implementation group: 'org.apache.logging.log4j', name: 'log4j-api', version: '2.17.1' - implementation group: 'org.apache.httpcomponents', name: 'httpclient', version: '4.5.13' + implementation group: 'org.apache.commons', name: 'commons-lang3', version: '3.12.0' + implementation group: 'org.apache.logging.log4j', name: 'log4j-api', version: '2.20.0' + implementation group: 'org.apache.httpcomponents', name: 'httpclient', version: '4.5.14' implementation group: 'io.springfox', name: 'springfox-boot-starter', version: swagger2Version compile "org.flywaydb:flyway-core:6.5.7" - compile group: 'org.yaml', name: 'snakeyaml', version: '1.32' + compile group: 'org.yaml', name: 'snakeyaml', version: '1.33' compile group: 'io.jsonwebtoken', name: 'jjwt', version:'0.9.1' - compile group: 'com.github.hmcts', name: 'service-auth-provider-java-client', version: '4.0.3' - compile group: 'com.github.hmcts', name: 'idam-java-client', version: '2.0.1' + compile group: 'com.github.hmcts', name: 'service-auth-provider-java-client', version: '4.1.2' + compile group: 'com.github.hmcts', name: 'idam-java-client', version: '2.1.1' compile group: 'org.bouncycastle', name: 'bcpkix-jdk15on', version: '1.70' implementation group: 'org.springframework.security', name: 'spring-security-oauth2-client' - implementation group: 'org.springframework.boot', name: 'spring-boot-starter-oauth2-resource-server', version: '2.5.14' + implementation group: 'org.springframework.boot', name: 'spring-boot-starter-oauth2-resource-server', version: '2.7.13' implementation group: 'org.springframework.security', name: 'spring-security-oauth2-resource-server' implementation group: 'org.springframework.security', name: 'spring-security-oauth2-core' implementation group: 'org.springframework.security', name: 'spring-security-oauth2-jose' - implementation "io.github.openfeign:feign-httpclient:11.0" + implementation "io.github.openfeign:feign-httpclient:11.10" - implementation group: 'net.minidev', name: 'json-smart', version: '2.4.7' + implementation group: 'net.minidev', name: 'json-smart', version: '2.5.0' - implementation group: 'com.nimbusds', name: 'nimbus-jose-jwt', version: '9.21' + implementation group: 'com.nimbusds', name: 'nimbus-jose-jwt', version: '9.31' implementation group: 'io.vavr', name: 'vavr', version: '0.10.4' testCompile group: 'io.github.openfeign.form', name: 'feign-form', version: '3.8.0' implementation group: 'io.github.openfeign.form', name: 'feign-form-spring', version: '3.8.0' - implementation group: 'com.sun.mail', name: 'mailapi', version: '1.6.1' + implementation group: 'com.sun.mail', name: 'mailapi', version: '1.6.7' implementation group: 'commons-lang', name: 'commons-lang', version: '2.6' - implementation group: 'commons-validator', name: 'commons-validator', version: '1.6' + implementation group: 'commons-validator', name: 'commons-validator', version: '1.7' // CVE-2019-10086 force update of commons-beanutils. implementation group: 'commons-beanutils', name: 'commons-beanutils', version: '1.9.4' - implementation group: 'com.jayway.jsonpath', name: 'json-path', version: '2.4.0' + implementation group: 'com.jayway.jsonpath', name: 'json-path', version: '2.8.0' implementation group: 'org.awaitility', name: 'awaitility', version: '3.1.6' // CVE-2021-28170 - implementation "org.glassfish:jakarta.el:4.0.1" + implementation "org.glassfish:jakarta.el:4.0.2" implementation group: 'commons-fileupload', name: 'commons-fileupload', version: '1.5' - implementation group: 'commons-io', name: 'commons-io', version: '2.8.0' + implementation group: 'commons-io', name: 'commons-io', version: '2.13.0' // use the latest org.springframework.security implementation group: 'org.springframework.security', name: 'spring-security-core' @@ -214,15 +214,15 @@ dependencies { implementation group: 'org.springframework.security', name: 'spring-security-web' implementation group: 'org.springframework.security', name: 'spring-security-crypto' - implementation group: 'com.vladmihalcea', name: 'hibernate-types-52', version: '2.9.13' + implementation group: 'com.vladmihalcea', name: 'hibernate-types-52', version: '2.21.1' implementation "org.hibernate:hibernate-core:${hibernateVersion}" - implementation group: 'org.apache.commons', name: 'commons-jexl3', version: '3.1' - implementation group: 'pl.jalokim.propertiestojson', name: 'java-properties-to-json', version: '5.1.3' + implementation group: 'org.apache.commons', name: 'commons-jexl3', version: '3.3' + implementation group: 'pl.jalokim.propertiestojson', name: 'java-properties-to-json', version: '5.3.0' // FIXME 0.6 doesn't support jsonb; 0.7 doesn't work on Windows // runtime group: 'com.impossibl.pgjdbc-ng', name: 'pgjdbc-ng', version: '0.6' - runtimeOnly group: 'org.postgresql', name: 'postgresql', version: '42.5.1' - runtimeOnly group: 'com.zaxxer', name: 'HikariCP', version: '4.0.2' + runtimeOnly group: 'org.postgresql', name: 'postgresql', version: '42.6.0' + runtimeOnly group: 'com.zaxxer', name: 'HikariCP', version: '4.0.3' implementation 'org.springframework.boot:spring-boot-starter-validation' @@ -233,46 +233,46 @@ dependencies { testImplementation('org.springframework.boot:spring-boot-starter-test') testImplementation('org.springframework.cloud:spring-cloud-starter-contract-stub-runner') - testCompile ('com.opentable.components:otj-pg-embedded:0.12.0') - testImplementation group: 'org.assertj', name: 'assertj-core', version: '3.22.0' - testImplementation group: 'org.assertj', name: 'assertj-vavr', version: '0.4.2' - testImplementation("org.testcontainers:postgresql:1.15.2") - testCompile ('com.github.tomakehurst:wiremock-jre8:2.25.1') - testCompile ('org.springframework.cloud:spring-cloud-contract-wiremock:2.2.4.RELEASE') + testCompile ('com.opentable.components:otj-pg-embedded:0.13.4') + testImplementation group: 'org.assertj', name: 'assertj-core', version: '3.24.2' + testImplementation group: 'org.assertj', name: 'assertj-vavr', version: '0.4.3' + testImplementation("org.testcontainers:postgresql:1.18.3") + testCompile ('com.github.tomakehurst:wiremock-jre8:2.35.0') + testCompile ('org.springframework.cloud:spring-cloud-contract-wiremock:2.2.6.RELEASE') // To avoid compiler warnings about @API annotations in JUnit5 code. - testCompileOnly 'org.apiguardian:apiguardian-api:1.0.0' + testCompileOnly 'org.apiguardian:apiguardian-api:1.1.2' testCompile "org.junit.jupiter:junit-jupiter-api:${junitJupiterVersion}" testRuntime "org.junit.jupiter:junit-jupiter-engine:${junitJupiterVersion}" testRuntime "org.junit.vintage:junit-vintage-engine:${junitVintageVersion}" - testRuntime "org.junit.platform:junit-platform-commons:1.8.1" - testCompile group: 'org.mockito', name: 'mockito-core', version: '3.6.0' - testCompile group:'org.mockito', name: 'mockito-junit-jupiter', version:'3.6.0' + testRuntime "org.junit.platform:junit-platform-commons:1.9.3" + testCompile group: 'org.mockito', name: 'mockito-core', version: '3.12.4' + testCompile group:'org.mockito', name: 'mockito-junit-jupiter', version:'3.12.4' testCompile group: 'org.powermock', name: 'powermock-api-mockito2', version: powermockVersion testCompile group: 'org.powermock', name: 'powermock-module-junit4', version: powermockVersion - testCompile group: 'io.rest-assured', name: 'rest-assured', version: '4.3.0' - testCompile group: 'com.xebialabs.restito', name: 'restito', version: '0.9.3' + testCompile group: 'io.rest-assured', name: 'rest-assured', version: '4.5.1' + testCompile group: 'com.xebialabs.restito', name: 'restito', version: '0.9.5' testCompile 'io.github.openfeign:feign-jackson:9.7.0' - testCompile 'pl.allegro.tech:embedded-elasticsearch:2.7.0' + testCompile 'pl.allegro.tech:embedded-elasticsearch:2.10.0' testCompile 'com.github.hmcts:fortify-client:1.3.0:all' testImplementation group: 'commons-lang', name: 'commons-lang', version: '2.6' // for sonar analysis testCompile group: 'org.openid4java', name: 'openid4java', version: '1.0.0' // remove me once insights is in - implementation group: 'ch.qos.logback', name: 'logback-classic', version: '1.2.10' - implementation group: 'ch.qos.logback', name: 'logback-core', version: '1.2.10' + implementation group: 'ch.qos.logback', name: 'logback-classic', version: '1.4.8' + implementation group: 'ch.qos.logback', name: 'logback-core', version: '1.4.8' //excluding log4j-core which causes a vulnerability issue implementation(group: 'io.searchbox', name: 'jest', version: '6.3.1') { exclude group: 'org.apache.logging.log4j', module: 'log4j-core' } - implementation(group: 'org.elasticsearch', name: 'elasticsearch', version: '7.16.2') { + implementation(group: 'org.elasticsearch', name: 'elasticsearch', version: '7.17.11') { exclude group: 'org.apache.logging.log4j', module: 'log4j-api' } - implementation 'org.jooq:jool-java-8:0.9.14' - implementation 'com.github.hmcts:ccd-case-document-am-client:1.7.1' + implementation 'org.jooq:jool-java-8:0.9.15' + implementation 'com.github.hmcts:ccd-case-document-am-client:1.59' - testCompile group: 'com.github.hmcts', name: 'ccd-test-definitions', version: '7.19.11' + testCompile group: 'com.github.hmcts', name: 'ccd-test-definitions', version: '7.19.12' testCompile group: 'com.github.hmcts', name: 'befta-fw', version: '8.7.11' @@ -286,9 +286,9 @@ dependencies { contractTestCompile group: 'org.springframework.security', name: 'spring-security-oauth2-resource-server' contractTestCompile group: 'org.springframework.security', name: 'spring-security-oauth2-core' contractTestCompile group: 'org.springframework.security', name: 'spring-security-oauth2-jose' - contractTestCompile group: 'com.microsoft.azure', name: 'applicationinsights-core', version: '2.6.1' + contractTestCompile group: 'com.microsoft.azure', name: 'applicationinsights-core', version: '2.6.4' contractTestCompile group: 'javax.inject', name: 'javax.inject', version: '1' - contractTestCompile group: 'com.github.hmcts', name: 'idam-java-client', version: '2.0.1' + contractTestCompile group: 'com.github.hmcts', name: 'idam-java-client', version: '2.1.1' contractTestCompile group: 'com.hazelcast', name: 'hazelcast', version: hazelcastVersion contractTestCompile group: 'com.hazelcast', name: 'hazelcast-spring', version: hazelcastVersion contractTestCompile('org.springframework.boot:spring-boot-starter-hateoas') @@ -299,11 +299,11 @@ dependencies { exclude group: 'org.apache.tomcat', module: 'tomcat-jdbc' } contractTestCompile("org.springframework.boot:spring-boot-starter-data-jpa") - contractTestCompile group: 'org.apache.commons', name: 'commons-jexl3', version: '3.1' - contractTestCompile(group: 'org.elasticsearch', name: 'elasticsearch', version: '7.16.2') { + contractTestCompile group: 'org.apache.commons', name: 'commons-jexl3', version: '3.3' + contractTestCompile(group: 'org.elasticsearch', name: 'elasticsearch', version: '7.17.11') { exclude group: 'org.apache.logging.log4j', module: 'log4j-api' } - contractTestCompile 'com.github.hmcts:ccd-case-document-am-client:1.7.1' + contractTestCompile 'com.github.hmcts:ccd-case-document-am-client:1.59' aatCompile group: 'commons-lang', name: 'commons-lang', version: '2.6' } @@ -316,9 +316,9 @@ dependencyManagement { dependencies { // Versions prior to 30.0 vulnerable to CVE-2020-8908 - dependency 'com.google.guava:guava:30.1-jre' + dependency 'com.google.guava:guava:30.1.1-jre' - dependencySet(group: 'org.apache.tomcat.embed', version: '9.0.73') { + dependencySet(group: 'org.apache.tomcat.embed', version: '9.0.78') { entry 'tomcat-embed-core' entry 'tomcat-embed-el' entry 'tomcat-embed-websocket' @@ -329,14 +329,14 @@ dependencyManagement { } // Required for Embedded ES with Java 11 - dependency 'org.rauschig:jarchivelib:1.0.0' + dependency 'org.rauschig:jarchivelib:1.2.0' // Remove once BEFTA rest-assured is updated - dependencySet(group: 'io.rest-assured', version: '4.3.0') { + dependencySet(group: 'io.rest-assured', version: '4.5.1') { entry 'json-path' entry 'xml-path' } - dependencySet(group: 'org.codehaus.groovy', version: '3.0.2') { + dependencySet(group: 'org.codehaus.groovy', version: '3.0.18') { entry 'groovy' entry 'groovy-xml' entry 'groovy-json' diff --git a/charts/ccd-data-store-api/Chart.yaml b/charts/ccd-data-store-api/Chart.yaml index 453ecfd3a30..9a96b1ede22 100644 --- a/charts/ccd-data-store-api/Chart.yaml +++ b/charts/ccd-data-store-api/Chart.yaml @@ -2,13 +2,13 @@ description: Helm chart for the HMCTS CCD Data Store name: ccd-data-store-api apiVersion: v2 home: https://github.com/hmcts/ccd-data-store-api -version: 2.0.23 +version: 2.0.24 maintainers: - name: HMCTS CCD Dev Team email: ccd-devops@HMCTS.NET dependencies: - name: java - version: 4.0.13 + version: 4.1.5 repository: 'https://hmctspublic.azurecr.io/helm/v1/repo/' - name: elasticsearch version: 7.17.3 diff --git a/gradle/wrapper/gradle-wrapper.jar b/gradle/wrapper/gradle-wrapper.jar index 41d9927a4d4..e708b1c023e 100644 Binary files a/gradle/wrapper/gradle-wrapper.jar and b/gradle/wrapper/gradle-wrapper.jar differ diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties index 442d9132ea3..53b9e3802be 100644 --- a/gradle/wrapper/gradle-wrapper.properties +++ b/gradle/wrapper/gradle-wrapper.properties @@ -1,5 +1,5 @@ distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists -distributionUrl=https\://services.gradle.org/distributions/gradle-6.8.3-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-6.9.4-bin.zip zipStoreBase=GRADLE_USER_HOME zipStorePath=wrapper/dists diff --git a/infrastructure/.terraform-version b/infrastructure/.terraform-version index d4c4950a37c..8af85beb515 100644 --- a/infrastructure/.terraform-version +++ b/infrastructure/.terraform-version @@ -1 +1 @@ -1.3.9 +1.5.3