hostsharing/hs.hsadmin.ng
6
0
Fork 0
Code Pull Requests 2 Activity

Version Upgrade to Spring Boot 3.1.7, JDK 21, Gradle 8.5, Postgres 15 etc. #5

Merged
hsh-michaelhoennig merged 28 commits from version-upgrade-spring-boot-3-2-1-etc into master 2024-01-05 13:40:50 +01:00
Conversation 0 Commits 28 Files Changed 52 +37 -2
3 changed files with 37 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 4c44f42b79 - Show all commits

13
build.gradle
View File

@ -50,8 +50,6 @@ ext {
set('testcontainersVersion', "1.17.3") set('testcontainersVersion', "1.17.3")
} }
// wrapper
dependencies { dependencies {
implementation 'org.springframework.boot:spring-boot-starter-data-jpa' implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
implementation 'org.springframework.boot:spring-boot-starter-data-rest' implementation 'org.springframework.boot:spring-boot-starter-data-rest'
@ -71,6 +69,17 @@ dependencies {
implementation 'org.iban4j:iban4j:3.2.7-RELEASE' implementation 'org.iban4j:iban4j:3.2.7-RELEASE'
implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.3.0' implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.3.0'
// fixes vulnerability CVE-2022-1471
// The dependency usually comes from Spring Boot, just in the wrong version.
// TODO: Remove this explicit dependency once we are on SpringBoot 3.2.x
// as well as the related exclude in settings.gradle
// and the dependency suppression in owasp-dependency-check-suppression.xml.
implementation('org.yaml:snakeyaml') {
version {
strictly('2.2')
}
}
compileOnly 'org.projectlombok:lombok' compileOnly 'org.projectlombok:lombok'
testCompileOnly 'org.projectlombok:lombok' testCompileOnly 'org.projectlombok:lombok'

9
etc/owasp-dependency-check-suppression.xml
View File

@ -49,4 +49,13 @@
<packageUrl regex="true">^pkg:maven/org\.pitest/pitest\-command\-line@.*$</packageUrl> <packageUrl regex="true">^pkg:maven/org\.pitest/pitest\-command\-line@.*$</packageUrl>
<cpe>cpe:/a:line:line</cpe> <cpe>cpe:/a:line:line</cpe>
</suppress> </suppress>
<suppress>
<notes><![CDATA[
We've explicitly bumped to 2.2, but the dependency checker does not seem to notice that.
hsh-michaelhoennig marked this conversation as resolved Outdated
hsh-timotheuspokorra commented 2024-01-05 09:22:22 +01:00
Outdated
Review
Copy Link

erwähne snakeyaml 1.3

erwähne snakeyaml 1.3
TODO: Remove this suppression once we are on SpringBoot 3.2,
as well as the explicit version bump and the transient dependency exclude.
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.yaml/snakeyaml@.*$</packageUrl>
<cve>CVE-2022-1471</cve>
</suppress>
</suppressions> </suppressions>

17
settings.gradle
View File

@ -7,4 +7,21 @@ pluginManagement {
} }
} }
dependencyResolutionManagement {
components {
all {
allVariants {
withDependencies {
removeAll {
// TODO: Remove this transient dependency exclude once we are on SpringBoot 3.2.x
// as well as the related explicit dependency in build.gradle
// and the dependency suppression in owasp-dependency-check-suppression.xml.
it.module in [ 'snakeyaml' ]
}
}
}
}
}
}
rootProject.name = 'hsadmin-ng' rootProject.name = 'hsadmin-ng'