From 697ba2900ffd37efcb2b5892055c6c5df273ef04 Mon Sep 17 00:00:00 2001 From: smirnovaae Date: Tue, 20 Aug 2024 09:58:07 -0700 Subject: [PATCH] AB2D-6270 Ab2d,libs -Analyze level of effort and address critical Snyk security vulnerabilities --- attribution-data-file-share/build.gradle | 4 ++-- coverage-counts/build.gradle | 12 +++++------- database-management/build.gradle | 10 ++++------ lambda-test-utils/build.gradle | 5 ++--- metrics-lambda/build.gradle | 2 +- optout/build.gradle | 4 ++-- retrieve-hpms-counts/build.gradle | 2 +- 7 files changed, 17 insertions(+), 22 deletions(-) diff --git a/attribution-data-file-share/build.gradle b/attribution-data-file-share/build.gradle index 3f600c5..28d6aed 100644 --- a/attribution-data-file-share/build.gradle +++ b/attribution-data-file-share/build.gradle @@ -12,10 +12,10 @@ repositories { dependencies { implementation 'com.amazonaws:aws-lambda-java-core:1.2.2' - implementation 'com.amazonaws:aws-java-sdk-s3:1.12.529' + implementation 'com.amazonaws:aws-java-sdk-s3:1.12.769' implementation 'software.amazon.awssdk:s3-transfer-manager:2.25.7' implementation 'software.amazon.awssdk.crt:aws-crt:0.29.11' - implementation 'org.postgresql:postgresql:42.7.2' + implementation 'org.postgresql:postgresql:42.7.3' implementation 'software.amazon.awssdk:ssm:2.25.7' implementation 'software.amazon.awssdk:sts:2.25.6' implementation project(path: ':lambda-lib') diff --git a/coverage-counts/build.gradle b/coverage-counts/build.gradle index 0851891..b182aa0 100644 --- a/coverage-counts/build.gradle +++ b/coverage-counts/build.gradle @@ -29,7 +29,7 @@ dependencies { implementation 'com.amazonaws:aws-lambda-java-core:1.2.2' implementation 'com.amazonaws:aws-lambda-java-events:3.11.0' - implementation 'com.amazonaws:aws-java-sdk-sqs:1.12.382' + implementation 'com.amazonaws:aws-java-sdk-sqs:1.12.769' implementation 'com.fasterxml.jackson.datatype:jackson-datatype-joda:2.14.0' implementation 'com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.14.0' implementation 'com.fasterxml.jackson.module:jackson-module-parameter-names:2.14.1' @@ -38,9 +38,8 @@ dependencies { compileOnly 'org.projectlombok:lombok:1.18.24' implementation 'org.slf4j:slf4j-api:2.0.5' implementation project(':database-management') - implementation 'org.liquibase:liquibase-core:4.18.0' - implementation 'org.liquibase:liquibase-core:4.18.0' - implementation 'org.postgresql:postgresql:42.5.1' + implementation 'org.liquibase:liquibase-core:4.29.1' + implementation 'org.postgresql:postgresql:42.7.3' implementation('gov.cms.ab2d:ab2d-sns-client:0.0.1'){ // Gradle is including these transient dependencies in the zip making it huge exclude group: 'org.springframework' @@ -64,9 +63,8 @@ dependencies { testImplementation 'org.junit.platform:junit-platform-commons:1.9.2' testImplementation 'org.testcontainers:junit-jupiter:1.17.6' testImplementation "org.testcontainers:postgresql:1.17.6" - testImplementation 'org.liquibase:liquibase-core:4.18.0' - testImplementation 'org.liquibase:liquibase-core:4.18.0' - testImplementation 'org.postgresql:postgresql:42.5.1' + testImplementation 'org.liquibase:liquibase-core:4.29.1' + testImplementation 'org.postgresql:postgresql:42.7.3' testImplementation project(':database-management') testImplementation project(':lambda-test-utils') diff --git a/database-management/build.gradle b/database-management/build.gradle index ea5d737..2cb4626 100644 --- a/database-management/build.gradle +++ b/database-management/build.gradle @@ -11,16 +11,14 @@ repositories { } dependencies { - implementation 'org.liquibase:liquibase-core:4.18.0' - implementation 'org.liquibase:liquibase-core:4.18.0' - implementation 'org.postgresql:postgresql:42.5.1' + implementation 'org.liquibase:liquibase-core:4.29.1' + implementation 'org.postgresql:postgresql:42.7.3' implementation 'com.amazonaws:aws-lambda-java-core:1.2.2' implementation 'com.amazonaws:aws-lambda-java-events:3.11.0' annotationProcessor 'org.projectlombok:lombok:1.18.24' compileOnly 'org.projectlombok:lombok:1.18.24' - testImplementation 'org.liquibase:liquibase-core:4.18.0' - testImplementation 'org.liquibase:liquibase-core:4.18.0' - testImplementation 'org.postgresql:postgresql:42.5.1' + testImplementation 'org.liquibase:liquibase-core:4.29.1' + testImplementation 'org.postgresql:postgresql:42.7.3' testImplementation project(':lambda-test-utils') testImplementation 'org.junit.jupiter:junit-jupiter-api:5.9.2' testImplementation 'org.junit.platform:junit-platform-commons:1.9.2' diff --git a/lambda-test-utils/build.gradle b/lambda-test-utils/build.gradle index 10c00e0..14860da 100644 --- a/lambda-test-utils/build.gradle +++ b/lambda-test-utils/build.gradle @@ -10,11 +10,10 @@ repositories { dependencies { implementation 'com.amazonaws:aws-lambda-java-core:1.2.2' - implementation 'org.postgresql:postgresql:42.5.1' + implementation 'org.postgresql:postgresql:42.7.3' implementation 'org.testcontainers:junit-jupiter:1.17.6' implementation "org.testcontainers:postgresql:1.17.6" - implementation 'org.liquibase:liquibase-core:4.18.0' - implementation 'org.liquibase:liquibase-core:4.18.0' + implementation 'org.liquibase:liquibase-core:4.29.1' implementation 'org.mockito:mockito-core:4.11.0' implementation 'org.junit.jupiter:junit-jupiter-api:5.9.1' implementation 'org.junit.platform:junit-platform-commons:1.9.2' diff --git a/metrics-lambda/build.gradle b/metrics-lambda/build.gradle index 81248a2..4d69f84 100644 --- a/metrics-lambda/build.gradle +++ b/metrics-lambda/build.gradle @@ -44,7 +44,7 @@ dependencies { } implementation 'com.amazonaws:aws-lambda-java-core:1.2.2' implementation 'com.amazonaws:aws-lambda-java-events:3.11.0' - implementation 'com.amazonaws:aws-java-sdk-sqs:1.12.342' + implementation 'com.amazonaws:aws-java-sdk-sqs:1.12.769' implementation 'com.fasterxml.jackson.datatype:jackson-datatype-joda:2.14.0' implementation 'com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.14.0' annotationProcessor 'org.projectlombok:lombok:1.18.24' diff --git a/optout/build.gradle b/optout/build.gradle index 6b8d620..3bac14e 100644 --- a/optout/build.gradle +++ b/optout/build.gradle @@ -13,8 +13,8 @@ repositories { dependencies { implementation 'com.amazonaws:aws-lambda-java-core:1.2.2' implementation 'com.amazonaws:aws-lambda-java-events:2.2.2' - implementation 'com.amazonaws:aws-java-sdk-s3:1.12.529' - implementation 'org.postgresql:postgresql:42.7.2' + implementation 'com.amazonaws:aws-java-sdk-s3:1.12.769' + implementation 'org.postgresql:postgresql:42.7.3' implementation 'software.amazon.awssdk:s3:2.25.6' implementation 'software.amazon.awssdk:ssm:2.25.7' implementation 'software.amazon.awssdk:sts:2.25.6' diff --git a/retrieve-hpms-counts/build.gradle b/retrieve-hpms-counts/build.gradle index f63455a..2fae2b5 100644 --- a/retrieve-hpms-counts/build.gradle +++ b/retrieve-hpms-counts/build.gradle @@ -37,7 +37,7 @@ dependencies { implementation project(':lambda-lib') implementation('gov.cms.ab2d:ab2d-contracts-client:1.1') implementation 'org.slf4j:slf4j-api:2.0.5' - implementation 'com.amazonaws:aws-java-sdk-sns:1.12.405' + implementation 'com.amazonaws:aws-java-sdk-sns:1.12.769' implementation('gov.cms.ab2d:ab2d-sns-client:0.0.1') { // Gradle is including these transient dependencies in the zip making it huge