Skip to content
This repository has been archived by the owner on May 16, 2023. It is now read-only.

Commit

Permalink
Update Dependencies (#123)
Browse files Browse the repository at this point in the history 
* Update Dependencies
Bump Version
Add OWASP Check

* Update Commons-IO Dependency
  • Loading branch information
@f11h
f11h authored Feb 23, 2022
1 parent f43fec3 commit c0a6155
Show file tree
Hide file tree
Showing 3 changed files with 84 additions and 23 deletions.
32 changes: 32 additions & 0 deletions .github/workflows/ci-dependency-check.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
name: Dependency Check (OWASP)
on:
schedule:
- cron: '48 02 * * 0' # Each Sunday at 02:48 UTC
pull_request:
types:
- opened
- synchronize
- reopened
workflow_dispatch:

jobs:
check:
runs-on: ubuntu-latest
steps:
- uses: actions/setup-java@v2
with:
java-version: 11
distribution: adopt
- uses: actions/checkout@v2
with:
fetch-depth: 0
- uses: actions/cache@v2
with:
path: |
~/.m2/repository
key: ${{ runner.os }}-${{ hashFiles('**/pom.xml') }}
- name: mvn
run: >-
mvn dependency-check:check
--batch-mode
--file ./pom.xml
7 changes: 7 additions & 0 deletions owasp/suppressions.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
<suppress>
<notes>Bug only affects not used features of embedded tomcat.</notes>
<cve>CVE-2022-23181</cve>
</suppress>
</suppressions>
68 changes: 45 additions & 23 deletions pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@

<groupId>app.coronawarn.testresult</groupId>
<artifactId>cwa-testresult-server</artifactId>
<version>1.4.3-SNAPSHOT</version>
<version>1.4.4-SNAPSHOT</version>
<packaging>jar</packaging>

<name>cwa-testresult-server</name>
Expand All @@ -31,16 +31,20 @@
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<!-- dependencies -->
<spring.boot.version>2.5.7</spring.boot.version>
<spring.cloud.version>2020.0.4</spring.cloud.version>
<spring.boot.version>2.6.3</spring.boot.version>
<spring.cloud.version>2021.0.1</spring.cloud.version>
<lombok.version>1.18.22</lombok.version>
<liquibase.version>3.9.0</liquibase.version>
<springdoc.version>1.3.9</springdoc.version>
<guava.version>30.0-jre</guava.version>
<liquibase.version>4.7.1</liquibase.version>
<springdoc.version>1.6.6</springdoc.version>
<guava.version>31.0.1-jre</guava.version>
<h2.version>2.1.210</h2.version>
<shedlock.version>4.33.0</shedlock.version>
<rx.version>1.3.8</rx.version>
<!-- plugins -->
<plugin.checkstyle.version>3.1.1</plugin.checkstyle.version>
<plugin.checkstyle.version>3.1.2</plugin.checkstyle.version>
<plugin.sonar.version>3.6.1.1688</plugin.sonar.version>
<plugin.jacoco.version>0.8.5</plugin.jacoco.version>
<plugin.jacoco.version>0.8.7</plugin.jacoco.version>
<owasp.version>6.5.3</owasp.version>
<!-- sonar -->
<sonar.coverage.exclusions>**/config/*,**/exception/*,**/entity/*,**/model/*</sonar.coverage.exclusions>
</properties>
Expand Down Expand Up @@ -106,6 +110,17 @@
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
<exclusions>
<exclusion>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-core</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-core</artifactId>
<version>5.6.5.Final</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
Expand All @@ -127,8 +142,17 @@
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
</exclusion>
<exclusion>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>2.11.0</version>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-sleuth</artifactId>
Expand Down Expand Up @@ -163,6 +187,7 @@
<groupId>com.h2database</groupId>
<artifactId>h2</artifactId>
<scope>runtime</scope>
<version>${h2.version}</version>
</dependency>
<dependency>
<groupId>org.postgresql</groupId>
Expand All @@ -182,30 +207,18 @@
<dependency>
<groupId>io.reactivex</groupId>
<artifactId>rxjava</artifactId>
<version>1.3.8</version>
<version>${rx.version}</version>
</dependency>
<dependency>
<groupId>net.javacrumbs.shedlock</groupId>
<artifactId>shedlock-spring</artifactId>
<version>4.25.0</version>
<version>${shedlock.version}</version>
</dependency>
<dependency>
<groupId>net.javacrumbs.shedlock</groupId>
<artifactId>shedlock-provider-jdbc-template</artifactId>
<version>4.25.0</version>
<version>${shedlock.version}</version>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-api</artifactId>
<version>2.17.0</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-to-slf4j</artifactId>
<version>2.17.0</version>
<scope>runtime</scope>
</dependency>
</dependencies>

<build>
Expand Down Expand Up @@ -234,6 +247,15 @@
</plugins>
</pluginManagement>
<plugins>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>${owasp.version}</version>
<configuration>
<suppressionFile>./owasp/suppressions.xml</suppressionFile>
<failBuildOnAnyVulnerability>true</failBuildOnAnyVulnerability>
</configuration>
</plugin>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
Expand Down

0 comments on commit c0a6155

Please sign in to comment.