From 96df74f74c3cdcc2089081a2b9b76709a888f1d0 Mon Sep 17 00:00:00 2001
From: Siarhei Hrabko <45555481+grabsefx@users.noreply.github.com>
Date: Tue, 21 Nov 2023 10:34:01 +0300
Subject: [PATCH] EPMRPP-87595 fix CVEs (#120)

---
 build.gradle                                  | 45 +++++++++++--------
 .../index/IndexerServiceClientImpl.java       |  1 -
 2 files changed, 26 insertions(+), 20 deletions(-)

diff --git a/build.gradle b/build.gradle
index 86ab766..f23d5b1 100644
--- a/build.gradle
+++ b/build.gradle
@@ -1,5 +1,5 @@
 plugins {
-    id 'org.springframework.boot' version '2.7.16'
+    id 'org.springframework.boot' version '2.7.17'
     id 'io.spring.dependency-management' version '1.0.11.RELEASE'
     id 'java'
 }
@@ -9,6 +9,8 @@ project.ext {
     releaseMode = project.hasProperty("releaseMode")
 }
 
+ext['junit-jupiter.version'] = '5.10.0'
+
 def scriptsUrl = 'https://raw.githubusercontent.com/reportportal/gradle-scripts/' + (releaseMode ? '5.10.0' : 'EPMRPP-85756')
 
 apply from: "$scriptsUrl/build-docker.gradle"
@@ -18,7 +20,10 @@ apply from: "$scriptsUrl/build-info.gradle"
 apply from: "$scriptsUrl/release-service.gradle"
 apply from: "$scriptsUrl/signing.gradle"
 
-sourceCompatibility = '21'
+tasks.withType(JavaCompile).configureEach {
+    sourceCompatibility = JavaVersion.VERSION_21
+    targetCompatibility = JavaVersion.VERSION_21
+}
 
 wrapper {
     gradleVersion = '8.4'
@@ -45,22 +50,22 @@ processResources {
 
 //https://nvd.nist.gov/vuln/detail/CVE-2020-9488 and https://nvd.nist.gov/vuln/detail/CVE-2021-44228 and https://nvd.nist.gov/vuln/detail/CVE-2021-45046 and
 //https://nvd.nist.gov/vuln/detail/CVE-2021-45105
-ext['log4j2.version'] = '2.17.1'
-ext['log4j-to-slf4j.version'] = '2.17.1'
+ext['log4j2.version'] = '2.21.1'
+ext['log4j-to-slf4j.version'] = '2.21.1'
 //https://nvd.nist.gov/vuln/detail/CVE-2022-26520
-ext['postgresql.version'] = '42.4.1'
-ext['snakeyaml.version'] = '1.31'
+ext['postgresql.version'] = '42.6.0'
+ext['snakeyaml.version'] = '1.33'
 //
 
 dependencies {
 
-    implementation group: 'org.json', name: 'json', version: '20220320'
+    implementation 'org.json:json:20231013'
 
-    implementation 'net.javacrumbs.shedlock:shedlock-spring:4.21.0'
-    implementation 'net.javacrumbs.shedlock:shedlock-provider-jdbc-template:4.21.0'
+    implementation 'net.javacrumbs.shedlock:shedlock-spring:4.46.0'
+    implementation 'net.javacrumbs.shedlock:shedlock-provider-jdbc-template:4.46.0'
 
     // https://mvnrepository.com/artifact/org.apache.commons/commons-lang3
-    implementation group: 'org.apache.commons', name: 'commons-lang3', version: '3.12.0'
+    implementation 'org.apache.commons:commons-lang3:3.12.0'
 
 
     implementation 'org.springframework.boot:spring-boot-starter-aop'
@@ -73,21 +78,23 @@ dependencies {
     implementation 'org.apache.jclouds.api:filesystem:2.5.0'
     //Needed for correct jcloud work
     implementation 'com.google.code.gson:gson:2.8.9'
-    implementation 'org.apache.httpcomponents:httpclient:4.5.13'
+    implementation 'org.apache.httpcomponents:httpclient:4.5.14'
 //    https://avd.aquasec.com/nvd/cve-2020-8908
-//    implementation 'com.google.guava:guava:30.0-jre';
+    implementation 'com.google.guava:guava:32.1.3-jre'
 
-    implementation "com.rabbitmq:http-client:2.1.0.RELEASE"
+    implementation "com.rabbitmq:http-client:5.2.0"
     //Fix CVE
-    implementation 'com.fasterxml.jackson.core:jackson-databind:2.13.4.2'
+    implementation 'com.fasterxml.jackson.core:jackson-databind:2.15.3'
 
     runtimeOnly 'org.postgresql:postgresql'
 
-    testImplementation 'org.junit.jupiter:junit-jupiter:5.5.2'
-    testImplementation 'org.junit.jupiter:junit-jupiter-api:5.5.2'
-    testImplementation 'org.junit.jupiter:junit-jupiter-params:5.5.2'
-    testImplementation 'org.junit.jupiter:junit-jupiter-engine:5.5.2'
-    testImplementation 'org.mockito:mockito-junit-jupiter:3.1.0'
+    testImplementation 'org.junit.jupiter:junit-jupiter'
+    testImplementation 'org.junit.jupiter:junit-jupiter-api'
+    testImplementation 'org.junit.jupiter:junit-jupiter-params'
+    testImplementation 'org.junit.jupiter:junit-jupiter-engine'
+    testImplementation 'org.mockito:mockito-core:5.7.0'
+    testImplementation 'net.bytebuddy:byte-buddy:1.14.5'
+    testImplementation 'net.bytebuddy:byte-buddy-agent:1.14.5'
 
 }
 
diff --git a/src/main/java/com/epam/reportportal/analyzer/index/IndexerServiceClientImpl.java b/src/main/java/com/epam/reportportal/analyzer/index/IndexerServiceClientImpl.java
index f3cbe89..37d2cc7 100644
--- a/src/main/java/com/epam/reportportal/analyzer/index/IndexerServiceClientImpl.java
+++ b/src/main/java/com/epam/reportportal/analyzer/index/IndexerServiceClientImpl.java
@@ -24,7 +24,6 @@
 import java.util.stream.Collectors;
 
 import static com.epam.reportportal.analyzer.AnalyzerUtils.DOES_SUPPORT_SUGGEST;
-import static com.epam.reportportal.analyzer.RabbitMqManagementClientTemplate.EXCHANGE_PRIORITY;
 
 /**
  * @author <a href="mailto:pavel_bortnik@epam.com">Pavel Bortnik</a>