Upgrade spring packages to close security vulnerability (#6184)

* Upgrade spring packages to close security vulnerability * Correct bad dependency write.
CDCgov · Jul 20, 2023 · 717a296 · 717a296
1 parent b804ef6
commit 717a296
Show file tree

Hide file tree

Showing 2 changed files with 75 additions and 74 deletions.
diff --git a/backend/build.gradle b/backend/build.gradle
@@ -1,5 +1,5 @@
 plugins {
-    id 'org.springframework.boot' version '2.7.12'
+    id 'org.springframework.boot' version '2.7.13'
     id 'org.liquibase.gradle' version '2.0.4'
     id 'io.spring.dependency-management' version '1.0.15.RELEASE'
     id 'java'
@@ -41,8 +41,9 @@ dependencies {
     implementation 'org.springframework.cloud:spring-cloud-starter-openfeign'
     implementation 'org.springframework.cloud:spring-cloud-starter-loadbalancer'
 
-    // Security Pins (Sept 2022)
+    // Security Pins (July 2023)
     implementation 'org.yaml:snakeyaml:1.33'
+    implementation 'org.springframework.security:spring-security-config:5.7.10'
 
     // data layer dependencies
     implementation 'org.springframework.boot:spring-boot-starter-data-jpa'

diff --git a/backend/gradle.lockfile b/backend/gradle.lockfile
@@ -82,31 +82,31 @@ io.github.openfeign:feign-slf4j:11.8=compileClasspath,runtimeClasspath
 io.jsonwebtoken:jjwt-api:0.11.2=compileClasspath,runtimeClasspath
 io.jsonwebtoken:jjwt-impl:0.11.2=runtimeClasspath
 io.jsonwebtoken:jjwt-jackson:0.11.2=compileClasspath,runtimeClasspath
-io.netty:netty-buffer:4.1.92.Final=compileClasspath,runtimeClasspath
-io.netty:netty-codec-dns:4.1.92.Final=compileClasspath,runtimeClasspath
-io.netty:netty-codec-http2:4.1.92.Final=compileClasspath,runtimeClasspath
-io.netty:netty-codec-http:4.1.92.Final=compileClasspath,runtimeClasspath
-io.netty:netty-codec-socks:4.1.92.Final=compileClasspath,runtimeClasspath
-io.netty:netty-codec:4.1.92.Final=compileClasspath,runtimeClasspath
-io.netty:netty-common:4.1.92.Final=compileClasspath,runtimeClasspath
-io.netty:netty-handler-proxy:4.1.92.Final=compileClasspath,runtimeClasspath
-io.netty:netty-handler:4.1.92.Final=compileClasspath,runtimeClasspath
-io.netty:netty-resolver-dns-classes-macos:4.1.92.Final=compileClasspath,runtimeClasspath
-io.netty:netty-resolver-dns-native-macos:4.1.92.Final=compileClasspath,runtimeClasspath
-io.netty:netty-resolver-dns:4.1.92.Final=compileClasspath,runtimeClasspath
-io.netty:netty-resolver:4.1.92.Final=compileClasspath,runtimeClasspath
-io.netty:netty-tcnative-boringssl-static:2.0.60.Final=compileClasspath,runtimeClasspath
-io.netty:netty-tcnative-classes:2.0.60.Final=compileClasspath,runtimeClasspath
-io.netty:netty-transport-classes-epoll:4.1.92.Final=compileClasspath,runtimeClasspath
-io.netty:netty-transport-classes-kqueue:4.1.92.Final=compileClasspath,runtimeClasspath
-io.netty:netty-transport-native-epoll:4.1.92.Final=compileClasspath,runtimeClasspath
-io.netty:netty-transport-native-kqueue:4.1.92.Final=compileClasspath,runtimeClasspath
-io.netty:netty-transport-native-unix-common:4.1.92.Final=compileClasspath,runtimeClasspath
-io.netty:netty-transport:4.1.92.Final=compileClasspath,runtimeClasspath
+io.netty:netty-buffer:4.1.94.Final=compileClasspath,runtimeClasspath
+io.netty:netty-codec-dns:4.1.94.Final=compileClasspath,runtimeClasspath
+io.netty:netty-codec-http2:4.1.94.Final=compileClasspath,runtimeClasspath
+io.netty:netty-codec-http:4.1.94.Final=compileClasspath,runtimeClasspath
+io.netty:netty-codec-socks:4.1.94.Final=compileClasspath,runtimeClasspath
+io.netty:netty-codec:4.1.94.Final=compileClasspath,runtimeClasspath
+io.netty:netty-common:4.1.94.Final=compileClasspath,runtimeClasspath
+io.netty:netty-handler-proxy:4.1.94.Final=compileClasspath,runtimeClasspath
+io.netty:netty-handler:4.1.94.Final=compileClasspath,runtimeClasspath
+io.netty:netty-resolver-dns-classes-macos:4.1.94.Final=compileClasspath,runtimeClasspath
+io.netty:netty-resolver-dns-native-macos:4.1.94.Final=compileClasspath,runtimeClasspath
+io.netty:netty-resolver-dns:4.1.94.Final=compileClasspath,runtimeClasspath
+io.netty:netty-resolver:4.1.94.Final=compileClasspath,runtimeClasspath
+io.netty:netty-tcnative-boringssl-static:2.0.61.Final=compileClasspath,runtimeClasspath
+io.netty:netty-tcnative-classes:2.0.61.Final=compileClasspath,runtimeClasspath
+io.netty:netty-transport-classes-epoll:4.1.94.Final=compileClasspath,runtimeClasspath
+io.netty:netty-transport-classes-kqueue:4.1.94.Final=compileClasspath,runtimeClasspath
+io.netty:netty-transport-native-epoll:4.1.94.Final=compileClasspath,runtimeClasspath
+io.netty:netty-transport-native-kqueue:4.1.94.Final=compileClasspath,runtimeClasspath
+io.netty:netty-transport-native-unix-common:4.1.94.Final=compileClasspath,runtimeClasspath
+io.netty:netty-transport:4.1.94.Final=compileClasspath,runtimeClasspath
 io.projectreactor.addons:reactor-extra:3.4.10=compileClasspath,runtimeClasspath
-io.projectreactor.netty:reactor-netty-core:1.0.32=compileClasspath,runtimeClasspath
-io.projectreactor.netty:reactor-netty-http:1.0.32=compileClasspath,runtimeClasspath
-io.projectreactor:reactor-core:3.4.29=compileClasspath,runtimeClasspath
+io.projectreactor.netty:reactor-netty-core:1.0.33=compileClasspath,runtimeClasspath
+io.projectreactor.netty:reactor-netty-http:1.0.33=compileClasspath,runtimeClasspath
+io.projectreactor:reactor-core:3.4.30=compileClasspath,runtimeClasspath
 jakarta.activation:jakarta.activation-api:1.2.2=runtimeClasspath
 jakarta.annotation:jakarta.annotation-api:1.3.5=compileClasspath,runtimeClasspath
 jakarta.persistence:jakarta.persistence-api:2.2.3=compileClasspath,runtimeClasspath
@@ -131,9 +131,9 @@ org.apache.httpcomponents:httpcore:4.4.16=compileClasspath,runtimeClasspath
 org.apache.httpcomponents:httpmime:4.5.14=runtimeClasspath
 org.apache.logging.log4j:log4j-api:2.17.2=compileClasspath,runtimeClasspath
 org.apache.logging.log4j:log4j-to-slf4j:2.17.2=compileClasspath,runtimeClasspath
-org.apache.tomcat.embed:tomcat-embed-core:9.0.75=compileClasspath,runtimeClasspath
-org.apache.tomcat.embed:tomcat-embed-el:9.0.75=compileClasspath,runtimeClasspath
-org.apache.tomcat.embed:tomcat-embed-websocket:9.0.75=compileClasspath,runtimeClasspath
+org.apache.tomcat.embed:tomcat-embed-core:9.0.76=compileClasspath,runtimeClasspath
+org.apache.tomcat.embed:tomcat-embed-el:9.0.76=compileClasspath,runtimeClasspath
+org.apache.tomcat.embed:tomcat-embed-websocket:9.0.76=compileClasspath,runtimeClasspath
 org.aspectj:aspectjweaver:1.9.7=compileClasspath,runtimeClasspath
 org.attoparser:attoparser:2.0.5.RELEASE=compileClasspath,runtimeClasspath
 org.bouncycastle:bcpkix-jdk15on:1.70=compileClasspath,runtimeClasspath
@@ -157,64 +157,64 @@ org.json:json:20230227=compileClasspath,runtimeClasspath
 org.liquibase:liquibase-core:4.9.1=compileClasspath,runtimeClasspath
 org.ow2.asm:asm:9.3=compileClasspath,runtimeClasspath
 org.postgresql:postgresql:42.3.8=runtimeClasspath
-org.projectlombok:lombok:1.18.26=compileClasspath
+org.projectlombok:lombok:1.18.28=compileClasspath
 org.reactivestreams:reactive-streams:1.0.4=compileClasspath,runtimeClasspath
 org.slf4j:jcl-over-slf4j:1.7.36=compileClasspath,runtimeClasspath
 org.slf4j:jul-to-slf4j:1.7.36=compileClasspath,runtimeClasspath
 org.slf4j:slf4j-api:1.7.36=compileClasspath,runtimeClasspath
-org.springframework.boot:spring-boot-actuator-autoconfigure:2.7.12=compileClasspath,runtimeClasspath
-org.springframework.boot:spring-boot-actuator:2.7.12=compileClasspath,runtimeClasspath
-org.springframework.boot:spring-boot-autoconfigure:2.7.12=compileClasspath,runtimeClasspath
-org.springframework.boot:spring-boot-devtools:2.7.12=runtimeClasspath
-org.springframework.boot:spring-boot-starter-aop:2.7.12=compileClasspath,runtimeClasspath
-org.springframework.boot:spring-boot-starter-cache:2.7.12=compileClasspath,runtimeClasspath
-org.springframework.boot:spring-boot-starter-data-jpa:2.7.12=compileClasspath,runtimeClasspath
-org.springframework.boot:spring-boot-starter-graphql:2.7.12=compileClasspath,runtimeClasspath
-org.springframework.boot:spring-boot-starter-jdbc:2.7.12=compileClasspath,runtimeClasspath
-org.springframework.boot:spring-boot-starter-json:2.7.12=compileClasspath,runtimeClasspath
-org.springframework.boot:spring-boot-starter-logging:2.7.12=compileClasspath,runtimeClasspath
-org.springframework.boot:spring-boot-starter-mail:2.7.12=compileClasspath,runtimeClasspath
-org.springframework.boot:spring-boot-starter-security:2.7.12=compileClasspath,runtimeClasspath
-org.springframework.boot:spring-boot-starter-thymeleaf:2.7.12=compileClasspath,runtimeClasspath
-org.springframework.boot:spring-boot-starter-tomcat:2.7.12=compileClasspath,runtimeClasspath
-org.springframework.boot:spring-boot-starter-validation:2.7.12=compileClasspath,runtimeClasspath
-org.springframework.boot:spring-boot-starter-web:2.7.12=compileClasspath,runtimeClasspath
-org.springframework.boot:spring-boot-starter:2.7.12=compileClasspath,runtimeClasspath
-org.springframework.boot:spring-boot:2.7.12=compileClasspath,runtimeClasspath
+org.springframework.boot:spring-boot-actuator-autoconfigure:2.7.13=compileClasspath,runtimeClasspath
+org.springframework.boot:spring-boot-actuator:2.7.13=compileClasspath,runtimeClasspath
+org.springframework.boot:spring-boot-autoconfigure:2.7.13=compileClasspath,runtimeClasspath
+org.springframework.boot:spring-boot-devtools:2.7.13=runtimeClasspath
+org.springframework.boot:spring-boot-starter-aop:2.7.13=compileClasspath,runtimeClasspath
+org.springframework.boot:spring-boot-starter-cache:2.7.13=compileClasspath,runtimeClasspath
+org.springframework.boot:spring-boot-starter-data-jpa:2.7.13=compileClasspath,runtimeClasspath
+org.springframework.boot:spring-boot-starter-graphql:2.7.13=compileClasspath,runtimeClasspath
+org.springframework.boot:spring-boot-starter-jdbc:2.7.13=compileClasspath,runtimeClasspath
+org.springframework.boot:spring-boot-starter-json:2.7.13=compileClasspath,runtimeClasspath
+org.springframework.boot:spring-boot-starter-logging:2.7.13=compileClasspath,runtimeClasspath
+org.springframework.boot:spring-boot-starter-mail:2.7.13=compileClasspath,runtimeClasspath
+org.springframework.boot:spring-boot-starter-security:2.7.13=compileClasspath,runtimeClasspath
+org.springframework.boot:spring-boot-starter-thymeleaf:2.7.13=compileClasspath,runtimeClasspath
+org.springframework.boot:spring-boot-starter-tomcat:2.7.13=compileClasspath,runtimeClasspath
+org.springframework.boot:spring-boot-starter-validation:2.7.13=compileClasspath,runtimeClasspath
+org.springframework.boot:spring-boot-starter-web:2.7.13=compileClasspath,runtimeClasspath
+org.springframework.boot:spring-boot-starter:2.7.13=compileClasspath,runtimeClasspath
+org.springframework.boot:spring-boot:2.7.13=compileClasspath,runtimeClasspath
 org.springframework.cloud:spring-cloud-commons:3.1.3=compileClasspath,runtimeClasspath
 org.springframework.cloud:spring-cloud-context:3.1.3=compileClasspath,runtimeClasspath
 org.springframework.cloud:spring-cloud-loadbalancer:3.1.3=compileClasspath,runtimeClasspath
 org.springframework.cloud:spring-cloud-openfeign-core:3.1.3=compileClasspath,runtimeClasspath
 org.springframework.cloud:spring-cloud-starter-loadbalancer:3.1.3=compileClasspath,runtimeClasspath
 org.springframework.cloud:spring-cloud-starter-openfeign:3.1.3=compileClasspath,runtimeClasspath
 org.springframework.cloud:spring-cloud-starter:3.1.3=compileClasspath,runtimeClasspath
-org.springframework.data:spring-data-commons:2.7.12=compileClasspath,runtimeClasspath
-org.springframework.data:spring-data-jpa:2.7.12=compileClasspath,runtimeClasspath
+org.springframework.data:spring-data-commons:2.7.13=compileClasspath,runtimeClasspath
+org.springframework.data:spring-data-jpa:2.7.13=compileClasspath,runtimeClasspath
 org.springframework.graphql:spring-graphql:1.0.4=compileClasspath,runtimeClasspath
-org.springframework.security:spring-security-config:5.7.8=compileClasspath,runtimeClasspath
-org.springframework.security:spring-security-core:5.7.8=compileClasspath,runtimeClasspath
-org.springframework.security:spring-security-crypto:5.7.8=compileClasspath,runtimeClasspath
-org.springframework.security:spring-security-oauth2-client:5.7.8=compileClasspath,runtimeClasspath
-org.springframework.security:spring-security-oauth2-core:5.7.8=compileClasspath,runtimeClasspath
-org.springframework.security:spring-security-oauth2-jose:5.7.8=compileClasspath,runtimeClasspath
-org.springframework.security:spring-security-oauth2-resource-server:5.7.8=compileClasspath,runtimeClasspath
+org.springframework.security:spring-security-config:5.7.10=compileClasspath,runtimeClasspath
+org.springframework.security:spring-security-core:5.7.9=compileClasspath,runtimeClasspath
+org.springframework.security:spring-security-crypto:5.7.9=compileClasspath,runtimeClasspath
+org.springframework.security:spring-security-oauth2-client:5.7.9=compileClasspath,runtimeClasspath
+org.springframework.security:spring-security-oauth2-core:5.7.9=compileClasspath,runtimeClasspath
+org.springframework.security:spring-security-oauth2-jose:5.7.9=compileClasspath,runtimeClasspath
+org.springframework.security:spring-security-oauth2-resource-server:5.7.9=compileClasspath,runtimeClasspath
 org.springframework.security:spring-security-rsa:1.0.10.RELEASE=compileClasspath,runtimeClasspath
-org.springframework.security:spring-security-web:5.7.8=compileClasspath,runtimeClasspath
-org.springframework.session:spring-session-core:2.7.1=runtimeClasspath
-org.springframework.session:spring-session-jdbc:2.7.1=runtimeClasspath
-org.springframework:spring-aop:5.3.27=compileClasspath,runtimeClasspath
-org.springframework:spring-aspects:5.3.27=compileClasspath,runtimeClasspath
-org.springframework:spring-beans:5.3.27=compileClasspath,runtimeClasspath
-org.springframework:spring-context-support:5.3.27=compileClasspath,runtimeClasspath
-org.springframework:spring-context:5.3.27=compileClasspath,runtimeClasspath
-org.springframework:spring-core:5.3.27=compileClasspath,runtimeClasspath
-org.springframework:spring-expression:5.3.27=compileClasspath,runtimeClasspath
-org.springframework:spring-jcl:5.3.27=compileClasspath,runtimeClasspath
-org.springframework:spring-jdbc:5.3.27=compileClasspath,runtimeClasspath
-org.springframework:spring-orm:5.3.27=compileClasspath,runtimeClasspath
-org.springframework:spring-tx:5.3.27=compileClasspath,runtimeClasspath
-org.springframework:spring-web:5.3.27=compileClasspath,runtimeClasspath
-org.springframework:spring-webmvc:5.3.27=compileClasspath,runtimeClasspath
+org.springframework.security:spring-security-web:5.7.9=compileClasspath,runtimeClasspath
+org.springframework.session:spring-session-core:2.7.2=runtimeClasspath
+org.springframework.session:spring-session-jdbc:2.7.2=runtimeClasspath
+org.springframework:spring-aop:5.3.28=compileClasspath,runtimeClasspath
+org.springframework:spring-aspects:5.3.28=compileClasspath,runtimeClasspath
+org.springframework:spring-beans:5.3.28=compileClasspath,runtimeClasspath
+org.springframework:spring-context-support:5.3.28=compileClasspath,runtimeClasspath
+org.springframework:spring-context:5.3.28=compileClasspath,runtimeClasspath
+org.springframework:spring-core:5.3.28=compileClasspath,runtimeClasspath
+org.springframework:spring-expression:5.3.28=compileClasspath,runtimeClasspath
+org.springframework:spring-jcl:5.3.28=compileClasspath,runtimeClasspath
+org.springframework:spring-jdbc:5.3.28=compileClasspath,runtimeClasspath
+org.springframework:spring-orm:5.3.28=compileClasspath,runtimeClasspath
+org.springframework:spring-tx:5.3.28=compileClasspath,runtimeClasspath
+org.springframework:spring-web:5.3.28=compileClasspath,runtimeClasspath
+org.springframework:spring-webmvc:5.3.28=compileClasspath,runtimeClasspath
 org.thymeleaf.extras:thymeleaf-extras-java8time:3.0.4.RELEASE=compileClasspath,runtimeClasspath
 org.thymeleaf:thymeleaf-spring5:3.0.15.RELEASE=compileClasspath,runtimeClasspath
 org.thymeleaf:thymeleaf:3.0.15.RELEASE=compileClasspath,runtimeClasspath