diff --git a/.trivyignore b/.trivyignore index 1ac14484c..71746f63f 100644 --- a/.trivyignore +++ b/.trivyignore @@ -10,3 +10,6 @@ # Suppression for h2 2.1.214 password on command line vulnerability # can be suppressed as we only run h2 locally and not on build environments CVE-2022-45868 +# Suppression for Spring Framework path directory traversal as it only affects +# applications that use WebMvc.fn or WebFlux.fn +CVE-2024-38819 diff --git a/build.gradle.kts b/build.gradle.kts index 641f59fed..4f8f14593 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -1,5 +1,5 @@ plugins { - id("uk.gov.justice.hmpps.gradle-spring-boot") version "6.0.6" + id("uk.gov.justice.hmpps.gradle-spring-boot") version "6.0.7" kotlin("plugin.spring") version "2.0.20" kotlin("plugin.jpa") version "2.0.20" kotlin("plugin.lombok") version "2.0.20" @@ -30,14 +30,14 @@ dependencies { implementation("commons-codec:commons-codec:1.17.1") implementation("com.github.jsqlparser:jsqlparser:5.0") implementation("org.ehcache:ehcache:3.10.8") - implementation("com.zaxxer:HikariCP:5.1.0") + runtimeOnly("com.zaxxer:HikariCP") implementation("io.swagger:swagger-annotations:1.6.14") implementation("org.springdoc:springdoc-openapi-starter-webmvc-ui:2.6.0") implementation("org.apache.commons:commons-lang3:3.17.0") implementation("commons-io:commons-io:2.17.0") - implementation("com.google.guava:guava:33.3.0-jre") + implementation("com.google.guava:guava:33.3.1-jre") implementation("org.apache.commons:commons-text:1.12.0") implementation("com.oracle.database.jdbc:ojdbc10:19.24.0.0") implementation("org.hibernate.orm:hibernate-community-dialects") @@ -63,18 +63,18 @@ dependencies { testImplementation("com.tngtech.java:junit-dataprovider:1.13.1") testImplementation("net.javacrumbs.json-unit:json-unit-assertj:3.4.1") - testImplementation("net.serenity-bdd:serenity-core:4.2.1") - testImplementation("net.serenity-bdd:serenity-junit:4.2.1") - testImplementation("net.serenity-bdd:serenity-spring:4.2.1") - testImplementation("net.serenity-bdd:serenity-cucumber:4.2.1") + testImplementation("net.serenity-bdd:serenity-core:4.2.6") + testImplementation("net.serenity-bdd:serenity-junit:4.2.6") + testImplementation("net.serenity-bdd:serenity-spring:4.2.6") + testImplementation("net.serenity-bdd:serenity-cucumber:4.2.6") testImplementation("com.paulhammant:ngwebdriver:1.2") testImplementation("org.wiremock:wiremock:3.9.1") testImplementation("io.swagger.parser.v3:swagger-parser:2.1.22") { exclude(group = "io.swagger.core.v3") } - testImplementation("io.swagger.core.v3:swagger-core-jakarta:2.2.23") + testImplementation("io.swagger.core.v3:swagger-core-jakarta:2.2.25") testImplementation("commons-beanutils:commons-beanutils:1.9.4") - testImplementation("io.opentelemetry:opentelemetry-sdk-testing:1.40.0") + testImplementation("io.opentelemetry:opentelemetry-sdk-testing:1.43.0") testCompileOnly("org.projectlombok:lombok:1.18.34") } diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties index 9355b4155..df97d72b8 100644 --- a/gradle/wrapper/gradle-wrapper.properties +++ b/gradle/wrapper/gradle-wrapper.properties @@ -1,6 +1,6 @@ distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists -distributionUrl=https\://services.gradle.org/distributions/gradle-8.10-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-8.10.2-bin.zip networkTimeout=10000 validateDistributionUrl=true zipStoreBase=GRADLE_USER_HOME diff --git a/helm_deploy/prison-api/Chart.yaml b/helm_deploy/prison-api/Chart.yaml index 6e668b85f..0326b9795 100644 --- a/helm_deploy/prison-api/Chart.yaml +++ b/helm_deploy/prison-api/Chart.yaml @@ -9,5 +9,5 @@ dependencies: version: "3.6" repository: https://ministryofjustice.github.io/hmpps-helm-charts - name: generic-prometheus-alerts - version: "1.9" + version: "1.10" repository: https://ministryofjustice.github.io/hmpps-helm-charts