Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[#863] Placed Dependencies and Dependency Versions In TOML file #885

Open
wants to merge 28 commits into
base: main
Choose a base branch
from
Open

[#863] Placed Dependencies and Dependency Versions In TOML file #885

wants to merge 28 commits into from

Conversation

ThatSilentCoder
Copy link
Collaborator

@ThatSilentCoder ThatSilentCoder commented Nov 22, 2024
edited
Loading

Description

Test Instructions:

  1. Run the ./gradlew clean --refresh-dependencies build command and verify that not only does this command pull all of the new dependencies but it also builds the entire application without any issues.
  2. Another way to confirm that these changes are good is by building an RPM and installing then running the HIRS-ACA service (building the RPM requires building and assembling all the artifacts and running the ACA service locally).

Summary Of Updates:

  • Upgraded Gradle from version 8.3 to version 8.11.1.
  • Moved repetitive tasks to the root build.gradle file.
  • Upgraded spring-framework-boot plugin from version 3.0.6 to version 3.0.13.
  • Upgraded spring-dependency-management plugin from version 1.1.0 to version 1.1.7.
  • Upgraded ospackage plugin from version 11.4.0 to version 11.10.0.
  • Upgraded spotbugs plugin from version 6.0.4 to version 6.0.13.
  • Upgraded gradle-jaxb plugin from version 5.1.0 to version 7.0.1.
  • Deleted unused dependencies and/or replaced dependencies that were already included in a bigger dependency (this was to ensure that we do not have any dependency mismatches).
  • Placed all dependencies and dependencies versions in a toml file. Click on the following link for more details on Version Cataloguing: Medium Article on Version Catalog and see the table below to see all the changes:

Dependencies Changes:

Name Old Version New Version Notes
org.apache.httpcomponents:httpclient - 4.5.14 Replacing transitive dependency in PCI dependency
org.bouncycastle:bcmail-jdk18on 1.77 1.79
commons-codec:commons-codec 1.15 1.17.1
commons-io:commons-io 2.11.0 2.18.0
org.apache.commons:commons-lang3 3.13.0 3.17.0
com.google.code.gson:gson 2.10.1 2.11.0
org.glassfish:jakarta.json 2.0.1
org.glassfish.jaxb:jaxb-runtime 4.0.5
com.google.guava:guava 33.3.1-jre
com.fasterxml.jackson.core:jackson-core 2.18.2
com.fasterxml.jackson.core:jackson-databind 2.18.2
jakarta.persistence:jakarta.persistence-api
org.glassfish.web:jakarta.servlet.jsp.jstl
jakarta.xml.bind:jakarta.xml.bind-api
org.jcommander:jcommander
org.projectlombok:lombok
org.mariadb.jdbc:mariadb-java-client
com.eclipsesource.minimal-json:minimal-json
com.github.marandus:pci-ids
com.google.protobuf:protobuf-java
org.slf4j:slf4j-simple
org.springframework.boot:spring-boot-starter-validation
org.springframework.boot:spring-boot-starter-web
org.springframework:spring-webmvc
org.springframework.retry:spring-retry
org.apache.tomcat.embed:tomcat-embed-jasper
org.testng:testn
org.hsqldb:hsqldb
org.springframework.boot:spring-boot-starter-test
com.github.spotbugs:spotbugs-annotations

Issues this PR addresses:

Closes #863

@ThatSilentCoder
issue_863: Successfully moved all the dependencies to toml file and c…
2162478 
…urrently replacing dependencies listed in the build.gradle file with the ones referenced in the toml file
@ThatSilentCoder
issue_863: finished updating dependency versions. Ready for PR
3307cdd
@ThatSilentCoder ThatSilentCoder linked an issue Nov 22, 2024 that may be closed by this pull request
Place Dependencies in a Version Catalog file #863
Open
@ThatSilentCoder
issue_863: downgraded versions since there was an issue with the depe…
ce78c75 
…ndencies versions and the ci/cd pipeline in git. will update each depedency slowly to ensure that upgrades are down correctly.
@ThatSilentCoder
issue_863: upgrading this slowly but surely
548c203
@ThatSilentCoder
issue_863: upgrading this slowly but surely again. testing to see if …
d831d02 
…github's ci/cd is happy still with these set of changes.
@ThatSilentCoder
issue_863: upgrading this slowly but surely again. testing to see if …
fea5960 
…github's ci/cd is happy still with these set of changes (again)
@ThatSilentCoder
issue_863: upgrading this slowly but surely again. testing to see if …
3c0b2cb 
…github's ci/cd is happy still with these set of changes (again) partIII
@ThatSilentCoder
issue_863: Part IV of upgrading this slowly to see if github's ci/cd …
3698ffc 
…is happy still with these set of changes (again)
@ThatSilentCoder
issue_863: Part V of upgrading this slowly to see if github's ci/cd i…
e70cdbc 
…s happy still with these set of changes (again)
@ThatSilentCoder
issue_863: Part VI of updating dependencies slowly
cd7a7e1
@ThatSilentCoder
issue_863: Part VII of updating dependencies
7b0486f
@ThatSilentCoder
issue_863: Part 8 of updating dependencies
637ec53
@ThatSilentCoder
issue_863: Part 9 of updating dependencies
7cef3ac
@ThatSilentCoder
issue_863: Part 10 of updating dependencies
17375bc
@ThatSilentCoder
issue_863: Part 12 of updating dependencies
77a31fe
@ThatSilentCoder
issue_863: Part 13 of updating dependencies
8d62d85
@ThatSilentCoder
issue_863: Part 14 of updating dependencies
d396ace
@ThatSilentCoder
issue_863: Part 15 of updating dependencies
c8d53cd
@ThatSilentCoder
issue_863: Updating tomcat core.
8008c4d
@ThatSilentCoder
issue_863: removed some critical vulnerable dependencies
bc25d6a
@ThatSilentCoder
issue_863: updated spring boot version. second try at it.
4798b16
@ThatSilentCoder
issue_863: undid spring update. need to figure out how to smoothly tr…
e32a9b6 
…ansition to newer spring.
@ThatSilentCoder
issue_863: updated spring boot, hibernate, and spring retry. Removed …
a57cd09 
…an unused dependency.
@ThatSilentCoder
issue_863: removed unused dependencies and am currently resolving cri…
028a521 
…tical vulnerable dependendcies
@ThatSilentCoder
issue_863: reverted changes from last commit. let's see if that makes…
301689d 
… a difference
@ThatSilentCoder
issue_863: Updated gradle version, fixed more vulnerabilities, now fi…
1c39f8d 
…guring what to do with the remaining vulnerabilities.
@ThatSilentCoder
issue_863: Updated gradle plugins version, fixed more vulnerabilities…
3d795a5 
…, now figuring what to do with the remaining vulnerabilities.
@ThatSilentCoder ThatSilentCoder marked this pull request as ready for review December 19, 2024 13:34
@ThatSilentCoder
issue_863: Updated gradle plugins version again. Ready for PR. Vulner…
d470fd8 
…ability issues will be addressed in another PR. I've cut down vulnerabilities by quite a lot and I want to test the new OWASP plugin against the remaining vulnerabilities.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Place Dependencies in a Version Catalog file
1 participant
@ThatSilentCoder