From 942b7a047e9ad3f46fccdf79fe27f11097204191 Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Tue, 9 Sep 2025 12:00:44 +0200 Subject: [PATCH] dependency-version-upgrade to spring-boot-3.5.5 and others (#196) Co-authored-by: Michael Hoennig Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/196 --- build.gradle.kts | 30 ++++++++++++---------- etc/owasp-dependency-check-suppression.xml | 2 ++ src/main/resources/application.yml | 4 ++- 3 files changed, 22 insertions(+), 14 deletions(-) diff --git a/build.gradle.kts b/build.gradle.kts index fa472119..22c1b07a 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -27,7 +27,7 @@ import java.io.FileOutputStream plugins { java - id("org.springframework.boot") version "3.4.4" + id("org.springframework.boot") version "3.5.5" id("io.spring.dependency-management") version "1.1.7" // manages implicit dependencies id("io.openapiprocessor.openapi-processor") version "2023.2" // generates Controller-interface and resources from API-spec id("com.github.jk1.dependency-license-report") version "2.9" // checks dependency-license compatibility @@ -93,16 +93,16 @@ dependencies { implementation("org.springframework.boot:spring-boot-starter-actuator") implementation("org.springframework.boot:spring-boot-starter-security") implementation("org.springframework.boot:spring-boot-starter-oauth2-resource-server") - implementation("org.springdoc:springdoc-openapi-starter-webmvc-ui:2.8.6") - implementation("com.github.gavlyukovskiy:datasource-proxy-spring-boot-starter:1.11.0") + implementation("org.springdoc:springdoc-openapi-starter-webmvc-ui:2.8.11") + implementation("com.github.gavlyukovskiy:datasource-proxy-spring-boot-starter:1.12.0") implementation("org.postgresql:postgresql") implementation("org.liquibase:liquibase-core") - implementation("io.hypersistence:hypersistence-utils-hibernate-63:3.9.9") + implementation("io.hypersistence:hypersistence-utils-hibernate-63:3.10.3") implementation("com.fasterxml.jackson.datatype:jackson-datatype-jsr310") - implementation("org.openapitools:jackson-databind-nullable:0.2.6") - implementation("org.apache.commons:commons-text:1.13.0") + implementation("org.openapitools:jackson-databind-nullable:0.2.7") + implementation("org.apache.commons:commons-text:1.14.0") implementation("net.java.dev.jna:jna:5.17.0") - implementation("org.modelmapper:modelmapper:3.2.2") + implementation("org.modelmapper:modelmapper:3.2.4") implementation("org.iban4j:iban4j:3.2.11-RELEASE") implementation("org.reflections:reflections:0.10.2") @@ -119,12 +119,12 @@ dependencies { testImplementation("org.testcontainers:junit-jupiter") testImplementation("org.junit.jupiter:junit-jupiter") testImplementation("org.testcontainers:postgresql") - testImplementation("com.tngtech.archunit:archunit-junit5:1.4.0") + testImplementation("com.tngtech.archunit:archunit-junit5:1.4.1") testImplementation("io.rest-assured:spring-mock-mvc") testImplementation("org.hamcrest:hamcrest-core") - testImplementation("org.pitest:pitest-junit5-plugin:1.2.2") + testImplementation("org.pitest:pitest-junit5-plugin:1.2.3") testImplementation("org.junit.jupiter:junit-jupiter-api") - testImplementation("org.wiremock:wiremock-standalone:3.12.1") + testImplementation("org.wiremock:wiremock-standalone:3.13.1") } // Configure dependency management using the extension @@ -132,6 +132,10 @@ configure { imports { mavenBom("org.testcontainers:testcontainers-bom:$testcontainersVersion") } + dependencies { + // TODO.version: remove once the BOM does'nt use the vulnerable verison 3.17.0 anymore + dependency("org.apache.commons:commons-lang3:3.18.0") + } } // Java Compiler Options @@ -349,7 +353,7 @@ tasks.named("jacocoTestReport") { dependsOn(tasks.named("test")) // Depends on the main test task dependsOn(tasks.named("compileJava")) // Add explicit dependency on compileJava dependsOn(tasks.named("openApiGenerate")) // Add explicit dependency on openApiGenerate - + reports { xml.required.set(true) // Common requirement for CI/CD csv.required.set(false) @@ -545,8 +549,8 @@ configure { // pitestVersion.set("1.17.0") // If Property // junit5PluginVersion.set("1.1.0") // If Property // Otherwise, direct assignment might work if the extension allows it, or check plugin docs. - pitestVersion = "1.17.0" // Assuming direct assignment works - junit5PluginVersion = "1.1.0" // Assuming direct assignment works + pitestVersion = "1.20.2" // Assuming direct assignment works + junit5PluginVersion = "1.2.3" // Assuming direct assignment works threads.set(4) diff --git a/etc/owasp-dependency-check-suppression.xml b/etc/owasp-dependency-check-suppression.xml index a55b90e4..50eb7cf7 100644 --- a/etc/owasp-dependency-check-suppression.xml +++ b/etc/owasp-dependency-check-suppression.xml @@ -3,6 +3,8 @@ ^pkg:maven/org\.pitest/pitest\-command\-line@.*$ cpe:/a:line:line diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index 0b28d5d2..e2ab281f 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -75,7 +75,9 @@ metrics: # HOWTO set logging-levels for certain Java packages (trace, debug, info, warn, error) logging: level: - org.springframework.security: info +# org.springframework.security: info +# org.hibernate.SQL: DEBUG # Enable SQL query logging +# org.hibernate.orm.jdbc.bind: TRACE # Enable SQL parameter binding logging # org.springframework.web: DEBUG # org.springframework.web.method.annotation: DEBUG # org.springframework.validation: DEBUG