resolved merge conflicts

pom.xml

@@ -178,7 +178,7 @@
 			<dependency>
 				<groupId>org.slf4j</groupId>
 				<artifactId>slf4j-api</artifactId>
-				<version>1.7.3</version>
+				<version>2.0.16</version>
 			</dependency>
 
 			<dependency>
@@ -190,25 +190,25 @@
 			<dependency>
 				<groupId>com.fasterxml.jackson.core</groupId>
 				<artifactId>jackson-core</artifactId>
-				<version>2.15.0</version>
+				<version>2.17.3</version>
 			</dependency>
 
 			<dependency>
 				<groupId>com.fasterxml.jackson.core</groupId>
 				<artifactId>jackson-annotations</artifactId>
-				<version>2.15.0</version>
+				<version>2.17.3</version>
 			</dependency>
 
 			<dependency>
 				<groupId>com.fasterxml.jackson.core</groupId>
 				<artifactId>jackson-databind</artifactId>
-				<version>2.15.0</version>
+				<version>2.17.3</version>
 			</dependency>
 
 			<dependency>
 				<groupId>com.fasterxml.jackson.dataformat</groupId>
 				<artifactId>jackson-dataformat-xml</artifactId>
-				<version>2.15.0</version>
+				<version>2.17.3</version>
 			</dependency>
 
 			<dependency>
@@ -308,9 +308,9 @@
 			</dependency>
 
 			<dependency>
-				<groupId>uk.org.lidalia</groupId>
+				<groupId>com.github.valfirst</groupId>
 				<artifactId>slf4j-test</artifactId>
-				<version>1.2.0</version>
+				<version>3.0.1</version>
 			</dependency>
 
 			<dependency>
@@ -416,19 +416,19 @@
 			<dependency>
 				<groupId>ch.qos.logback</groupId>
 				<artifactId>logback-classic</artifactId>
-				<version>1.2.13</version>
+				<version>1.5.12</version>
 			</dependency>
 
 			<dependency>
 				<groupId>ch.qos.logback</groupId>
 				<artifactId>logback-core</artifactId>
-				<version>1.2.13</version>
+				<version>1.5.12</version>
 			</dependency>
 
 			<dependency>
 				<groupId>org.springdoc</groupId>
 				<artifactId>springdoc-openapi-ui</artifactId>
-				<version>1.6.6</version>
+				<version>1.7.0</version>
 			</dependency>
 
 			<dependency>
@@ -450,7 +450,7 @@
 			<dependency>
 				<groupId>org.springframework.security</groupId>
 				<artifactId>spring-security-web</artifactId>
-				<version>5.7.13</version>
+				<version>6.3.5</version>
 			</dependency>
 
 			<dependency>
@@ -462,7 +462,7 @@
 			<dependency>
 				<groupId>com.fasterxml.jackson.module</groupId>
 				<artifactId>jackson-module-jaxb-annotations</artifactId>
-				<version>2.15.0</version>
+				<version>2.17.3</version>
 			</dependency>
 
 			<dependency>

rest-api/pom.xml

@@ -18,7 +18,7 @@
 	<properties>
 		<requiredCodeCoverage>0.90</requiredCodeCoverage>
 
-		<tomcat.version>9.0.90</tomcat.version>
+		<tomcat.version>10.1.33</tomcat.version>
 		<sonar.coverage.jacoco.xmlReportPaths>${project.basedir}/../test-coverage/target/site/jacoco-aggregate/jacoco.xml</sonar.coverage.jacoco.xmlReportPaths>
 		<io.rest-assured.version>4.1.2</io.rest-assured.version>
 	</properties>
@@ -28,7 +28,7 @@
 			<plugin>
 				<groupId>org.springframework.boot</groupId>
 				<artifactId>spring-boot-maven-plugin</artifactId>
-				<version>2.7.0</version>
+				<version>3.3.6</version>
 				<executions>
 					<execution>
 						<goals>
@@ -61,7 +61,7 @@
 				<!-- Import dependency management from Spring Boot -->
 				<groupId>org.springframework.boot</groupId>
 				<artifactId>spring-boot-dependencies</artifactId>
-				<version>2.5.14</version>
+				<version>3.3.6</version>
 				<type>pom</type>
 				<scope>import</scope>
 			</dependency>
@@ -112,60 +112,25 @@
 			<artifactId>logstash-logback-encoder</artifactId>
 		</dependency>
 
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-security</artifactId>
+			<version>3.3.6</version>
+		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-web</artifactId>
-			<exclusions>
-				<exclusion>
-					<groupId>ch.qos.logback</groupId>
-					<artifactId>logback-classic</artifactId>
-				</exclusion>
-				<exclusion>
-					<groupId>org.apache.logging.log4j</groupId>
-					<artifactId>log4j-api</artifactId>
-				</exclusion>
-				<exclusion>
-					<groupId>org.apache.tomcat.embed</groupId>
-					<artifactId>tomcat-embed-core</artifactId>
-				</exclusion>
-				<exclusion>
-					<groupId>org.apache.tomcat.embed</groupId>
-					<artifactId>tomcat-embed-el</artifactId>
-				</exclusion>
-				<exclusion>
-					<groupId>org.apache.tomcat.embed</groupId>
-					<artifactId>tomcat-embed-websocket</artifactId>
-				</exclusion>
-				<exclusion>
-					<groupId>org.hibernate.validator</groupId>
-					<artifactId>hibernate-validator</artifactId>
-				</exclusion>
-				<exclusion>
-					<groupId>org.yaml</groupId>
-					<artifactId>snakeyaml</artifactId>
-				</exclusion>
-				<exclusion>
-					<groupId>org.springframework</groupId>
-					<artifactId>spring-web</artifactId>
-				</exclusion>
-				<exclusion>
-					<groupId>org.springframework</groupId>
-					<artifactId>spring-webmvc</artifactId>
-				</exclusion>
-			</exclusions>
-			<version>3.0.0</version>
+			<version>3.3.6</version>
 		</dependency>
-
 		<dependency>
 			<groupId>org.springframework</groupId>
 			<artifactId>spring-web</artifactId>
-			<version>5.3.26</version>
+			<version>6.1.15</version>
 		</dependency>
-
 		<dependency>
-			<groupId>org.springframework</groupId>
-			<artifactId>spring-webmvc</artifactId>
-			<version>5.3.26</version>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-config</artifactId>
+			<version>6.3.5</version>
 		</dependency>
 
 		<dependency>
@@ -174,44 +139,6 @@
 			<version>2.0</version>
 		</dependency>
 
-		<dependency>
-			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-starter-tomcat</artifactId>
-			<scope>provided</scope>
-			<exclusions>
-				<exclusion>
-					<groupId>org.apache.tomcat.embed</groupId>
-					<artifactId>tomcat-embed-core</artifactId>
-				</exclusion>
-				<exclusion>
-					<groupId>org.apache.tomcat.embed</groupId>
-					<artifactId>tomcat-embed-el</artifactId>
-				</exclusion>
-				<exclusion>
-					<groupId>org.apache.tomcat.embed</groupId>
-					<artifactId>tomcat-embed-websocket</artifactId>
-				</exclusion>
-			</exclusions>
-		</dependency>
-
-		<dependency>
-			<groupId>org.apache.tomcat.embed</groupId>
-			<artifactId>tomcat-embed-core</artifactId>
-			<version>${tomcat.version}</version>
-		</dependency>
-
-		<dependency>
-			<groupId>org.apache.tomcat.embed</groupId>
-			<artifactId>tomcat-embed-el</artifactId>
-			<version>${tomcat.version}</version>
-		</dependency>
-
-		<dependency>
-			<groupId>org.apache.tomcat.embed</groupId>
-			<artifactId>tomcat-embed-websocket</artifactId>
-			<version>${tomcat.version}</version>
-		</dependency>
-
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-devtools</artifactId>
@@ -244,6 +171,7 @@
 		<dependency>
 			<groupId>org.springframework</groupId>
 			<artifactId>spring-test</artifactId>
+			<version>6.1.15</version>
 			<scope>test</scope>
 			<exclusions>
 				<exclusion>
@@ -268,7 +196,7 @@
 		<dependency>
 			<groupId>org.springframework.security</groupId>
 			<artifactId>spring-security-core</artifactId>
-			<version>5.6.9</version>
+			<version>6.3.5</version>
 			<exclusions>
 				<exclusion>
 					<groupId>org.springframework</groupId>
@@ -280,7 +208,7 @@
 		<dependency>
 			<groupId>org.springframework</groupId>
 			<artifactId>spring-beans</artifactId>
-			<version>5.3.20</version>
+			<version>6.1.15</version>
 		</dependency>
 
 		<dependency>
@@ -295,12 +223,6 @@
 			</exclusions>
 		</dependency>
 
-		<dependency>
-			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-starter-security</artifactId>
-			<version>3.1.11</version>
-		</dependency>
-
 		<dependency>
 			<groupId>org.springframework.security</groupId>
 			<artifactId>spring-security-jwt</artifactId>
@@ -390,6 +312,7 @@
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-test</artifactId>
+			<version>3.3.6</version>
 			<scope>test</scope>
 			<exclusions>
 				<exclusion>

rest-api/src/main/java/gov/cms/qpp/conversion/api/config/SecurityConfig.java

@@ -3,11 +3,13 @@
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
+import org.springframework.web.bind.annotation.CrossOrigin;
 
 import gov.cms.qpp.conversion.api.security.JwtAuthorizationFilter;
 
@@ -18,37 +20,33 @@
  */
 @Configuration
 @EnableWebSecurity
-public class SecurityConfig extends WebSecurityConfigurerAdapter {
+@CrossOrigin(origins="*")
+@EnableMethodSecurity(securedEnabled = true, jsr250Enabled = true)
+public class SecurityConfig {
 
-	private static final String PCF_WILDCARD = "/pcf/**";
+    private static final String PCF_WILDCARD = "/pcf/**";
 
-	@Value("${ORG_NAME:" + JwtAuthorizationFilter.DEFAULT_ORG_NAME + "}")
+    @Value("${ORG_NAME:" + JwtAuthorizationFilter.DEFAULT_ORG_NAME + "}")
 	protected String orgName;
 
 	@Value("${RTI_ORG_NAME:" + JwtAuthorizationFilter.DEFAULT_RTI_ORG + "}")
 	protected String rtiOrgName;
 
-	/**
-	 * Configures the path to be authorized by the JWT token
-	 *
-	 * @param http Object that holds configuration
-	 * @throws Exception check for any Exception that may occur
-	 */
-	@Override
-	protected void configure(HttpSecurity http) throws Exception {
-		http.requestMatchers().antMatchers(PCF_WILDCARD)
-			.and()
-			.authorizeRequests()
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        http.securityMatcher(PCF_WILDCARD)
+            .authorizeRequests()
 			.anyRequest().authenticated()
 			.and()
-			.addFilter(new JwtAuthorizationFilter(authenticationManager(), Set.of(orgName, rtiOrgName)))
-			.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
-			.and().cors()
-			.and().csrf().disable()
+            .csrf(csrf -> csrf.disable())
+            .addFilterAt(new JwtAuthorizationFilter(Set.of(orgName, rtiOrgName)), BasicAuthenticationFilter.class)
+            .sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
 			.headers(headers -> headers
 				.contentSecurityPolicy(csp -> csp
 					.policyDirectives("script-src 'self'")
 				)
-			);
-	}
+            );
+
+        return http.build();
+    }
 }

rest-api/src/main/java/gov/cms/qpp/conversion/api/logging/AttachmentHashPartConverter.java

@@ -1,7 +1,7 @@
 package gov.cms.qpp.conversion.api.logging;
 
-import javax.servlet.ServletException;
-import javax.servlet.http.Part;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.Part;
 
 import java.io.IOException;
 import java.util.Collection;