P4ADEV-2136 fix CVE

pagopa · Feb 24, 2025 · 7cc160b · 7cc160b
1 parent 2291333
commit 7cc160b
Show file tree

Hide file tree

Showing 4 changed files with 80 additions and 80 deletions.
diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml
@@ -49,7 +49,7 @@ jobs:
           sarif_file: 'results.sarif'
       - name: CVE Description escaped extraction and print
         run: |
-          SCAN_RESULTS=$(jq -r 'try .runs[0].tool.driver.rules | map(.help.text) | join("\\n")' results.sarif)
+          SCAN_RESULTS=$(jq -r 'try .runs[0].tool.driver.rules | try map(.shortDescription.text) | join("\\n")' results.sarif)
           echo "CVE_CRITICAL=$(echo $SCAN_RESULTS | grep -o CRITICAL | wc -l)" >> $GITHUB_ENV
           echo "CVE_HIGH=$(echo $SCAN_RESULTS | grep -o HIGH | wc -l)" >> $GITHUB_ENV
           echo "CVE_MEDIUM=$(echo $SCAN_RESULTS | grep -o MEDIUM | wc -l)" >> $GITHUB_ENV

diff --git a/Dockerfile b/Dockerfile
@@ -3,11 +3,11 @@
 #
 # 🎯 Version Management
 #
-ARG CORRETTO_VERSION="21-alpine3.20"
-ARG CORRETTO_SHA="8b16834e7fabfc62d4c8faa22de5df97f99627f148058d52718054aaa4ea3674"
+ARG CORRETTO_VERSION="¸"
+ARG CORRETTO_SHA="1b53a05c5693b5452a0c41a39b1fa3b8e7d77aa37f325acc378b7928bc1d8253"
 ARG GRADLE_VERSION="8.10.2"
 ARG GRADLE_DOWNLOAD_SHA256="31c55713e40233a8303827ceb42ca48a47267a0ad4bab9177123121e71524c26"
-ARG APPINSIGHTS_VERSION="3.6.2"
+ARG APPINSIGHTS_VERSION="3.7.0"
 
 # 🌍 Timezone Configuration
 ARG TZ="Europe/Rome"

diff --git a/build.gradle.kts b/build.gradle.kts
@@ -1,6 +1,6 @@
 plugins {
 	java
-	id("org.springframework.boot") version "3.4.1"
+	id("org.springframework.boot") version "3.4.3"
 	id("io.spring.dependency-management") version "1.1.7"
 	jacoco
 	id("org.sonarqube") version "6.0.1.5171"
@@ -30,16 +30,16 @@ repositories {
 	mavenCentral()
 }
 
-val springDocOpenApiVersion = "2.7.0"
+val springDocOpenApiVersion = "2.8.5"
 val janinoVersion = "3.1.12"
 val openApiToolsVersion = "0.2.6"
-val javaJwtVersion = "4.4.0"
+val javaJwtVersion = "4.5.0"
 val jwksRsaVersion = "0.22.1"
-val nimbusJoseJwtVersion = "9.48"
+val nimbusJoseJwtVersion = "10.0.1"
 val jjwtVersion = "0.12.6"
-val wiremockVersion = "3.10.0"
-val bouncycastleVersion = "1.79"
-val micrometerVersion = "1.4.1"
+val wiremockVersion = "3.12.0"
+val bouncycastleVersion = "1.80"
+val micrometerVersion = "1.4.3"
 val caffeineVersion = "3.2.0"
 
 dependencies {

diff --git a/gradle.lockfile b/gradle.lockfile
@@ -2,9 +2,9 @@
 # Manual edits can break the build and are not advised.
 # This file is expected to be part of source control.
 aopalliance:aopalliance:1.0=compileClasspath
-ch.qos.logback:logback-classic:1.5.12=compileClasspath
-ch.qos.logback:logback-core:1.5.12=compileClasspath
-com.auth0:java-jwt:4.4.0=compileClasspath
+ch.qos.logback:logback-classic:1.5.16=compileClasspath
+ch.qos.logback:logback-core:1.5.16=compileClasspath
+com.auth0:java-jwt:4.5.0=compileClasspath
 com.auth0:jwks-rsa:0.22.1=compileClasspath
 com.fasterxml.jackson.core:jackson-annotations:2.18.2=compileClasspath
 com.fasterxml.jackson.core:jackson-core:2.18.2=compileClasspath
@@ -17,25 +17,25 @@ com.fasterxml.jackson:jackson-bom:2.18.2=compileClasspath
 com.fasterxml:classmate:1.7.0=compileClasspath
 com.github.ben-manes.caffeine:caffeine:3.2.0=compileClasspath
 com.google.errorprone:error_prone_annotations:2.36.0=compileClasspath
-com.nimbusds:nimbus-jose-jwt:9.48=compileClasspath
+com.nimbusds:nimbus-jose-jwt:10.0.1=compileClasspath
 io.jsonwebtoken:jjwt-api:0.12.6=compileClasspath
 io.jsonwebtoken:jjwt:0.12.6=compileClasspath
-io.lettuce:lettuce-core:6.4.1.RELEASE=compileClasspath
+io.lettuce:lettuce-core:6.4.2.RELEASE=compileClasspath
 io.micrometer:context-propagation:1.1.2=compileClasspath
-io.micrometer:micrometer-commons:1.14.2=compileClasspath
-io.micrometer:micrometer-core:1.14.2=compileClasspath
-io.micrometer:micrometer-jakarta9:1.14.2=compileClasspath
-io.micrometer:micrometer-observation:1.14.2=compileClasspath
-io.micrometer:micrometer-registry-prometheus:1.14.2=compileClasspath
-io.micrometer:micrometer-tracing-bridge-otel:1.4.1=compileClasspath
-io.micrometer:micrometer-tracing:1.4.1=compileClasspath
-io.netty:netty-buffer:4.1.116.Final=compileClasspath
-io.netty:netty-codec:4.1.116.Final=compileClasspath
-io.netty:netty-common:4.1.116.Final=compileClasspath
-io.netty:netty-handler:4.1.116.Final=compileClasspath
-io.netty:netty-resolver:4.1.116.Final=compileClasspath
-io.netty:netty-transport-native-unix-common:4.1.116.Final=compileClasspath
-io.netty:netty-transport:4.1.116.Final=compileClasspath
+io.micrometer:micrometer-commons:1.14.4=compileClasspath
+io.micrometer:micrometer-core:1.14.4=compileClasspath
+io.micrometer:micrometer-jakarta9:1.14.4=compileClasspath
+io.micrometer:micrometer-observation:1.14.4=compileClasspath
+io.micrometer:micrometer-registry-prometheus:1.14.4=compileClasspath
+io.micrometer:micrometer-tracing-bridge-otel:1.4.3=compileClasspath
+io.micrometer:micrometer-tracing:1.4.3=compileClasspath
+io.netty:netty-buffer:4.1.118.Final=compileClasspath
+io.netty:netty-codec:4.1.118.Final=compileClasspath
+io.netty:netty-common:4.1.118.Final=compileClasspath
+io.netty:netty-handler:4.1.118.Final=compileClasspath
+io.netty:netty-resolver:4.1.118.Final=compileClasspath
+io.netty:netty-transport-native-unix-common:4.1.118.Final=compileClasspath
+io.netty:netty-transport:4.1.118.Final=compileClasspath
 io.opentelemetry.instrumentation:opentelemetry-instrumentation-api-incubator:2.9.0-alpha=compileClasspath
 io.opentelemetry.instrumentation:opentelemetry-instrumentation-api:2.9.0=compileClasspath
 io.opentelemetry.semconv:opentelemetry-semconv:1.25.0-alpha=compileClasspath
@@ -47,25 +47,25 @@ io.opentelemetry:opentelemetry-sdk-logs:1.43.0=compileClasspath
 io.opentelemetry:opentelemetry-sdk-metrics:1.43.0=compileClasspath
 io.opentelemetry:opentelemetry-sdk-trace:1.43.0=compileClasspath
 io.opentelemetry:opentelemetry-sdk:1.43.0=compileClasspath
-io.projectreactor:reactor-core:3.7.1=compileClasspath
-io.prometheus:prometheus-metrics-config:1.3.5=compileClasspath
-io.prometheus:prometheus-metrics-core:1.3.5=compileClasspath
-io.prometheus:prometheus-metrics-model:1.3.5=compileClasspath
-io.prometheus:prometheus-metrics-tracer-common:1.3.5=compileClasspath
-io.swagger.core.v3:swagger-annotations-jakarta:2.2.25=compileClasspath
-io.swagger.core.v3:swagger-core-jakarta:2.2.25=compileClasspath
-io.swagger.core.v3:swagger-models-jakarta:2.2.25=compileClasspath
+io.projectreactor:reactor-core:3.7.3=compileClasspath
+io.prometheus:prometheus-metrics-config:1.3.6=compileClasspath
+io.prometheus:prometheus-metrics-core:1.3.6=compileClasspath
+io.prometheus:prometheus-metrics-model:1.3.6=compileClasspath
+io.prometheus:prometheus-metrics-tracer-common:1.3.6=compileClasspath
+io.swagger.core.v3:swagger-annotations-jakarta:2.2.28=compileClasspath
+io.swagger.core.v3:swagger-core-jakarta:2.2.28=compileClasspath
+io.swagger.core.v3:swagger-models-jakarta:2.2.28=compileClasspath
 jakarta.activation:jakarta.activation-api:2.1.3=compileClasspath
 jakarta.annotation:jakarta.annotation-api:2.1.1=compileClasspath
 jakarta.validation:jakarta.validation-api:3.0.2=compileClasspath
 jakarta.xml.bind:jakarta.xml.bind-api:4.0.2=compileClasspath
 org.apache.commons:commons-lang3:3.17.0=compileClasspath
 org.apache.logging.log4j:log4j-api:2.24.3=compileClasspath
 org.apache.logging.log4j:log4j-to-slf4j:2.24.3=compileClasspath
-org.apache.tomcat.embed:tomcat-embed-core:10.1.34=compileClasspath
-org.apache.tomcat.embed:tomcat-embed-el:10.1.34=compileClasspath
-org.apache.tomcat.embed:tomcat-embed-websocket:10.1.34=compileClasspath
-org.bouncycastle:bcprov-jdk18on:1.79=compileClasspath
+org.apache.tomcat.embed:tomcat-embed-core:10.1.36=compileClasspath
+org.apache.tomcat.embed:tomcat-embed-el:10.1.36=compileClasspath
+org.apache.tomcat.embed:tomcat-embed-websocket:10.1.36=compileClasspath
+org.bouncycastle:bcprov-jdk18on:1.80=compileClasspath
 org.codehaus.janino:commons-compiler:3.1.12=compileClasspath
 org.codehaus.janino:janino:3.1.12=compileClasspath
 org.hibernate.validator:hibernate-validator:8.0.2.Final=compileClasspath
@@ -79,44 +79,44 @@ org.projectlombok:lombok:1.18.36=compileClasspath
 org.reactivestreams:reactive-streams:1.0.4=compileClasspath
 org.slf4j:jul-to-slf4j:2.0.16=compileClasspath
 org.slf4j:slf4j-api:2.0.16=compileClasspath
-org.springdoc:springdoc-openapi-starter-common:2.7.0=compileClasspath
-org.springdoc:springdoc-openapi-starter-webmvc-api:2.7.0=compileClasspath
-org.springdoc:springdoc-openapi-starter-webmvc-ui:2.7.0=compileClasspath
-org.springframework.boot:spring-boot-actuator-autoconfigure:3.4.1=compileClasspath
-org.springframework.boot:spring-boot-actuator:3.4.1=compileClasspath
-org.springframework.boot:spring-boot-autoconfigure:3.4.1=compileClasspath
-org.springframework.boot:spring-boot-starter-actuator:3.4.1=compileClasspath
-org.springframework.boot:spring-boot-starter-cache:3.4.1=compileClasspath
-org.springframework.boot:spring-boot-starter-data-mongodb:3.4.1=compileClasspath
-org.springframework.boot:spring-boot-starter-data-redis:3.4.1=compileClasspath
-org.springframework.boot:spring-boot-starter-json:3.4.1=compileClasspath
-org.springframework.boot:spring-boot-starter-logging:3.4.1=compileClasspath
-org.springframework.boot:spring-boot-starter-security:3.4.1=compileClasspath
-org.springframework.boot:spring-boot-starter-tomcat:3.4.1=compileClasspath
-org.springframework.boot:spring-boot-starter-validation:3.4.1=compileClasspath
-org.springframework.boot:spring-boot-starter-web:3.4.1=compileClasspath
-org.springframework.boot:spring-boot-starter:3.4.1=compileClasspath
-org.springframework.boot:spring-boot:3.4.1=compileClasspath
-org.springframework.data:spring-data-commons:3.4.1=compileClasspath
-org.springframework.data:spring-data-keyvalue:3.4.1=compileClasspath
-org.springframework.data:spring-data-mongodb:4.4.1=compileClasspath
-org.springframework.data:spring-data-redis:3.4.1=compileClasspath
-org.springframework.security:spring-security-config:6.4.2=compileClasspath
-org.springframework.security:spring-security-core:6.4.2=compileClasspath
-org.springframework.security:spring-security-crypto:6.4.2=compileClasspath
-org.springframework.security:spring-security-web:6.4.2=compileClasspath
-org.springframework:spring-aop:6.2.1=compileClasspath
-org.springframework:spring-beans:6.2.1=compileClasspath
-org.springframework:spring-context-support:6.2.1=compileClasspath
-org.springframework:spring-context:6.2.1=compileClasspath
-org.springframework:spring-core:6.2.1=compileClasspath
-org.springframework:spring-expression:6.2.1=compileClasspath
-org.springframework:spring-jcl:6.2.1=compileClasspath
-org.springframework:spring-oxm:6.2.1=compileClasspath
-org.springframework:spring-tx:6.2.1=compileClasspath
-org.springframework:spring-web:6.2.1=compileClasspath
-org.springframework:spring-webmvc:6.2.1=compileClasspath
-org.webjars:swagger-ui:5.18.2=compileClasspath
+org.springdoc:springdoc-openapi-starter-common:2.8.5=compileClasspath
+org.springdoc:springdoc-openapi-starter-webmvc-api:2.8.5=compileClasspath
+org.springdoc:springdoc-openapi-starter-webmvc-ui:2.8.5=compileClasspath
+org.springframework.boot:spring-boot-actuator-autoconfigure:3.4.3=compileClasspath
+org.springframework.boot:spring-boot-actuator:3.4.3=compileClasspath
+org.springframework.boot:spring-boot-autoconfigure:3.4.3=compileClasspath
+org.springframework.boot:spring-boot-starter-actuator:3.4.3=compileClasspath
+org.springframework.boot:spring-boot-starter-cache:3.4.3=compileClasspath
+org.springframework.boot:spring-boot-starter-data-mongodb:3.4.3=compileClasspath
+org.springframework.boot:spring-boot-starter-data-redis:3.4.3=compileClasspath
+org.springframework.boot:spring-boot-starter-json:3.4.3=compileClasspath
+org.springframework.boot:spring-boot-starter-logging:3.4.3=compileClasspath
+org.springframework.boot:spring-boot-starter-security:3.4.3=compileClasspath
+org.springframework.boot:spring-boot-starter-tomcat:3.4.3=compileClasspath
+org.springframework.boot:spring-boot-starter-validation:3.4.3=compileClasspath
+org.springframework.boot:spring-boot-starter-web:3.4.3=compileClasspath
+org.springframework.boot:spring-boot-starter:3.4.3=compileClasspath
+org.springframework.boot:spring-boot:3.4.3=compileClasspath
+org.springframework.data:spring-data-commons:3.4.3=compileClasspath
+org.springframework.data:spring-data-keyvalue:3.4.3=compileClasspath
+org.springframework.data:spring-data-mongodb:4.4.3=compileClasspath
+org.springframework.data:spring-data-redis:3.4.3=compileClasspath
+org.springframework.security:spring-security-config:6.4.3=compileClasspath
+org.springframework.security:spring-security-core:6.4.3=compileClasspath
+org.springframework.security:spring-security-crypto:6.4.3=compileClasspath
+org.springframework.security:spring-security-web:6.4.3=compileClasspath
+org.springframework:spring-aop:6.2.3=compileClasspath
+org.springframework:spring-beans:6.2.3=compileClasspath
+org.springframework:spring-context-support:6.2.3=compileClasspath
+org.springframework:spring-context:6.2.3=compileClasspath
+org.springframework:spring-core:6.2.3=compileClasspath
+org.springframework:spring-expression:6.2.3=compileClasspath
+org.springframework:spring-jcl:6.2.3=compileClasspath
+org.springframework:spring-oxm:6.2.3=compileClasspath
+org.springframework:spring-tx:6.2.3=compileClasspath
+org.springframework:spring-web:6.2.3=compileClasspath
+org.springframework:spring-webmvc:6.2.3=compileClasspath
+org.webjars:swagger-ui:5.18.3=compileClasspath
 org.webjars:webjars-locator-lite:1.0.1=compileClasspath
 org.yaml:snakeyaml:2.3=compileClasspath
 empty=