Merge branch 'master' into feature/aws-china

build.gradle

@@ -40,7 +40,7 @@ buildscript {
   }
 
   dependencies {
-    classpath "org.owasp:dependency-check-gradle:5.2.4"
+    classpath "org.owasp:dependency-check-gradle:5.3.2"
     classpath "com.github.spotbugs:spotbugs-gradle-plugin:3.0.0"
     classpath 'com.netflix.spinnaker.gradle:spinnaker-dev-plugin:7.1.2'
     classpath "com.jfrog.bintray.gradle:gradle-bintray-plugin:1.8.4"

cerberus-api-tests/cerberus-api-tests.gradle

@@ -21,10 +21,15 @@ repositories {
   jcenter()
 }
 
+configurations.all {
+  resolutionStrategy {
+    force 'org.apache.ant:ant:1.10.8'
+  }
+}
 dependencies {
   compile project(':cerberus-core').sourceSets.test.output
-  compile group: 'org.testng', name: 'testng', version: '7.1.0'
-  compile 'junit:junit:4.12'
+  compile group: 'org.testng', name: 'testng', version: '7.3.0'
+  compile 'junit:junit:4.13'
   compile 'org.slf4j:slf4j-api:1.7.21'
   compile group: 'org.codehaus.groovy', name: 'groovy-all', version: '2.5.12'
   compile 'io.rest-assured:rest-assured:4.1.2'

cerberus-core/cerberus-core.gradle

@@ -39,3 +39,10 @@ dependencies {
 
   api group: 'com.google.guava', name: 'guava', version: '28.1-jre'
 }
+
+configurations.all {
+  resolutionStrategy {
+    force "org.jetbrains.kotlin:kotlin-stdlib-common:1.4.0-rc"
+    force "org.jetbrains.kotlin:kotlin-stdlib:1.4.0-rc"
+  }
+}

cerberus-dashboard/package.json

@@ -12,7 +12,8 @@
     "start": "react-scripts start",
     "build": "react-scripts build && rm -rf dist && mv build dist",
     "test": "react-scripts test --env=jsdom",
-    "logs": "multitail logs/*"
+    "logs": "multitail logs/*",
+    "preinstall": "npx npm-force-resolutions"
   },
   "author": "Justin Field <justin.field@nike.com>",
   "license": "Apache-2.0",
@@ -22,7 +23,7 @@
     "downloadjs": "1.4.7",
     "humps": "1.1.0",
     "loglevel": "1.4.1",
-    "node-sass": "^4.13.1",
+    "node-sass": "^4.14.1",
     "prop-types": "15.5.9",
     "react": "15.6.2",
     "react-addons-create-fragment": "15.6.2",
@@ -50,7 +51,7 @@
     "eslint-loader": "1.3.0",
     "eslint-plugin-react": "5.2.2",
     "estraverse-fb": "1.3.1",
-    "react-scripts": "^3.4.0",
+    "react-scripts": "^3.4.2",
     "redux-devtools": "3.3.1"
   },
   "browserslist": {
@@ -64,5 +65,14 @@
       "last 1 firefox version",
       "last 1 safari version"
     ]
+  },
+  "resolutions": {
+    "yargs-parser": "13.1.2",
+    "serialize-javascript": "4.0.0"
+  },
+  "comments:": {
+    "resolutions": {
+      "yargs-parser": "React scripts 3.4.1 pulls in yargs-parser 11.1.1 which is vulnerable, we are forcing to 13.1.2 to resolve this vulnerablity"
+    }
   }
 }

dependency-check-supressions.xml

@@ -83,4 +83,25 @@
         <packageUrl regex="true">^pkg:maven/org\.dom4j/dom4j@.*$</packageUrl>
         <cve>CVE-2020-10683</cve>
     </suppress>
+    <suppress>
+        <notes><![CDATA[
+            file name: websocket-extensions:0.1.4
+   ]]></notes>
+        <packageUrl regex="true">^pkg:npm/websocket\-extensions@.*$</packageUrl>
+        <vulnerabilityName>CVE-2020-7663</vulnerabilityName>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[
+   file name: kotlin-stdlib-1.3.72.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.jetbrains\.kotlin/kotlin\-stdlib@.*$</packageUrl>
+        <cve>CVE-2020-15824</cve>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[
+   file name: kotlin-stdlib-common-1.3.72.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.jetbrains\.kotlin/kotlin\-stdlib\-common@.*$</packageUrl>
+        <cve>CVE-2020-15824</cve>
+    </suppress>
 </suppressions>

gradle.properties

@@ -14,6 +14,6 @@
 # limitations under the License.
 #
 
-version=4.6.0
+version=4.6.2
 group=com.nike.cerberus
 springBootVersion=2.3.2.RELEASE