Merge pull request #5 from catenax-ng/spring-security-web-update

Spring security web update
catenax-ng · Apr 25, 2023 · 2840531 · 2840531
2 parents 4f6d5c3 + ead9e40
commit 2840531
Show file tree

Hide file tree

Showing 6 changed files with 27 additions and 15 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,6 +8,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 
 NA
 
+## [0.1.8] - 2023-04-24
+
+### Fixed
+- Fixed spring security web veracode security by upgrading its version to 6.0.3
+
 ## [0.1.7] - 2023-04-19
 
 ### Changed

diff --git a/DEPENDENCIES b/DEPENDENCIES
@@ -10,16 +10,16 @@ maven/mavencentral/com.fasterxml.jackson.module/jackson-module-parameter-names/2
 maven/mavencentral/com.fasterxml/classmate/1.5.1, Apache-2.0, approved, clearlydefined
 maven/mavencentral/com.jayway.jsonpath/json-path/2.7.0, Apache-2.0, approved, clearlydefined
 maven/mavencentral/com.vaadin.external.google/android-json/0.0.20131108.vaadin1, Apache-2.0, approved, CQ21310
-maven/mavencentral/io.github.classgraph/classgraph/4.8.138, MIT, approved, CQ22530
+maven/mavencentral/io.github.classgraph/classgraph/4.8.149, MIT, approved, CQ22530
 maven/mavencentral/io.github.openfeign.form/feign-form-spring/3.8.0, Apache-2.0, approved, clearlydefined
 maven/mavencentral/io.github.openfeign.form/feign-form/3.8.0, Apache-2.0, approved, clearlydefined
 maven/mavencentral/io.github.openfeign/feign-core/12.1, Apache-2.0, approved, clearlydefined
 maven/mavencentral/io.github.openfeign/feign-slf4j/12.1, Apache-2.0, approved, clearlydefined
 maven/mavencentral/io.micrometer/micrometer-commons/1.10.5, Apache-2.0 AND (Apache-2.0 AND MIT), approved, #7333
 maven/mavencentral/io.micrometer/micrometer-observation/1.10.5, Apache-2.0, approved, #7331
-maven/mavencentral/io.swagger.core.v3/swagger-annotations/2.1.12, Apache-2.0, approved, clearlydefined
-maven/mavencentral/io.swagger.core.v3/swagger-core/2.1.12, Apache-2.0, approved, clearlydefined
-maven/mavencentral/io.swagger.core.v3/swagger-models/2.1.12, Apache-2.0, approved, clearlydefined
+maven/mavencentral/io.swagger.core.v3/swagger-annotations-jakarta/2.2.8, Apache-2.0, approved, #5947
+maven/mavencentral/io.swagger.core.v3/swagger-core-jakarta/2.2.8, Apache-2.0, approved, #5929
+maven/mavencentral/io.swagger.core.v3/swagger-models-jakarta/2.2.8, Apache-2.0, approved, #5919
 maven/mavencentral/jakarta.activation/jakarta.activation-api/2.1.1, EPL-2.0 OR BSD-3-Clause OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jaf
 maven/mavencentral/jakarta.annotation/jakarta.annotation-api/2.1.1, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.ca
 maven/mavencentral/jakarta.validation/jakarta.validation-api/3.0.2, Apache-2.0, approved, clearlydefined
@@ -33,7 +33,7 @@ maven/mavencentral/org.apache.logging.log4j/log4j-api/2.19.0, Apache-2.0, approv
 maven/mavencentral/org.apache.logging.log4j/log4j-to-slf4j/2.19.0, Apache-2.0, approved, #5941
 maven/mavencentral/org.apache.tomcat.embed/tomcat-embed-core/10.1.7, Apache-2.0 AND (EPL-2.0 OR GPL-2.0-only WITH Classpath-exception-2.0) AND (CDDL-1.0 OR GPL-2.0-only WITH Classpath-exception-2.0) AND W3C AND CC0-1.0, approved, #5949
 maven/mavencentral/org.apache.tomcat.embed/tomcat-embed-el/10.1.7, Apache-2.0, approved, #6997
-maven/mavencentral/org.apache.tomcat.embed/tomcat-embed-websocket/10.1.7, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.apache.tomcat.embed/tomcat-embed-websocket/10.1.7, Apache-2.0, approved, #7920
 maven/mavencentral/org.apiguardian/apiguardian-api/1.1.2, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.aspectj/aspectjweaver/1.9.19, EPL-1.0, approved, tools.aspectj
 maven/mavencentral/org.assertj/assertj-core/3.23.1, Apache-2.0, approved, clearlydefined
@@ -59,9 +59,9 @@ maven/mavencentral/org.projectlombok/lombok/1.18.26, MIT AND LicenseRef-Public-D
 maven/mavencentral/org.skyscreamer/jsonassert/1.5.1, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.slf4j/jul-to-slf4j/2.0.7, MIT, approved, #7698
 maven/mavencentral/org.slf4j/slf4j-api/2.0.7, MIT, approved, #5915
-maven/mavencentral/org.springdoc/springdoc-openapi-common/1.6.6, Apache-2.0, approved, clearlydefined
-maven/mavencentral/org.springdoc/springdoc-openapi-ui/1.6.6, Apache-2.0, approved, #4347
-maven/mavencentral/org.springdoc/springdoc-openapi-webmvc-core/1.6.6, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.springdoc/springdoc-openapi-starter-common/2.0.4, Apache-2.0, approved, #5920
+maven/mavencentral/org.springdoc/springdoc-openapi-starter-webmvc-api/2.0.4, Apache-2.0, approved, #5950
+maven/mavencentral/org.springdoc/springdoc-openapi-starter-webmvc-ui/2.0.4, Apache-2.0, approved, #5923
 maven/mavencentral/org.springframework.boot/spring-boot-autoconfigure/3.0.5, Apache-2.0, approved, #6981
 maven/mavencentral/org.springframework.boot/spring-boot-starter-aop/3.0.5, Apache-2.0, approved, #6965
 maven/mavencentral/org.springframework.boot/spring-boot-starter-json/3.0.5, Apache-2.0, approved, #7006
@@ -80,8 +80,10 @@ maven/mavencentral/org.springframework.cloud/spring-cloud-context/4.0.1, Apache-
 maven/mavencentral/org.springframework.cloud/spring-cloud-openfeign-core/4.0.1, Apache-2.0, approved, #7305
 maven/mavencentral/org.springframework.cloud/spring-cloud-starter-openfeign/4.0.1, Apache-2.0, approved, #7302
 maven/mavencentral/org.springframework.cloud/spring-cloud-starter/4.0.1, Apache-2.0, approved, #7299
+maven/mavencentral/org.springframework.security/spring-security-core/6.0.2, Apache-2.0, approved, #7325
 maven/mavencentral/org.springframework.security/spring-security-crypto/6.0.2, Apache-2.0 AND ISC, approved, #7326
 maven/mavencentral/org.springframework.security/spring-security-rsa/1.0.11.RELEASE, Apache-2.0, approved, CQ20647
+maven/mavencentral/org.springframework.security/spring-security-web/6.0.3, Apache-2.0, approved, #7328
 maven/mavencentral/org.springframework/spring-aop/6.0.7, Apache-2.0, approved, #5940
 maven/mavencentral/org.springframework/spring-beans/6.0.7, Apache-2.0, approved, #5937
 maven/mavencentral/org.springframework/spring-context/6.0.7, Apache-2.0, approved, #5936
@@ -94,7 +96,7 @@ maven/mavencentral/org.springframework/spring-webmvc/6.0.7, Apache-2.0, approved
 maven/mavencentral/org.thymeleaf/thymeleaf-spring6/3.1.1.RELEASE, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.thymeleaf/thymeleaf/3.1.1.RELEASE, Apache-2.0, approved, CQ23960
 maven/mavencentral/org.unbescape/unbescape/1.1.6.RELEASE, Apache-2.0, approved, CQ18904
-maven/mavencentral/org.webjars/swagger-ui/4.5.0, Apache-2.0, approved, #2379
+maven/mavencentral/org.webjars/swagger-ui/4.18.1, Apache-2.0, approved, #7850
 maven/mavencentral/org.webjars/webjars-locator-core/0.52, MIT, approved, clearlydefined
 maven/mavencentral/org.xmlunit/xmlunit-core/2.9.1, Apache-2.0, approved, #6272
 maven/mavencentral/org.yaml/snakeyaml/2.0, Apache-2.0 AND (Apache-2.0 OR BSD-3-Clause OR EPL-1.0 OR GPL-2.0-or-later OR LGPL-2.1-or-later), approved, #7275
diff --git a/README.md b/README.md
@@ -10,8 +10,8 @@ This service will help for testing the connectors and also can be used for healt
 
 ### Software Version
 ```shell
-Latest Helm version is v0.1.7
-Latest Application version is v0.1.7
+Latest Helm version is v0.1.8
+Latest Application version is v0.1.8
 ```
 ### How to run
 

diff --git a/charts/data-exchange/Chart.yaml b/charts/data-exchange/Chart.yaml
@@ -38,11 +38,11 @@ sources:
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.7
+version: 0.1.8
 
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: 0.1.7
+appVersion: 0.1.8
diff --git a/charts/data-exchange/README.md b/charts/data-exchange/README.md
@@ -1,6 +1,6 @@
 # data-exchange
 
-![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.7](https://img.shields.io/badge/AppVersion-0.1.7-informational?style=flat-square)
+![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.8](https://img.shields.io/badge/AppVersion-0.1.8-informational?style=flat-square)
 
 Data exchange service is used to exchange the data between connectors
 

diff --git a/pom.xml b/pom.xml
@@ -10,7 +10,7 @@
 	</parent>
 	<groupId>org.connector</groupId>
 	<artifactId>e2etestservice</artifactId>
-	<version>0.1.6</version>
+	<version>0.1.8</version>
 	<name>e2etestservice</name>
 	<description>End to end data exchange test service</description>
 	<properties>
@@ -87,6 +87,11 @@
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-validation</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-web</artifactId>
+			<version>6.0.3</version>
+		</dependency>
 	</dependencies>
 
 	<dependencyManagement>