Skip to content

Commit

Permalink
Update to Spring Boot 3 (#211)
Browse files Browse the repository at this point in the history 
* Upgrade Code-Base to Java 17
Upgrade Code-Base to Spring Boot 3+

* Update CI Jobs to JDK 17
Update Dependencies

* Update OWASP Suppressions

* Fix Typo
  • Loading branch information
@f11h
f11h authored Feb 14, 2023
1 parent 4b851c5 commit 7459015
Show file tree
Hide file tree
Showing 44 changed files with 188 additions and 235 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/ci-dependency-check.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ jobs:
steps:
- uses: actions/setup-java@v2
with:
java-version: 11
java-version: 17
distribution: adopt
- uses: actions/checkout@v2
with:
Expand Down
12 changes: 6 additions & 6 deletions .github/workflows/ci-main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,11 @@ on:
- main
jobs:
build:
runs-on: ubuntu-20.04
runs-on: ubuntu-latest
steps:
- uses: actions/setup-java@v2
with:
java-version: 11
java-version: 17
distribution: adopt
- uses: actions/checkout@v2
with:
Expand Down Expand Up @@ -61,11 +61,11 @@ jobs:
name: DGCG001_PRD
path: target/DGCG001_PRD*
build-docker:
runs-on: ubuntu-20.04
runs-on: ubuntu-latest
steps:
- uses: actions/setup-java@v2
with:
java-version: 11
java-version: 17
distribution: adopt
- uses: actions/checkout@v2
with:
Expand Down Expand Up @@ -115,11 +115,11 @@ jobs:
APP_PACKAGES_USERNAME: ${{ github.actor }}
APP_PACKAGES_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
license:
runs-on: ubuntu-20.04
runs-on: ubuntu-latest
steps:
- uses: actions/setup-java@v2
with:
java-version: 11
java-version: 17
distribution: adopt
- uses: actions/checkout@v2
with:
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/ci-openapi.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,11 @@ on:
- created
jobs:
release:
runs-on: ubuntu-20.04
runs-on: ubuntu-latest
steps:
- uses: actions/setup-java@v2
with:
java-version: 11
java-version: 17
distribution: adopt
- uses: actions/checkout@v2
with:
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/ci-pull-request.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,11 +7,11 @@ on:
- reopened
jobs:
build:
runs-on: ubuntu-20.04
runs-on: ubuntu-latest
steps:
- uses: actions/setup-java@v2
with:
java-version: 11
java-version: 17
distribution: adopt
- uses: actions/checkout@v2
with:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/ci-release-notes.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ on:
- created
jobs:
release-notes:
runs-on: ubuntu-20.04
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/ci-release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,11 @@ on:
- created
jobs:
release:
runs-on: ubuntu-20.04
runs-on: ubuntu-latest
steps:
- uses: actions/setup-java@v2
with:
java-version: 11
java-version: 17
distribution: adopt
- uses: actions/checkout@v2
with:
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/ci-sonar.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,11 +10,11 @@ on:
- reopened
jobs:
sonar:
runs-on: ubuntu-20.04
runs-on: ubuntu-latest
steps:
- uses: actions/setup-java@v2
with:
java-version: 11
java-version: 17
distribution: adopt
- uses: actions/checkout@v2
with:
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/codeql.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,10 +29,10 @@ jobs:
with:
languages: ${{ matrix.language }}

- name: Setup Java 11
- name: Setup Java
uses: actions/setup-java@v2
with:
java-version: 11
java-version: 17
distribution: adopt

- name: Build
Expand Down
28 changes: 14 additions & 14 deletions owasp/suppressions.xml
View file
Original file line number Diff line number Diff line change
@@ -1,29 +1,29 @@
<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
<suppress>
<notes>Bug only affects not used features of embedded tomcat.</notes>
<cve>CVE-2022-23181</cve>
<notes>no YAML content from users is parsed within this service</notes>
<cve>CVE-2022-1471</cve>
</suppress>
<suppress>
<notes>False Positive</notes>
<cve>CVE-2016-1000027</cve>
<notes>Bitcoin CLI is not used by the JSON LD Lib</notes>
<cve>CVE-2021-3401</cve>
<cve>CVE-2021-31876</cve>
</suppress>
<suppress>
<notes>False Positive - Updated to newest version</notes>
<cve>CVE-2018-14335</cve>
<notes>H2 is only used for testing, not production</notes>
<cve>CVE-2022-45868</cve>
</suppress>
<suppress>
<notes>False Positive</notes>
<cve>CVE-2020-5408</cve>
<notes>False positive. CVE is matching for hutools. OWASP Check matches for json-lib</notes>
<cve>CVE-2022-45688</cve>
</suppress>
<suppress>
<notes>Only affecting example code shipped with tomcat.</notes>
<cve>CVE-2022-34305</cve>
<notes>Both CVE are matching for eclipse ide</notes>
<cve>CVE-2008-7271</cve>
<cve>CVE-2010-4647</cve>
</suppress>
<suppress>
<notes>DGCG is not using YML User Input, Bug is fixed with SnameYAML 1.32, but CVE Matcher is invalid</notes>
<cve>CVE-2022-38751</cve>
<cve>CVE-2022-38752</cve>
<notes>Still WIP</notes>
<cve>CVE-2022-41862</cve>
</suppress>

</suppressions>
97 changes: 23 additions & 74 deletions pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,9 @@
<modelVersion>4.0.0</modelVersion>

<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.7.4</version>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-parent</artifactId>
<version>2022.0.1</version>
<relativePath/>
</parent>

Expand Down Expand Up @@ -36,32 +36,27 @@
<properties>
<packaging.format>war</packaging.format>
<!-- java -->
<java.version>11</java.version>
<maven.compiler.source>11</maven.compiler.source>
<maven.compiler.target>11</maven.compiler.target>
<java.version>17</java.version>
<maven.compiler.source>17</maven.compiler.source>
<maven.compiler.target>17</maven.compiler.target>
<!-- charset -->
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<!-- dependencies -->
<owasp.version>7.1.2</owasp.version>
<spring.security.version>5.7.3</spring.security.version>
<lombok.version>1.18.24</lombok.version>
<liquibase.version>4.17.0</liquibase.version>
<springdoc.version>1.6.11</springdoc.version>
<mapstruct.version>1.5.2.Final</mapstruct.version>
<bcpkix.version>1.70</bcpkix.version>
<semver4j.version>3.1.0</semver4j.version>
<dgclib.version>2.0.0</dgclib.version>
<owasp.version>8.0.2</owasp.version>
<springdoc.version>1.6.14</springdoc.version>
<mapstruct.version>1.5.3.Final</mapstruct.version>
<bcpkix.version>1.72</bcpkix.version>
<semver4j.version>4.1.1</semver4j.version>
<json-schema.version>1.14.1</json-schema.version>
<shedlock.version>4.42.0</shedlock.version>
<spring.cloud.version>2021.0.4</spring.cloud.version>
<h2.version>2.1.214</h2.version>
<dgc.lib.version>1.3.2</dgc.lib.version>
<shedlock.version>5.1.0</shedlock.version>
<!-- plugins -->
<plugin.maven-assembly.version>3.4.2</plugin.maven-assembly.version>
<plugin.checkstyle.version>3.2.0</plugin.checkstyle.version>
<plugin.checkstyle.version>3.2.1</plugin.checkstyle.version>
<plugin.sonar.version>3.9.1.2184</plugin.sonar.version>
<plugin.jacoco.version>0.8.8</plugin.jacoco.version>
<plugin.os-maven.version>1.7.0</plugin.os-maven.version>
<plugin.os-maven.version>1.7.1</plugin.os-maven.version>
<!-- license -->
<license.projectName>EU Digital Green Certificate Gateway Service / dgc-gateway</license.projectName>
<license.inceptionYear>2021</license.inceptionYear>
Expand Down Expand Up @@ -132,26 +127,14 @@
</repository>
</distributionManagement>

<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>${spring.cloud.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>

<dependencies>
<dependency>
<groupId>eu.europa.ec.dgc</groupId>
<artifactId>dgc-lib</artifactId>
<version>${dgc.lib.version}</version>
<version>${dgclib.version}</version>
</dependency>
<dependency>
<groupId>com.vdurmont</groupId>
<groupId>org.semver4j</groupId>
<artifactId>semver4j</artifactId>
<version>${semver4j.version}</version>
</dependency>
Expand All @@ -161,28 +144,12 @@
<version>${json-schema.version}</version>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
<exclusions>
<exclusion>
<groupId>org.yaml</groupId>
<artifactId>snakeyaml</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.yaml</groupId>
<artifactId>snakeyaml</artifactId>
<version>[1.33,)</version>
<groupId>com.mysql</groupId>
<artifactId>mysql-connector-j</artifactId>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>[2.13.4.2,)</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
Expand Down Expand Up @@ -226,17 +193,6 @@
<dependency>
<groupId>org.liquibase</groupId>
<artifactId>liquibase-core</artifactId>
<exclusions>
<exclusion>
<groupId>org.apache.commons</groupId>
<artifactId>commons-text</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-text</artifactId>
<version>[1.10.0,)</version>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
Expand All @@ -251,7 +207,6 @@
<dependency>
<groupId>com.h2database</groupId>
<artifactId>h2</artifactId>
<version>${h2.version}</version>
<scope>runtime</scope>
</dependency>
<dependency>
Expand All @@ -261,13 +216,12 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk15on</artifactId>
<artifactId>bcpkix-jdk18on</artifactId>
<version>${bcpkix.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>net.javacrumbs.shedlock</groupId>
Expand All @@ -284,11 +238,6 @@
<build>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-checkstyle-plugin</artifactId>
<version>${plugin.checkstyle.version}</version>
</plugin>
<plugin>
<groupId>org.sonarsource.scanner.maven</groupId>
<artifactId>sonar-maven-plugin</artifactId>
Expand Down Expand Up @@ -334,14 +283,14 @@
<configuration>
<suppressionFile>./owasp/suppressions.xml</suppressionFile>
<failBuildOnAnyVulnerability>true</failBuildOnAnyVulnerability>
<assemblyAnalyzerEnabled>false</assemblyAnalyzerEnabled>
</configuration>
</plugin>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<version>${project.parent.version}</version>
<configuration>
<profiles>dev</profiles>
<profiles>dev,log2console</profiles>
<wait>5000</wait>
<maxAttempts>30</maxAttempts>
</configuration>
Expand Down Expand Up @@ -369,10 +318,10 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-checkstyle-plugin</artifactId>
<version>${plugin.checkstyle.version}</version>
<configuration>
<configLocation>codestyle/checkstyle.xml</configLocation>
<excludes>target/**/*</excludes>
<encoding>UTF-8</encoding>
<consoleOutput>true</consoleOutput>
<failsOnError>true</failsOnError>
<violationSeverity>warning</violationSeverity>
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/eu/europa/ec/dgc/gateway/client/JrcClient.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@
package eu.europa.ec.dgc.gateway.client;

import eu.europa.ec.dgc.gateway.model.JrcRatValuesetResponse;
import javax.validation.Valid;
import jakarta.validation.Valid;
import org.springframework.cloud.openfeign.FeignClient;
import org.springframework.http.MediaType;
import org.springframework.validation.annotation.Validated;
Expand Down
Loading

0 comments on commit 7459015

Please sign in to comment.