Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade to Spring Boot 3.4 #11318

Merged
merged 7 commits into from
Jan 13, 2025
Merged

Upgrade to Spring Boot 3.4 #11318

merged 7 commits into from
Jan 13, 2025

Conversation

gblaih
Copy link
Contributor

@gblaih gblaih commented Jan 2, 2025
edited by inodb
Loading

Address several security issues by upgrading to Spring Boot v3.4. The old image has these vulnerabilities identified by Docker Scout:

Image: master-web-shenandoah
Vulnerabilities: {
   Critical: 2
   High: 17
   Medium: 25
}

New image has this:

Image: bryan-web-shenandoah
Vulnerabilities: {
   Critical: 1
   High: 4
   Medium: 13
}

@gblaih gblaih requested a review from haynescd January 7, 2025 16:54
@gblaih gblaih force-pushed the spring-boot-upgrade-3.4 branch 3 times, most recently from 05b706a to b103c02 Compare January 9, 2025 21:36
haynescd
haynescd reviewed Jan 13, 2025
View reviewed changes
pom.xml Outdated
Comment on lines 387 to 423
<dependency>
<groupId>org.apache.velocity</groupId>
<artifactId>velocity-engine-core</artifactId>
<version>2.4.1</version>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>2.18.0</version>
</dependency>
<dependency>
<groupId>com.nimbusds</groupId>
<artifactId>nimbus-jose-jwt</artifactId>
<version>9.37.2</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk18on</artifactId>
<version>${bouncy_castle.version}</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bc-fips</artifactId>
<version>2.0.0</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk18on</artifactId>
<version>${bouncy_castle.version}</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bctls-jdk18on</artifactId>
<version>${bouncy_castle.version}</version>
</dependency>
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@gblaih Are these tests deps?

haynescd
haynescd reviewed Jan 13, 2025
View reviewed changes
pom.xml
Comment on lines +214 to +219
<exclusions>
<exclusion>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
</exclusion>
</exclusions>
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as below are these test deps?
test

haynescd
haynescd reviewed Jan 13, 2025
View reviewed changes
pom.xml Show resolved Hide resolved
@gblaih gblaih force-pushed the spring-boot-upgrade-3.4 branch from c419f7a to 169cba5 Compare January 13, 2025 19:57
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

haynescd
haynescd approved these changes Jan 13, 2025
View reviewed changes
Copy link
Collaborator

@haynescd haynescd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good

@haynescd haynescd merged commit 50f78d9 into cBioPortal:master Jan 13, 2025
17 of 20 checks passed
@inodb inodb changed the title Upgrade to spring boot 3.4 Upgrade to Spring Boot 3.4 Jan 28, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@haynescd haynescd haynescd approved these changes

Assignees
No one assigned
Labels
dependencies
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@gblaih @haynescd @inodb