From 23789f5265f9c525eeffbde84d6de8ea4ce0fe33 Mon Sep 17 00:00:00 2001
From: Felix Dittrich <Felix.Dittrich@t-systems.com>
Date: Tue, 31 Jan 2023 18:39:17 +0100
Subject: [PATCH 1/2] Prepare Spring Boot 3.0 Ready build

---
 pom.xml                                       | 21 ++++++++++---------
 .../ec/dgc/DgcLibAutoConfiguration.java       |  3 ++-
 .../connector/DgcGatewayConnectorUtils.java   |  6 +++---
 ...gcGatewayCountryListDownloadConnector.java |  2 +-
 .../DgcGatewayDownloadConnector.java          |  2 +-
 ...cGatewayRevocationListUploadConnector.java |  2 +-
 ...GatewayTrustedIssuerDownloadConnector.java |  2 +-
 .../connector/DgcGatewayUploadConnector.java  |  2 +-
 ...cGatewayValidationRuleUploadConnector.java |  2 +-
 src/main/resources/META-INF/spring.factories  |  1 -
 ...ot.autoconfigure.AutoConfiguration.imports |  1 +
 11 files changed, 23 insertions(+), 21 deletions(-)
 delete mode 100644 src/main/resources/META-INF/spring.factories
 create mode 100644 src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports

diff --git a/pom.xml b/pom.xml
index 922759c..ad59140 100644
--- a/pom.xml
+++ b/pom.xml
@@ -4,9 +4,16 @@
          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
 
+    <parent>
+        <groupId>org.springframework.cloud</groupId>
+        <artifactId>spring-cloud-starter-parent</artifactId>
+        <version>2022.0.1</version>
+        <relativePath/>
+    </parent>
+
     <groupId>eu.europa.ec.dgc</groupId>
     <artifactId>dgc-lib</artifactId>
-    <version>latest</version>
+    <version>2.0.0</version>
     <packaging>jar</packaging>
 
     <name>dgc-lib</name>
@@ -17,15 +24,13 @@
     </organization>
 
     <properties>
-        <maven.compiler.source>11</maven.compiler.source>
-        <maven.compiler.target>11</maven.compiler.target>
+        <maven.compiler.source>17</maven.compiler.source>
+        <maven.compiler.target>17</maven.compiler.target>
         <!-- charset -->
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <!-- dependencies -->
         <owasp.version>7.3.0</owasp.version>
-        <spring.boot.version>2.7.5</spring.boot.version>
-        <spring.cloud.version>3.1.4</spring.cloud.version>
         <feign.version>11.10</feign.version>
         <bcpkix.version>1.70</bcpkix.version>
         <lombok.version>1.18.24</lombok.version>
@@ -74,7 +79,6 @@
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-web</artifactId>
-            <version>${spring.boot.version}</version>
             <optional>true</optional>
             <exclusions>
                 <exclusion>
@@ -96,13 +100,11 @@
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-configuration-processor</artifactId>
-            <version>${spring.boot.version}</version>
             <optional>true</optional>
         </dependency>
         <dependency>
             <groupId>org.springframework.cloud</groupId>
             <artifactId>spring-cloud-starter-openfeign</artifactId>
-            <version>${spring.cloud.version}</version>
             <exclusions>
                 <exclusion>
                     <groupId>org.springframework</groupId>
@@ -162,7 +164,6 @@
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-test</artifactId>
             <scope>test</scope>
-            <version>${spring.boot.version}</version>
         </dependency>
         <dependency>
             <groupId>com.squareup.okhttp3</groupId>
@@ -293,7 +294,7 @@
                         <path>
                             <groupId>org.springframework.boot</groupId>
                             <artifactId>spring-boot-configuration-processor</artifactId>
-                            <version>${spring.boot.version}</version>
+                            <version>${project.parent.parent.version}</version>
                         </path>
                     </annotationProcessorPaths>
                 </configuration>
diff --git a/src/main/java/eu/europa/ec/dgc/DgcLibAutoConfiguration.java b/src/main/java/eu/europa/ec/dgc/DgcLibAutoConfiguration.java
index 14be84b..605ea32 100644
--- a/src/main/java/eu/europa/ec/dgc/DgcLibAutoConfiguration.java
+++ b/src/main/java/eu/europa/ec/dgc/DgcLibAutoConfiguration.java
@@ -20,11 +20,12 @@
 
 package eu.europa.ec.dgc;
 
+import org.springframework.boot.autoconfigure.AutoConfiguration;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.Configuration;
 
-@Configuration
+@AutoConfiguration
 @ComponentScan("eu.europa.ec.dgc")
 @EnableConfigurationProperties
 public class DgcLibAutoConfiguration {
diff --git a/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayConnectorUtils.java b/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayConnectorUtils.java
index 7da1edf..1dcb708 100644
--- a/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayConnectorUtils.java
+++ b/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayConnectorUtils.java
@@ -33,6 +33,7 @@
 import eu.europa.ec.dgc.signing.SignedStringMessageParser;
 import eu.europa.ec.dgc.utils.CertificateUtils;
 import feign.FeignException;
+import jakarta.annotation.PostConstruct;
 import java.io.IOException;
 import java.io.Serializable;
 import java.nio.charset.StandardCharsets;
@@ -48,7 +49,6 @@
 import java.util.Map;
 import java.util.Objects;
 import java.util.stream.Collectors;
-import javax.annotation.PostConstruct;
 import lombok.Getter;
 import lombok.RequiredArgsConstructor;
 import lombok.Setter;
@@ -217,7 +217,7 @@ public List<X509CertificateHolder> fetchCertificatesAndVerifyByTrustAnchor(Certi
 
         if (downloadedCertificates.getStatusCode() != HttpStatus.OK || downloadedCertificates.getBody() == null) {
             log.error("Failed to Download certificates from DGC Gateway, Type: {}, Status Code: {}",
-                type, downloadedCertificates.getStatusCodeValue());
+                type, downloadedCertificates.getStatusCode());
             return Collections.emptyList();
         }
 
@@ -249,7 +249,7 @@ public List<TrustedIssuer> fetchTrustedIssuersAndVerifyByTrustAnchor(
 
         if (responseEntity.getStatusCode() != HttpStatus.OK || downloadedTrustedIssuers == null) {
             throw new DgcGatewayConnectorUtils.DgcGatewayConnectorException(
-                responseEntity.getStatusCodeValue(), "Download of TrustedIssuers failed.");
+                responseEntity.getStatusCode().value(), "Download of TrustedIssuers failed.");
         } else {
             log.info("Got Response from DGCG, Downloaded TrustedIssuers: {}",
                 downloadedTrustedIssuers.size());
diff --git a/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayCountryListDownloadConnector.java b/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayCountryListDownloadConnector.java
index f88a288..b48ea0e 100644
--- a/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayCountryListDownloadConnector.java
+++ b/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayCountryListDownloadConnector.java
@@ -23,13 +23,13 @@
 import eu.europa.ec.dgc.gateway.connector.client.DgcGatewayConnectorRestClient;
 import eu.europa.ec.dgc.gateway.connector.config.DgcGatewayConnectorConfigProperties;
 import feign.FeignException;
+import jakarta.annotation.PostConstruct;
 import java.security.Security;
 import java.time.LocalDateTime;
 import java.time.temporal.ChronoUnit;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
-import javax.annotation.PostConstruct;
 import lombok.Getter;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
diff --git a/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayDownloadConnector.java b/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayDownloadConnector.java
index 801408e..fcfc6dc 100644
--- a/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayDownloadConnector.java
+++ b/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayDownloadConnector.java
@@ -28,6 +28,7 @@
 import eu.europa.ec.dgc.gateway.connector.model.TrustListItem;
 import eu.europa.ec.dgc.signing.SignedCertificateMessageParser;
 import feign.FeignException;
+import jakarta.annotation.PostConstruct;
 import java.security.Security;
 import java.time.LocalDateTime;
 import java.time.temporal.ChronoUnit;
@@ -37,7 +38,6 @@
 import java.util.List;
 import java.util.Map;
 import java.util.stream.Collectors;
-import javax.annotation.PostConstruct;
 import lombok.Getter;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
diff --git a/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayRevocationListUploadConnector.java b/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayRevocationListUploadConnector.java
index 4520162..75860fa 100644
--- a/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayRevocationListUploadConnector.java
+++ b/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayRevocationListUploadConnector.java
@@ -31,6 +31,7 @@
 import eu.europa.ec.dgc.signing.SignedStringMessageBuilder;
 import eu.europa.ec.dgc.utils.CertificateUtils;
 import feign.FeignException;
+import jakarta.annotation.PostConstruct;
 import java.io.IOException;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
@@ -39,7 +40,6 @@
 import java.security.UnrecoverableKeyException;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.X509Certificate;
-import javax.annotation.PostConstruct;
 import lombok.Getter;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
diff --git a/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayTrustedIssuerDownloadConnector.java b/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayTrustedIssuerDownloadConnector.java
index 2263dbb..01a5265 100644
--- a/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayTrustedIssuerDownloadConnector.java
+++ b/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayTrustedIssuerDownloadConnector.java
@@ -23,6 +23,7 @@
 import eu.europa.ec.dgc.gateway.connector.config.DgcGatewayConnectorConfigProperties;
 import eu.europa.ec.dgc.gateway.connector.model.QueryParameter;
 import eu.europa.ec.dgc.gateway.connector.model.TrustedIssuer;
+import jakarta.annotation.PostConstruct;
 import java.io.Serializable;
 import java.security.Security;
 import java.time.LocalDateTime;
@@ -31,7 +32,6 @@
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
-import javax.annotation.PostConstruct;
 import lombok.Getter;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
diff --git a/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayUploadConnector.java b/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayUploadConnector.java
index ed7f075..04883ba 100644
--- a/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayUploadConnector.java
+++ b/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayUploadConnector.java
@@ -28,6 +28,7 @@
 import eu.europa.ec.dgc.signing.SignedCertificateMessageBuilder;
 import eu.europa.ec.dgc.utils.CertificateUtils;
 import feign.FeignException;
+import jakarta.annotation.PostConstruct;
 import java.io.IOException;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
@@ -36,7 +37,6 @@
 import java.security.UnrecoverableKeyException;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.X509Certificate;
-import javax.annotation.PostConstruct;
 import lombok.Getter;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
diff --git a/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayValidationRuleUploadConnector.java b/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayValidationRuleUploadConnector.java
index 613afb7..5ba3eae 100644
--- a/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayValidationRuleUploadConnector.java
+++ b/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayValidationRuleUploadConnector.java
@@ -28,6 +28,7 @@
 import eu.europa.ec.dgc.signing.SignedStringMessageBuilder;
 import eu.europa.ec.dgc.utils.CertificateUtils;
 import feign.FeignException;
+import jakarta.annotation.PostConstruct;
 import java.io.IOException;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
@@ -36,7 +37,6 @@
 import java.security.UnrecoverableKeyException;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.X509Certificate;
-import javax.annotation.PostConstruct;
 import lombok.Getter;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
diff --git a/src/main/resources/META-INF/spring.factories b/src/main/resources/META-INF/spring.factories
deleted file mode 100644
index 2ac5bc2..0000000
--- a/src/main/resources/META-INF/spring.factories
+++ /dev/null
@@ -1 +0,0 @@
-org.springframework.boot.autoconfigure.EnableAutoConfiguration=eu.europa.ec.dgc.DgcLibAutoConfiguration
diff --git a/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports b/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
new file mode 100644
index 0000000..bd2794c
--- /dev/null
+++ b/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
@@ -0,0 +1 @@
+eu.europa.ec.dgc.DgcLibAutoConfiguration

From 6e520628dcc1a6f4c177e0ba00cf664892a158e9 Mon Sep 17 00:00:00 2001
From: Felix Dittrich <Felix.Dittrich@t-systems.com>
Date: Mon, 13 Feb 2023 13:13:11 +0100
Subject: [PATCH 2/2] Remove hardcoded 2.0.0 version (reset to latest) Update
 3rd Party Libs Update OWASP Suppression file Update CI Jobs (Update Runner
 and JDK version)

---
 .github/workflows/ci-dependency-check.yml |  2 +-
 .github/workflows/ci-main.yml             |  4 +-
 .github/workflows/ci-pullrequest.yml      |  4 +-
 .github/workflows/ci-release-notes.yml    |  2 +-
 .github/workflows/ci-release.yml          |  4 +-
 .github/workflows/ci-sonar.yml            |  4 +-
 owasp/suppressions.xml                    | 26 +-----------
 pom.xml                                   | 51 ++++-------------------
 8 files changed, 20 insertions(+), 77 deletions(-)

diff --git a/.github/workflows/ci-dependency-check.yml b/.github/workflows/ci-dependency-check.yml
index b70c32f..601390c 100644
--- a/.github/workflows/ci-dependency-check.yml
+++ b/.github/workflows/ci-dependency-check.yml
@@ -15,7 +15,7 @@ jobs:
     steps:
       - uses: actions/setup-java@v2
         with:
-          java-version: 11
+          java-version: 17
           distribution: adopt
       - uses: actions/checkout@v2
         with:
diff --git a/.github/workflows/ci-main.yml b/.github/workflows/ci-main.yml
index 4c33da8..36a91f9 100644
--- a/.github/workflows/ci-main.yml
+++ b/.github/workflows/ci-main.yml
@@ -6,11 +6,11 @@ on:
       - main
 jobs:
   build:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
     steps:
       - uses: actions/setup-java@v2
         with:
-          java-version: 11
+          java-version: 17
           distribution: adopt
       - uses: actions/checkout@v2
         with:
diff --git a/.github/workflows/ci-pullrequest.yml b/.github/workflows/ci-pullrequest.yml
index 558aa10..f577089 100644
--- a/.github/workflows/ci-pullrequest.yml
+++ b/.github/workflows/ci-pullrequest.yml
@@ -7,11 +7,11 @@ on:
       - reopened
 jobs:
   build:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
     steps:
       - uses: actions/setup-java@v2
         with:
-          java-version: 11
+          java-version: 17
           distribution: adopt
       - uses: actions/checkout@v2
         with:
diff --git a/.github/workflows/ci-release-notes.yml b/.github/workflows/ci-release-notes.yml
index b155d77..2fd0c68 100644
--- a/.github/workflows/ci-release-notes.yml
+++ b/.github/workflows/ci-release-notes.yml
@@ -5,7 +5,7 @@ on:
     - created
 jobs:
   release-notes:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v2
       with:
diff --git a/.github/workflows/ci-release.yml b/.github/workflows/ci-release.yml
index 9af8f11..2ced4ac 100644
--- a/.github/workflows/ci-release.yml
+++ b/.github/workflows/ci-release.yml
@@ -5,11 +5,11 @@ on:
     - created
 jobs:
   release:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
     steps:
     - uses: actions/setup-java@v2
       with:
-        java-version: 11
+        java-version: 17
         distribution: adopt
     - uses: actions/checkout@v2
       with:
diff --git a/.github/workflows/ci-sonar.yml b/.github/workflows/ci-sonar.yml
index 90171d4..5e7dcc4 100644
--- a/.github/workflows/ci-sonar.yml
+++ b/.github/workflows/ci-sonar.yml
@@ -10,11 +10,11 @@ on:
       - reopened
 jobs:
   sonar:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
     steps:
       - uses: actions/setup-java@v2
         with:
-          java-version: 11
+          java-version: 17
           distribution: adopt
       - uses: actions/checkout@v2
         with:
diff --git a/owasp/suppressions.xml b/owasp/suppressions.xml
index 5f48248..3fd8b02 100644
--- a/owasp/suppressions.xml
+++ b/owasp/suppressions.xml
@@ -1,29 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
   <suppress>
-    <notes>see https://github.com/jeremylong/DependencyCheck/issues/1827></notes>
-    <cve>CVE-2018-1258</cve>
-  </suppress>
-  <suppress>
-    <notes>see https://github.com/jeremylong/DependencyCheck/issues/2952</notes>
-    <cve>CVE-2011-2732</cve>
-    <cve>CVE-2011-2731</cve>
-    <cve>CVE-2012-5055</cve>
-  </suppress>
-  <suppress>
-    <notes>see https://tomcat.apache.org/security-9.html#Apache_Tomcat_9.x_vulnerabilities vulnerability is fixed in tomcat 9.0.38</notes>
-    <cve>CVE-2020-13943</cve>
-  </suppress>
-  <suppress>
-    <notes>H2 is not used by this project.</notes>
-    <cve>CVE-2021-23463</cve>
-  </suppress>
-  <suppress>
-    <notes>False Positive, Should match only up to 5.3.2 (excluding) but we have 5.6.3 </notes>
-    <cve>CVE-2020-5408</cve>
-  </suppress>
-  <suppress>
-    <notes>False Positive, Should match only up to 1.32 (excluding) but we have 1.33</notes>
-    <cve>CVE-2022-38752</cve>
+    <notes>no YAML content from users is parsed within this service</notes>
+    <cve>CVE-2022-1471</cve>
   </suppress>
 </suppressions>
diff --git a/pom.xml b/pom.xml
index ad59140..9270a25 100644
--- a/pom.xml
+++ b/pom.xml
@@ -13,7 +13,7 @@
 
     <groupId>eu.europa.ec.dgc</groupId>
     <artifactId>dgc-lib</artifactId>
-    <version>2.0.0</version>
+    <version>latest</version>
     <packaging>jar</packaging>
 
     <name>dgc-lib</name>
@@ -30,18 +30,16 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <!-- dependencies -->
-        <owasp.version>7.3.0</owasp.version>
-        <feign.version>11.10</feign.version>
-        <bcpkix.version>1.70</bcpkix.version>
+        <owasp.version>8.0.2</owasp.version>
+        <bcpkix.version>1.72</bcpkix.version>
         <lombok.version>1.18.24</lombok.version>
         <mapstruct.version>1.5.3.Final</mapstruct.version>
         <commonsio.version>2.11.0</commonsio.version>
         <cbor.version>4.5.2</cbor.version>
-        <jackson.version>2.13.4</jackson.version>
-        <jackson.databind.version>2.13.4.2</jackson.databind.version>
         <mockwebserver.version>4.10.0</mockwebserver.version>
-        <plugin.checkstyle.version>3.2.0</plugin.checkstyle.version>
-        <plugin.surefire.version>3.0.0-M7</plugin.surefire.version>
+        <plugin.checkstyle.version>3.2.1</plugin.checkstyle.version>
+        <plugin.sonar.version>3.9.1.2184</plugin.sonar.version>
+        <plugin.surefire.version>3.0.0-M8</plugin.surefire.version>
         <plugin.jacoco.version>0.8.8</plugin.jacoco.version>
 
         <!-- license -->
@@ -78,24 +76,8 @@
     <dependencies>
         <dependency>
             <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-web</artifactId>
+            <artifactId>spring-boot-starter</artifactId>
             <optional>true</optional>
-            <exclusions>
-                <exclusion>
-                    <groupId>org.yaml</groupId>
-                    <artifactId>snakeyaml</artifactId>
-                </exclusion>
-                <exclusion>
-                    <groupId>com.fasterxml.jackson.core</groupId>
-                    <artifactId>jackson-databind</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <!-- Explicit inclusion of SnakeYaml because of CVE -->
-        <dependency>
-            <groupId>org.yaml</groupId>
-            <artifactId>snakeyaml</artifactId>
-            <version>1.33</version>
         </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
@@ -105,17 +87,10 @@
         <dependency>
             <groupId>org.springframework.cloud</groupId>
             <artifactId>spring-cloud-starter-openfeign</artifactId>
-            <exclusions>
-                <exclusion>
-                    <groupId>org.springframework</groupId>
-                    <artifactId>spring-web</artifactId>
-                </exclusion>
-            </exclusions>
         </dependency>
         <dependency>
             <groupId>io.github.openfeign</groupId>
             <artifactId>feign-httpclient</artifactId>
-            <version>${feign.version}</version>
         </dependency>
         <dependency>
             <groupId>org.mapstruct</groupId>
@@ -126,11 +101,10 @@
             <groupId>org.projectlombok</groupId>
             <artifactId>lombok</artifactId>
             <scope>provided</scope>
-            <version>${lombok.version}</version>
         </dependency>
         <dependency>
             <groupId>org.bouncycastle</groupId>
-            <artifactId>bcpkix-jdk15on</artifactId>
+            <artifactId>bcpkix-jdk18on</artifactId>
             <version>${bcpkix.version}</version>
         </dependency>
         <dependency>
@@ -146,20 +120,11 @@
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-databind</artifactId>
-            <version>${jackson.databind.version}</version>
         </dependency>
         <dependency>
             <groupId>com.fasterxml.jackson.datatype</groupId>
             <artifactId>jackson-datatype-jsr310</artifactId>
-            <version>${jackson.version}</version>
-            <exclusions>
-                <exclusion>
-                    <groupId>com.fasterxml.jackson.core</groupId>
-                    <artifactId>jackson-databind</artifactId>
-                </exclusion>
-            </exclusions>
         </dependency>
-
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-test</artifactId>