From db548a0ce4683cfef342768a5cd85343f1252bb3 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 29 Jul 2025 02:23:55 +0000
Subject: [PATCH] fix: pom.xml to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-8731360
---
 pom.xml | 86 ++++++++++++++++++++++++++++-----------------------------
 1 file changed, 43 insertions(+), 43 deletions(-)

diff --git a/pom.xml b/pom.xml
index 5eea78370a..c9ad1e2ecc 100644
--- a/pom.xml
+++ b/pom.xml
@@ -32,7 +32,7 @@
     <jersey.version>2.14</jersey.version>
     <SqlRender.version>1.9.0</SqlRender.version>
     <hive-jdbc.version>3.1.2</hive-jdbc.version>
-    <pac4j.version>4.0.0</pac4j.version>
+    <pac4j.version>5.4.1</pac4j.version>
     <jackson.version>2.10.5</jackson.version>
     <jackson.databind.version>2.10.5.1</jackson.databind.version>
     <start-class>org.ohdsi.webapi.WebApi</start-class>
@@ -68,7 +68,7 @@
     <!-- Person properties -->
     <person.viewDates>false</person.viewDates>
     <!-- Full Text Search With SOLR Settings -->
-    <solr.endpoint></solr.endpoint>
+    <solr.endpoint/>
     <solr.query.prefix>{!complexphrase inOrder=true}</solr.query.prefix>
     <solr.version>8.6.3</solr.version>
     <!-- Heracles properties -->
@@ -77,7 +77,7 @@
     <!-- Kerberos properties -->
     <kerberos.timeout>60</kerberos.timeout>
     <kerberos.configPath>/etc/krb5.conf</kerberos.configPath>
-    <kerberos.kinitPath></kerberos.kinitPath>
+    <kerberos.kinitPath/>
 
     <spring.batch.repository.tableprefix>${datasource.ohdsi.schema}.BATCH_</spring.batch.repository.tableprefix>
     <spring.batch.repository.isolationLevelForCreate>ISOLATION_READ_COMMITTED</spring.batch.repository.isolationLevelForCreate>
@@ -91,24 +91,24 @@
     <security.oauth.callback.api>http://localhost:8080/WebAPI/user/oauth/callback</security.oauth.callback.api>
     <!-- Available options for callback urlResolver are: query and path -->
     <security.oauth.callback.urlResolver>query</security.oauth.callback.urlResolver>
-    <security.oauth.google.apiKey></security.oauth.google.apiKey>
-    <security.oauth.google.apiSecret></security.oauth.google.apiSecret>
-    <security.oauth.facebook.apiKey></security.oauth.facebook.apiKey>
-    <security.oauth.facebook.apiSecret></security.oauth.facebook.apiSecret>
-    <security.oauth.github.apiKey></security.oauth.github.apiKey>
-    <security.oauth.github.apiSecret></security.oauth.github.apiSecret>
-    <security.oid.clientId></security.oid.clientId>
-    <security.oid.apiSecret></security.oid.apiSecret>
-    <security.oid.url></security.oid.url>
-    <security.oid.logoutUrl></security.oid.logoutUrl>
+    <security.oauth.google.apiKey/>
+    <security.oauth.google.apiSecret/>
+    <security.oauth.facebook.apiKey/>
+    <security.oauth.facebook.apiSecret/>
+    <security.oauth.github.apiKey/>
+    <security.oauth.github.apiSecret/>
+    <security.oid.clientId/>
+    <security.oid.apiSecret/>
+    <security.oid.url/>
+    <security.oid.logoutUrl/>
     <security.oid.redirectUrl>http://localhost/index.html#/welcome/</security.oid.redirectUrl>
-    <security.kerberos.spn></security.kerberos.spn>
-    <security.kerberos.keytabPath></security.kerberos.keytabPath>
+    <security.kerberos.spn/>
+    <security.kerberos.keytabPath/>
     <security.ldap.dn>cn={0},dc=example,dc=org</security.ldap.dn>
     <security.ldap.url>ldap://localhost:389</security.ldap.url>
-    <security.ldap.baseDn></security.ldap.baseDn>
-    <security.ldap.system.username></security.ldap.system.username>
-    <security.ldap.system.password></security.ldap.system.password>
+    <security.ldap.baseDn/>
+    <security.ldap.system.username/>
+    <security.ldap.system.password/>
     <security.ldap.searchString>(&amp;(objectClass=person)(CN={0}))</security.ldap.searchString>
     <security.ldap.userMapping.displaynameAttr>displayName</security.ldap.userMapping.displaynameAttr>
     <security.ldap.userMapping.firstnameAttr>givenName</security.ldap.userMapping.firstnameAttr>
@@ -116,11 +116,11 @@
     <security.ldap.userMapping.lastnameAttr>sn</security.ldap.userMapping.lastnameAttr>
     <security.ldap.userMapping.usernameAttr>cn</security.ldap.userMapping.usernameAttr>
     <security.ldap.searchBase>CN=Users,DC=example,DC=org</security.ldap.searchBase>
-    <security.ad.url></security.ad.url>
+    <security.ad.url/>
     <security.ad.searchBase>CN=Users,DC=example,DC=org</security.ad.searchBase>
     <security.ad.principalSuffix>@example.org</security.ad.principalSuffix>
-    <security.ad.system.username></security.ad.system.username>
-    <security.ad.system.password></security.ad.system.password>
+    <security.ad.system.username/>
+    <security.ad.system.password/>
     <security.ad.searchFilter>(&amp;(objectClass=person)(cn=%s))</security.ad.searchFilter>
     <security.ad.ignore.partial.result.exception>true</security.ad.ignore.partial.result.exception>
     <security.ad.result.count.limit>30000</security.ad.result.count.limit> <!-- 0 means no limit -->
@@ -132,10 +132,10 @@
     <security.ad.userMapping.lastnameAttr>sn</security.ad.userMapping.lastnameAttr>
     <security.ad.userMapping.usernameAttr>cn</security.ad.userMapping.usernameAttr>
 
-    <security.cas.loginUrl></security.cas.loginUrl>
-    <security.cas.callbackUrl></security.cas.callbackUrl>
-    <security.cas.serverUrl></security.cas.serverUrl>
-    <security.cas.cassvcs></security.cas.cassvcs>
+    <security.cas.loginUrl/>
+    <security.cas.callbackUrl/>
+    <security.cas.serverUrl/>
+    <security.cas.cassvcs/>
     <security.cas.casticket>casticket</security.cas.casticket>
 
     <security.db.datasource.schema>${datasource.ohdsi.schema}</security.db.datasource.schema>
@@ -147,8 +147,8 @@
     <security.db.datasource.authenticationQuery>select password from ${security.db.datasource.schema}.users where lower(email) = lower(?)</security.db.datasource.authenticationQuery>
     <use.single.connect.datasource.for.testing>true</use.single.connect.datasource.for.testing>
 
-    <security.googleIap.cloudProjectId></security.googleIap.cloudProjectId>
-    <security.googleIap.backendServiceId></security.googleIap.backendServiceId>
+    <security.googleIap.cloudProjectId/>
+    <security.googleIap.backendServiceId/>
     <security.google.accessToken.enabled>false</security.google.accessToken.enabled>
 
     <security.cors.enabled>true</security.cors.enabled>
@@ -157,15 +157,15 @@
     <security.duration.increment>10</security.duration.increment>
 
     <security.saml.enabled>false</security.saml.enabled>
-    <security.saml.entityId></security.saml.entityId>
-    <security.saml.idpMetadataLocation></security.saml.idpMetadataLocation>
-    <security.saml.keyManager.keyStoreFile></security.saml.keyManager.keyStoreFile>
-    <security.saml.keyManager.storePassword></security.saml.keyManager.storePassword>
-    <security.saml.keyManager.defaultKey></security.saml.keyManager.defaultKey>
-    <security.saml.keyManager.passwords.arachnenetwork></security.saml.keyManager.passwords.arachnenetwork>
-    <security.saml.metadataLocation></security.saml.metadataLocation>
-    <security.saml.callbackUrl></security.saml.callbackUrl>
-    <security.saml.sloUrl></security.saml.sloUrl>
+    <security.saml.entityId/>
+    <security.saml.idpMetadataLocation/>
+    <security.saml.keyManager.keyStoreFile/>
+    <security.saml.keyManager.storePassword/>
+    <security.saml.keyManager.defaultKey/>
+    <security.saml.keyManager.passwords.arachnenetwork/>
+    <security.saml.metadataLocation/>
+    <security.saml.callbackUrl/>
+    <security.saml.sloUrl/>
     <security.saml.maximumAuthenticationLifetime>60</security.saml.maximumAuthenticationLifetime>
 
     <security.auth.windows.enabled>true</security.auth.windows.enabled>
@@ -189,9 +189,9 @@
 
     <!-- EMBEDDED SERVER CONFIGURATION (ServerProperties) -->
     <server.port>8080</server.port>
-    <server.ssl.key-store></server.ssl.key-store>
-    <server.ssl.key-store-password></server.ssl.key-store-password>
-    <server.ssl.key-password></server.ssl.key-password>
+    <server.ssl.key-store/>
+    <server.ssl.key-store-password/>
+    <server.ssl.key-password/>
     <server.servlet.context-path>/WebAPI</server.servlet.context-path>
 
     <arachne.version>1.17.2</arachne.version>
@@ -201,14 +201,14 @@
     <execution.status.period>10000</execution.status.period>
     <executionengine.url>https://localhost:8888/api/v1/analyze</executionengine.url>
     <executionengine.token>Basic YWRtaW5Ab2R5c3NldXNpbmMuY29tOnBhc3N3b3Jk</executionengine.token>
-    <executionengine.resultExclusions></executionengine.resultExclusions>
+    <executionengine.resultExclusions/>
     <executionengine.updateStatusCallback>http://localhost:8080/WebAPI/executionservice/callbacks/submission/{id}/status/update/{password}</executionengine.updateStatusCallback>
     <executionengine.resultCallback>http://localhost:8080/WebAPI/executionservice/callbacks/submission/{id}/result/{password}</executionengine.resultCallback>
     <analysis.result.zipVolumeSizeMb>100</analysis.result.zipVolumeSizeMb>
 
     <!-- PASSWORD ENCRYPTION -->
     <jasypt.encryptor.enabled>false</jasypt.encryptor.enabled>
-    <jasypt.encryptor.password></jasypt.encryptor.password>
+    <jasypt.encryptor.password/>
     <jasypt.encryptor.algorithm>PBEWithMD5AndDES</jasypt.encryptor.algorithm>
                 
     <!-- ORGANIZATION SETTINGS -->
@@ -233,8 +233,8 @@
     <spring.batch.taskExecutor.corePoolSize>10</spring.batch.taskExecutor.corePoolSize>
     <spring.batch.taskExecutor.maxPoolSize>20</spring.batch.taskExecutor.maxPoolSize>
     <spring.batch.taskExecutor.queueCapacity>2147483647</spring.batch.taskExecutor.queueCapacity>
-    <spring.batch.taskExecutor.threadGroupName></spring.batch.taskExecutor.threadGroupName>
-    <spring.batch.taskExecutor.threadNamePrefix></spring.batch.taskExecutor.threadNamePrefix>
+    <spring.batch.taskExecutor.threadGroupName/>
+    <spring.batch.taskExecutor.threadNamePrefix/>
 
     <!-- Sensitive Info settings -->
     <sensitiveinfo.admin.role>admin</sensitiveinfo.admin.role>