diff --git a/.github/workflows/build_test_package.yml b/.github/workflows/build_test_package.yml index ae39dcb19..666c6fc58 100644 --- a/.github/workflows/build_test_package.yml +++ b/.github/workflows/build_test_package.yml @@ -22,18 +22,18 @@ jobs: if: github.event_name != 'pull_request_target' steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Set up JDK - uses: actions/setup-java@v4 + uses: actions/setup-java@v5 with: distribution: 'temurin' java-version: '21' - name: Setup Gradle - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@v5 with: - gradle-version: '8.12' + gradle-version: '8.14' cache-disabled: true - name: Build with Gradle @@ -376,25 +376,25 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: # Fetch all tags since Gradle project version is built upon SCM fetch-depth: 0 - name: Set up JDK - uses: actions/setup-java@v4 + uses: actions/setup-java@v5 with: distribution: "temurin" java-version: "21" - name: Retrieve branch or tag name id: refvar - run: echo "::set-output name=gitRefName::${GITHUB_REF#refs/*/}" + run: echo "gitRefName=${GITHUB_REF#refs/*/}" >> "${GITHUB_OUTPUT}" - name: Setup Gradle - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@v5 with: - gradle-version: '8.12' + gradle-version: '8.14' cache-disabled: true - name: Build local Container Image for scanning @@ -404,7 +404,7 @@ jobs: -Djib.to.image=com.cosmotech/cosmotech-api:${{ github.sha }} - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@0.28.0 + uses: aquasecurity/trivy-action@0.35.0 id: scan # Add TRIVY_DB_REPOSITORY due to ratelimit issue # https://github.com/aquasecurity/trivy-action/issues/389 @@ -423,20 +423,20 @@ jobs: output: "trivy-results.sarif" - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@v4 with: sarif_file: "trivy-results.sarif" - name: Archive container image scan report if: ${{ always() }} - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v6 with: name: container-image-scan-report path: "trivy-results.sarif" retention-days: 3 - name: Login to GitHub Container Registry - uses: docker/login-action@v3.3.0 + uses: docker/login-action@v3.6.0 if: ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/') }} with: registry: ghcr.io diff --git a/build.gradle.kts b/build.gradle.kts index 53844e2cc..bcfdc30ca 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -39,7 +39,7 @@ plugins { kotlin("plugin.spring") version kotlinVersion apply false id("pl.allegro.tech.build.axion-release") version "1.18.18" id("com.diffplug.spotless") version "7.0.3" - id("org.springframework.boot") version "3.4.9" apply false + id("org.springframework.boot") version "3.5.13" apply false id("project-report") id("org.owasp.dependencycheck") version "12.1.0" id("com.github.jk1.dependency-license-report") version "2.9" @@ -59,7 +59,7 @@ version = scmVersion.version // Dependencies version val kotlinJvmTarget = 21 val cosmotechApiCommonVersion = "2.0.4" -val redisOmSpringVersion = "0.9.10" +val redisOmSpringVersion = "0.9.11" val kotlinCoroutinesVersion = "1.10.2" val oktaSpringBootVersion = "3.0.7" val springDocVersion = "2.8.12" @@ -125,11 +125,9 @@ allprojects { configurations { all { resolutionStrategy { - force("com.redis.om:redis-om-spring:0.9.10") - force("com.google.code.gson:gson:2.13.1") - force("io.netty:netty-handler:4.2.4.Final") - force("ch.qos.logback:logback-core:1.5.20") - force("org.springframework.security:spring-security-core:6.5.5") + force("com.redis.om:redis-om-spring:0.9.11") + force("redis.clients:jedis:5.2.0") + force("com.redis:lettucemod:4.3.0") } } } @@ -280,9 +278,7 @@ subprojects { implementation("org.jetbrains.kotlinx:kotlinx-coroutines-core:$kotlinCoroutinesVersion") implementation( - platform(org.springframework.boot.gradle.plugin.SpringBootPlugin.BOM_COORDINATES)) { - constraints { implementation("org.springframework:spring-core:6.2.12") } - } + platform(org.springframework.boot.gradle.plugin.SpringBootPlugin.BOM_COORDINATES)) implementation("org.springframework.boot:spring-boot-starter-actuator") implementation("io.micrometer:micrometer-registry-prometheus") @@ -290,7 +286,11 @@ subprojects { exclude(group = "org.springframework.boot", module = "spring-boot-starter-tomcat") } implementation("org.springframework.boot:spring-boot-starter-undertow") { - constraints { implementation("io.undertow:undertow-core:2.3.20.Final") } + constraints { + implementation("io.undertow:undertow-core:2.3.24.Final") + implementation("io.undertow:undertow-servlet:2.3.24.Final") + implementation("io.undertow:undertow-websockets-jsr:2.3.24.Final") + } } implementation("com.fasterxml.jackson.module:jackson-module-kotlin:$jacksonModuleKotlinVersion") // https://mvnrepository.com/artifact/jakarta.validation/jakarta.validation-api @@ -308,7 +308,9 @@ subprojects { implementation("org.apache.commons:commons-csv:$commonsCsvVersion") implementation("com.redis.om:redis-om-spring:${redisOmSpringVersion}") - implementation("org.springframework.data:spring-data-redis") + implementation("org.springframework.data:spring-data-redis") { + exclude(group = "redis.clients", module = "jedis") + } implementation("org.springframework:spring-jdbc") implementation("org.postgresql:postgresql")