Reduce api CVE 4 2 2

.github/workflows/build_test_package.yml

@@ -22,18 +22,18 @@ jobs:
     if: github.event_name != 'pull_request_target'
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
       - name: Set up JDK
-        uses: actions/setup-java@v4
+        uses: actions/setup-java@v5
         with:
           distribution: 'temurin'
           java-version: '21'
 
       - name: Setup Gradle
-        uses: gradle/actions/setup-gradle@v4
+        uses: gradle/actions/setup-gradle@v5
         with:
-          gradle-version: '8.12'
+          gradle-version: '8.14'
           cache-disabled: true
 
       - name: Build with Gradle
@@ -376,25 +376,25 @@ jobs:
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
         with:
           # Fetch all tags since Gradle project version is built upon SCM
           fetch-depth: 0
 
       - name: Set up JDK
-        uses: actions/setup-java@v4
+        uses: actions/setup-java@v5
         with:
           distribution: "temurin"
           java-version: "21"
 
       - name: Retrieve branch or tag name
         id: refvar
-        run: echo "::set-output name=gitRefName::${GITHUB_REF#refs/*/}"
+        run: echo "gitRefName=${GITHUB_REF#refs/*/}" >> "${GITHUB_OUTPUT}"
 
       - name: Setup Gradle
-        uses: gradle/actions/setup-gradle@v4
+        uses: gradle/actions/setup-gradle@v5
         with:
-          gradle-version: '8.12'
+          gradle-version: '8.14'
           cache-disabled: true
 
       - name: Build local Container Image for scanning
@@ -404,7 +404,7 @@ jobs:
             -Djib.to.image=com.cosmotech/cosmotech-api:${{ github.sha }}
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@0.28.0
+        uses: aquasecurity/trivy-action@0.35.0
         id: scan
         # Add TRIVY_DB_REPOSITORY due to ratelimit issue
         # https://github.com/aquasecurity/trivy-action/issues/389
@@ -423,20 +423,20 @@ jobs:
           output: "trivy-results.sarif"
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@v4
         with:
           sarif_file: "trivy-results.sarif"
 
       - name: Archive container image scan report
         if: ${{ always() }}
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v6
         with:
           name: container-image-scan-report
           path: "trivy-results.sarif"
           retention-days: 3
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v3.3.0
+        uses: docker/login-action@v3.6.0
         if: ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/') }}
         with:
           registry: ghcr.io

build.gradle.kts

@@ -39,7 +39,7 @@ plugins {
   kotlin("plugin.spring") version kotlinVersion apply false
   id("pl.allegro.tech.build.axion-release") version "1.18.18"
   id("com.diffplug.spotless") version "7.0.3"
-  id("org.springframework.boot") version "3.4.9" apply false
+  id("org.springframework.boot") version "3.5.13" apply false
   id("project-report")
   id("org.owasp.dependencycheck") version "12.1.0"
   id("com.github.jk1.dependency-license-report") version "2.9"
@@ -59,7 +59,7 @@ version = scmVersion.version
 // Dependencies version
 val kotlinJvmTarget = 21
 val cosmotechApiCommonVersion = "2.0.4"
-val redisOmSpringVersion = "0.9.10"
+val redisOmSpringVersion = "0.9.11"
 val kotlinCoroutinesVersion = "1.10.2"
 val oktaSpringBootVersion = "3.0.7"
 val springDocVersion = "2.8.12"
@@ -125,11 +125,9 @@ allprojects {
   configurations {
     all {
       resolutionStrategy {
-        force("com.redis.om:redis-om-spring:0.9.10")
-        force("com.google.code.gson:gson:2.13.1")
-        force("io.netty:netty-handler:4.2.4.Final")
-        force("ch.qos.logback:logback-core:1.5.20")
-        force("org.springframework.security:spring-security-core:6.5.5")
+        force("com.redis.om:redis-om-spring:0.9.11")
+        force("redis.clients:jedis:5.2.0")
+        force("com.redis:lettucemod:4.3.0")
       }
     }
   }
@@ -280,17 +278,19 @@ subprojects {
     implementation("org.jetbrains.kotlinx:kotlinx-coroutines-core:$kotlinCoroutinesVersion")
 
     implementation(
-        platform(org.springframework.boot.gradle.plugin.SpringBootPlugin.BOM_COORDINATES)) {
-          constraints { implementation("org.springframework:spring-core:6.2.12") }
-        }
+        platform(org.springframework.boot.gradle.plugin.SpringBootPlugin.BOM_COORDINATES))
 
     implementation("org.springframework.boot:spring-boot-starter-actuator")
     implementation("io.micrometer:micrometer-registry-prometheus")
     implementation("org.springframework.boot:spring-boot-starter-web") {
       exclude(group = "org.springframework.boot", module = "spring-boot-starter-tomcat")
     }
     implementation("org.springframework.boot:spring-boot-starter-undertow") {
-      constraints { implementation("io.undertow:undertow-core:2.3.20.Final") }
+      constraints {
+        implementation("io.undertow:undertow-core:2.3.24.Final")
+        implementation("io.undertow:undertow-servlet:2.3.24.Final")
+        implementation("io.undertow:undertow-websockets-jsr:2.3.24.Final")
+      }
     }
     implementation("com.fasterxml.jackson.module:jackson-module-kotlin:$jacksonModuleKotlinVersion")
     // https://mvnrepository.com/artifact/jakarta.validation/jakarta.validation-api
@@ -308,7 +308,9 @@ subprojects {
 
     implementation("org.apache.commons:commons-csv:$commonsCsvVersion")
     implementation("com.redis.om:redis-om-spring:${redisOmSpringVersion}")
-    implementation("org.springframework.data:spring-data-redis")
+    implementation("org.springframework.data:spring-data-redis") {
+      exclude(group = "redis.clients", module = "jedis")
+    }
     implementation("org.springframework:spring-jdbc")
     implementation("org.postgresql:postgresql")