diff --git a/.github/node-cve-ignore-list.xml b/.github/node-cve-ignore-list.xml index fbf9371b..247ab847 100644 --- a/.github/node-cve-ignore-list.xml +++ b/.github/node-cve-ignore-list.xml @@ -1,3 +1,7 @@ + + Erroneously reporting CVE-2024-6484 and CVE-2024-6531 + bootstrap:bootstrap:5.3.3 + diff --git a/account-service/build.gradle b/account-service/build.gradle index aff90687..30992ab5 100644 --- a/account-service/build.gradle +++ b/account-service/build.gradle @@ -7,8 +7,8 @@ plugins { id 'java' - id 'org.springframework.boot' version '3.3.1' - id 'io.spring.dependency-management' version '1.1.5' + id 'org.springframework.boot' version '3.3.3' + id 'io.spring.dependency-management' version '1.1.6' } group = 'finos.traderx.account-service' @@ -23,7 +23,7 @@ dependencies { implementation 'org.springframework.boot:spring-boot-starter-data-jpa' implementation 'org.springframework.boot:spring-boot-starter-web' implementation 'com.h2database:h2:2.2.224' - implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.5.0' + implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.6.0' testImplementation 'org.springframework.boot:spring-boot-starter-test' } diff --git a/account-service/src/main/resources/application.properties b/account-service/src/main/resources/application.properties index fc3965c2..d282fbe2 100644 --- a/account-service/src/main/resources/application.properties +++ b/account-service/src/main/resources/application.properties @@ -7,6 +7,7 @@ spring.datasource.password=${DATABASE_DBPASS:sa} spring.data.jpa.database-platform=org.hibernate.dialect.H2Dialect spring.data.jpa.show-sql=true spring.jpa.hibernate.naming.physical-strategy=org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl +spring.threads.virtual.enabled=true # To avoid "Request header is too large" when application is backed by oidc proxy. server.max-http-request-header-size=1000000 diff --git a/position-service/build.gradle b/position-service/build.gradle index 6887063b..b0f12475 100644 --- a/position-service/build.gradle +++ b/position-service/build.gradle @@ -7,8 +7,8 @@ plugins { id 'java' - id 'org.springframework.boot' version '3.3.1' - id 'io.spring.dependency-management' version '1.1.5' + id 'org.springframework.boot' version '3.3.3' + id 'io.spring.dependency-management' version '1.1.6' } group = 'finos.traderx.position-service' @@ -23,7 +23,7 @@ dependencies { implementation 'org.springframework.boot:spring-boot-starter-data-jpa' implementation 'org.springframework.boot:spring-boot-starter-web' implementation 'com.h2database:h2:2.2.224' - implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.5.0' + implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.6.0' testImplementation 'org.springframework.boot:spring-boot-starter-test' } diff --git a/position-service/src/main/resources/application.properties b/position-service/src/main/resources/application.properties index cb9a53d9..c1ab0aa9 100644 --- a/position-service/src/main/resources/application.properties +++ b/position-service/src/main/resources/application.properties @@ -7,6 +7,7 @@ spring.datasource.password=${DATABASE_DBPASS:sa} spring.data.jpa.database-platform=org.hibernate.dialect.H2Dialect spring.data.jpa.show-sql=true spring.jpa.hibernate.naming.physical-strategy=org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl +spring.threads.virtual.enabled=true # To avoid "Request header is too large" when application is backed by oidc proxy. server.max-http-request-header-size=1000000 diff --git a/trade-processor/build.gradle b/trade-processor/build.gradle index 3f8ef935..154555b2 100644 --- a/trade-processor/build.gradle +++ b/trade-processor/build.gradle @@ -7,8 +7,8 @@ plugins { id 'java' - id 'org.springframework.boot' version '3.3.1' - id 'io.spring.dependency-management' version '1.1.5' + id 'org.springframework.boot' version '3.3.3' + id 'io.spring.dependency-management' version '1.1.6' } group = 'finos.traderx.trade-processor' @@ -23,7 +23,7 @@ dependencies { implementation 'org.springframework.boot:spring-boot-starter-data-jpa' implementation 'org.springframework.boot:spring-boot-starter-web' implementation 'com.h2database:h2:2.2.224' - implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.5.0' + implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.6.0' implementation('org.json:json:20240303') { because 'previous versions are affected by multiple CVE' diff --git a/trade-processor/src/main/resources/application.properties b/trade-processor/src/main/resources/application.properties index 6796fd36..15a75653 100644 --- a/trade-processor/src/main/resources/application.properties +++ b/trade-processor/src/main/resources/application.properties @@ -9,6 +9,7 @@ spring.data.jpa.show-sql=true spring.jpa.hibernate.ddl-auto=update spring.jpa.hibernate.naming.physical-strategy=org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl +spring.threads.virtual.enabled=true trade.feed.address=${TRADE_FEED_ADDRESS:http://${TRADE_FEED_HOST:localhost}:18086} diff --git a/trade-service/build.gradle b/trade-service/build.gradle index 4a009dd5..ac3b4293 100644 --- a/trade-service/build.gradle +++ b/trade-service/build.gradle @@ -7,8 +7,8 @@ plugins { id 'java' - id 'org.springframework.boot' version '3.3.1' - id 'io.spring.dependency-management' version '1.1.5' + id 'org.springframework.boot' version '3.3.3' + id 'io.spring.dependency-management' version '1.1.6' } group = 'finos.traderx.trade-service' @@ -27,7 +27,7 @@ dependencies { implementation 'org.springframework.boot:spring-boot-starter-data-jpa' implementation 'org.springframework.boot:spring-boot-starter-web' implementation 'com.h2database:h2:2.2.224' - implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.5.0' + implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.6.0' implementation('org.json:json:20240303') { because 'previous versions are affected by multiple CVE' diff --git a/trade-service/src/main/resources/application.properties b/trade-service/src/main/resources/application.properties index e9077b34..39499fb0 100644 --- a/trade-service/src/main/resources/application.properties +++ b/trade-service/src/main/resources/application.properties @@ -1,4 +1,6 @@ server.port=${TRADING_SERVICE_PORT:18092} +spring.threads.virtual.enabled=true + people.service.url=${PEOPLE_SERVICE_URL:http://${PEOPLE_SERVICE_HOST:localhost}:18089} account.service.url=${ACCOUNT_SERVICE_URL:http://${ACCOUNT_SERVICE_HOST:localhost}:18088} reference.data.service.url=${REFERENCE_DATA_SERVICE_URL:http://${REFERENCE_DATA_HOST:localhost}:18085}