diff --git a/build.gradle b/build.gradle index 20d16ce..7dc2fba 100644 --- a/build.gradle +++ b/build.gradle @@ -3,14 +3,14 @@ import com.github.benmanes.gradle.versions.updates.DependencyUpdatesTask plugins { id 'org.springframework.boot' version "${springBootVersion}" id 'java' - id "org.cyclonedx.bom" version "1.7.4" - id "org.owasp.dependencycheck" version "8.4.0" - id "com.github.ben-manes.versions" version "0.49.0" + id "org.cyclonedx.bom" version "1.10.0" + id "org.owasp.dependencycheck" version "11.1.0" + id "com.github.ben-manes.versions" version "0.51.0" } apply plugin: 'io.spring.dependency-management' group 'de.novatec' -version '2.2' +version '2.3' java { sourceCompatibility = '17' @@ -28,31 +28,23 @@ test { // current version due to existing CVEs. // According to https://github.com/spring-projects/spring-boot/issues/34405 // this is a safe -ext['snakeyaml.version'] = '2.0' +ext['snakeyaml.version'] = '2.3' dependencies { - annotationProcessor( - "org.projectlombok:lombok" - ) - - compileOnly( - "org.projectlombok:lombok" - ) + annotationProcessor("org.projectlombok:lombok:${lombokVersion}") + compileOnly("org.projectlombok:lombok:${lombokVersion}") implementation( "org.springframework.boot:spring-boot-starter-web", "org.springframework.boot:spring-boot-starter-actuator", "org.hibernate.validator:hibernate-validator", - "org.apache.commons:commons-math3:3.6.1", - "org.apache.commons:commons-text:1.10.0", + "org.apache.commons:commons-math3:${commonsMath3Version}", + "org.apache.commons:commons-text:${commonsTextVersion}", - // If indluxdb-java is updated, check new version of the transitive dependency okio-jvm - // If there is a higher new version, remove the dependency override of okio-jvm "org.influxdb:influxdb-java:${influxdbJavaVersion}", - // Override transitive dependency with newer version, due to security concerns - "com.squareup.okio:okio-jvm:${okioJvmVersion}" ) testImplementation( + "org.springframework.boot:spring-boot-starter-test", "org.junit.jupiter:junit-jupiter", "org.assertj:assertj-core" ) @@ -66,6 +58,10 @@ dependencyCheck { enabled = true } } + nvd { + apiKey = System.getenv("NVD_API_TOKEN") + delay = 10000 + } } def isNonStable = { String candidate -> diff --git a/gradle.properties b/gradle.properties index 46670f4..2e6ae5d 100644 --- a/gradle.properties +++ b/gradle.properties @@ -1,7 +1,9 @@ # Spring Boot -springBootVersion=3.1.4 +springBootVersion=3.3.5 -# If indluxdb-java is updated, check new version of the transitive dependency okio-jvm -# If there is a higher new version, remove the dependency override of okio-jvm -influxdbJavaVersion=2.23 -okioJvmVersion=3.5.0 +influxdbJavaVersion=2.24 + +commonsMath3Version=3.6.1 +commonsTextVersion=1.12.0 + +lombokVersion=1.18.36 diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties index 744c64d..21d5e09 100644 --- a/gradle/wrapper/gradle-wrapper.properties +++ b/gradle/wrapper/gradle-wrapper.properties @@ -1,6 +1,6 @@ distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists -distributionUrl=https\://services.gradle.org/distributions/gradle-8.4-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-8.11-bin.zip networkTimeout=10000 zipStoreBase=GRADLE_USER_HOME zipStorePath=wrapper/dists diff --git a/src/test/java/de/novatec/baselining/ApplicationTest.java b/src/test/java/de/novatec/baselining/ApplicationTest.java new file mode 100644 index 0000000..9cc5a6b --- /dev/null +++ b/src/test/java/de/novatec/baselining/ApplicationTest.java @@ -0,0 +1,13 @@ +package de.novatec.baselining; + +import org.junit.jupiter.api.Test; +import org.springframework.boot.test.context.SpringBootTest; + +@SpringBootTest +public class ApplicationTest { + + @Test + void contextLoads() { + System.out.println("Spring context loads"); + } +}