From 72fb44abf756528f294d72826980e51eb96586dc Mon Sep 17 00:00:00 2001
From: Sander van der Heijden <sander.van.der.heijden@alliander.com>
Date: Thu, 3 Oct 2024 12:56:03 +0200
Subject: [PATCH 1/4] FDP-2665 ~ Updates dependencies

Signed-off-by: Sander van der Heijden <sander.van.der.heijden@alliander.com>
---
 build.gradle.kts    | 10 +++++-----
 settings.gradle.kts |  8 ++++----
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/build.gradle.kts b/build.gradle.kts
index b779d68..84865ae 100644
--- a/build.gradle.kts
+++ b/build.gradle.kts
@@ -4,10 +4,10 @@ import org.jetbrains.kotlin.gradle.dsl.KotlinJvmProjectExtension
 import java.net.URI
 
 plugins {
-    id("io.spring.dependency-management") version "1.1.5" apply false
-    kotlin("jvm") version "2.0.0" apply false
-    kotlin("plugin.spring") version "2.0.0" apply false
-    id("org.sonarqube") version "5.0.0.4638"
+    id("io.spring.dependency-management") version "1.1.6" apply false
+    kotlin("jvm") version "2.0.20" apply false
+    kotlin("plugin.spring") version "2.0.20" apply false
+    id("org.sonarqube") version "5.1.0.4882"
 }
 
 sonar {
@@ -41,7 +41,7 @@ subprojects {
 
     extensions.configure<StandardDependencyManagementExtension> {
         imports {
-            mavenBom("org.springframework.boot:spring-boot-dependencies:3.3.1")
+            mavenBom("org.springframework.boot:spring-boot-dependencies:3.3.4")
         }
     }
 
diff --git a/settings.gradle.kts b/settings.gradle.kts
index 48245e0..d724383 100644
--- a/settings.gradle.kts
+++ b/settings.gradle.kts
@@ -4,7 +4,7 @@
 
 
 plugins {
-    id("org.gradle.toolchains.foojay-resolver-convention") version "0.7.0"
+    id("org.gradle.toolchains.foojay-resolver-convention") version "0.8.0"
 }
 
 rootProject.name = "gxf-java-utilities"
@@ -17,15 +17,15 @@ include("kafka-message-signing")
 dependencyResolutionManagement {
     versionCatalogs {
         create("libs") {
-            version("avro", "1.11.3")
-            version("msal4j", "1.16.1")
+            version("avro", "1.12.0")
+            version("msal4j", "1.17.2")
 
             library("avro", "org.apache.avro", "avro").versionRef("avro")
             library("msal", "com.microsoft.azure", "msal4j").versionRef("msal4j")
         }
 
         create("testLibs") {
-            version("mockitoKotlin", "5.1.0")
+            version("mockitoKotlin", "5.4.0")
             version("mockServer", "5.15.0")
 
             library("mockitoKotlin", "org.mockito.kotlin", "mockito-kotlin").versionRef("mockitoKotlin")

From 9027e723bea9f3413efddcd9ccb2e3b00e3d7c23 Mon Sep 17 00:00:00 2001
From: Sander van der Heijden <sander.van.der.heijden@alliander.com>
Date: Thu, 3 Oct 2024 14:38:11 +0200
Subject: [PATCH 2/4] FDP-2665 ~ Adds task for viewing all dependencies

Signed-off-by: Sander van der Heijden <sander.van.der.heijden@alliander.com>
---
 build.gradle.kts | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/build.gradle.kts b/build.gradle.kts
index 84865ae..cac74e0 100644
--- a/build.gradle.kts
+++ b/build.gradle.kts
@@ -59,6 +59,8 @@ subprojects {
         }
     }
 
+    tasks.register<DependencyReportTask>("dependenciesAll"){ group = "help" }
+
     tasks.withType<Test> {
         useJUnitPlatform()
     }

From 2174b8499d8b836896af96c12e7aefa064dab7ee Mon Sep 17 00:00:00 2001
From: Sander van der Heijden <sander.van.der.heijden@alliander.com>
Date: Thu, 3 Oct 2024 14:57:51 +0200
Subject: [PATCH 3/4] FDP-2665 ~ Adds description to task

Signed-off-by: Sander van der Heijden <sander.van.der.heijden@alliander.com>
---
 build.gradle.kts | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/build.gradle.kts b/build.gradle.kts
index 7fc49aa..86b9bf9 100644
--- a/build.gradle.kts
+++ b/build.gradle.kts
@@ -95,7 +95,10 @@ subprojects {
         }
     }
 
-    tasks.register<DependencyReportTask>("dependenciesAll"){ group = "help" }
+    tasks.register<DependencyReportTask>("dependenciesAll"){
+        description = "Displays all dependencies declared in all sub projects"
+        group = "help"
+    }
 
     tasks.withType<Test> {
         useJUnitPlatform()

From e9d21167c771a05b8469720c2431747d4f45eb54 Mon Sep 17 00:00:00 2001
From: Sander van der Heijden <sander.van.der.heijden@alliander.com>
Date: Thu, 3 Oct 2024 18:07:13 +0200
Subject: [PATCH 4/4] FDP-2665 ~ Fixes CVEs by adding  exclusions

Signed-off-by: Sander van der Heijden <sander.van.der.heijden@alliander.com>
---
 oauth-token-client/build.gradle.kts | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/oauth-token-client/build.gradle.kts b/oauth-token-client/build.gradle.kts
index 145d1e7..e1334ef 100644
--- a/oauth-token-client/build.gradle.kts
+++ b/oauth-token-client/build.gradle.kts
@@ -19,7 +19,12 @@ testing {
             dependencies {
                 implementation(project())
                 implementation("org.springframework.boot:spring-boot-starter-test")
-                implementation(testLibs.mockServer)
+                implementation(testLibs.mockServer) {
+                    // CVE fixes
+                    exclude(group = "org.bouncycastle", module = "bcpkix-jdk18on")
+                    exclude(group = "org.bouncycastle", module = "bcprov-jdk18on")
+                    exclude(group = "org.bouncycastle", module = "bcutil-jdk18on")
+                }
             }
         }
     }