Skip to content

Commit

Permalink
Upgrade spring boot and fix trivy issues
Browse files Browse the repository at this point in the history
  • Loading branch information
@samleeflang
samleeflang committed Dec 1, 2023
1 parent be8c364 commit 89b1a11
Show file tree
Hide file tree
Showing 3 changed files with 3 additions and 26 deletions.
10 changes: 0 additions & 10 deletions .github/workflows/.trivyignore
View file
Original file line number Diff line number Diff line change
@@ -1,10 +0,0 @@
# Nov 22
# Netty issue. Wait for Spring to fix
CVE-2023-34062

# Nov 22
# OpenSSL Issues - need to upgrade alpine
CVE-2023-5363
CVE-2023-5678
CVE-2023-5363
CVE-2023-5678
2 changes: 1 addition & 1 deletion Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,4 +16,4 @@ RUN true
COPY --chown=java:java --from=builder application/application/ ./
USER 1000

ENTRYPOINT ["java", "org.springframework.boot.loader.JarLauncher"]
ENTRYPOINT ["java", "org.springframework.boot.loader.launch.JarLauncher"]
17 changes: 2 additions & 15 deletions pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>3.1.5</version>
<version>3.2.0</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>eu.dissco.core</groupId>
Expand All @@ -21,7 +21,7 @@
<jaxb2-maven-plugin.version>3.1.0</jaxb2-maven-plugin.version>
<jakarta.activation-api.version>2.1.2</jakarta.activation-api.version>
<jakarta.xml.bind-api.version>4.0.1</jakarta.xml.bind-api.version>
<snappy-java.version>1.1.10.5</snappy-java.version>
<logback.version>1.4.12</logback.version>
<mockito-inline.version>5.2.0</mockito-inline.version>
<testcontainers.version>1.19.0</testcontainers.version>
<sonar.organization>dissco</sonar.organization>
Expand Down Expand Up @@ -52,12 +52,6 @@
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
<exclusions>
<exclusion>
<groupId>org.yaml</groupId>
<artifactId>snakeyaml</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
Expand All @@ -80,12 +74,6 @@
<groupId>org.springframework.kafka</groupId>
<artifactId>spring-kafka</artifactId>
</dependency>
<!-- Overwrite kafka client snappy version as it contains high prio security issues (02-10-2023) -->
<dependency>
<groupId>org.xerial.snappy</groupId>
<artifactId>snappy-java</artifactId>
<version>${snappy-java.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-configuration-processor</artifactId>
Expand Down Expand Up @@ -165,7 +153,6 @@
<artifactId>flyway-core</artifactId>
<scope>test</scope>
</dependency>

</dependencies>

<build>
Expand Down

0 comments on commit 89b1a11

Please sign in to comment.