Merge pull request #241 from Cosmo-Tech/DSE/further_upgrades_PROD-14136

Dse/further upgrades prod 14136

Author: sellisd

build.gradle.kts

@@ -7,11 +7,12 @@ import org.gradle.kotlin.dsl.implementation
 plugins {
   val kotlinVersion = "1.9.23"
   kotlin("jvm") version kotlinVersion
-  id("com.diffplug.spotless") version "6.22.0"
-  id("org.springframework.boot") version "3.3.6" apply false
-  id("io.gitlab.arturbosch.detekt") version "1.23.6"
+  id("com.diffplug.spotless") version "6.25.0"
+  id("org.springframework.boot") version "3.4.1" apply false
+  id("io.gitlab.arturbosch.detekt") version "1.23.7"
   id("pl.allegro.tech.build.axion-release") version "1.15.5"
   id("org.jetbrains.kotlinx.kover") version "0.7.6"
+  id("project-report")
   `maven-publish`
   // Apply the java-library plugin for API and implementation separation.
   `java-library`
@@ -84,12 +85,10 @@ configure<SpotlessExtension> {
     licenseHeader(licenseHeaderComment)
   }
   kotlin {
-    ktfmt("0.41")
     target("**/*.kt")
     licenseHeader(licenseHeaderComment)
   }
   kotlinGradle {
-    ktfmt("0.41")
     target("**/*.kts")
     //      licenseHeader(licenseHeaderComment, "import")
   }
@@ -150,33 +149,41 @@ tasks.test { useJUnitPlatform() }
 
 // Required versions
 val jacksonVersion = "2.15.3"
-val springWebVersion = "6.1.16"
-val springBootVersion = "3.3.6"
+val springWebVersion = "6.2.1"
+val springBootVersion = "3.4.1"
 
 // Implementation
-val swaggerParserVersion = "2.1.22"
+val swaggerParserVersion = "2.1.24"
 val hashidsVersion = "1.0.3"
 val springOauthAutoConfigureVersion = "2.6.8"
 val springSecurityJwtVersion = "1.1.1.RELEASE"
 val springDocVersion = "2.5.0"
-val springOauthVersion = "6.2.2"
+val springOauthVersion = "6.4.2"
 val servletApiVersion = "6.0.0"
-val oktaSpringBootVersion = "3.0.5"
+val oktaSpringBootVersion = "3.0.7"
 val tikaVersion = "2.9.1"
 val redisOMVersion = "0.9.1"
 val kotlinCoroutinesCoreVersion = "1.8.1"
 
 // Checks
-val detektVersion = "1.23.6"
+val detektVersion = "1.23.7"
 
 // Tests
 val jUnitBomVersion = "5.10.0"
-val mockkVersion = "1.13.8"
-val awaitilityKVersion = "4.2.0"
+val mockkVersion = "1.13.13"
+val awaitilityKVersion = "4.2.2"
 val testcontainersRedis = "1.6.4"
 
 dependencies {
-  implementation(platform(org.springframework.boot.gradle.plugin.SpringBootPlugin.BOM_COORDINATES))
+  implementation(platform(org.springframework.boot.gradle.plugin.SpringBootPlugin.BOM_COORDINATES)) {
+    constraints {
+      implementation("io.lettuce:lettuce-core:6.5.1.RELEASE") {
+        because("spring boot 3.4.1 depends on  lettuce-core 6.4.1.RELEASE which has vulnerability" +
+                " https://github.com/advisories/GHSA-q4h9-7rxj-7gx which was fixed in 6.5.1.RELEASE")
+      }
+    }
+  } 
+
 
   detekt("io.gitlab.arturbosch.detekt:detekt-cli:$detektVersion")
   detekt("io.gitlab.arturbosch.detekt:detekt-formatting:$detektVersion")

gradle/wrapper/gradle-wrapper.jar

@@ -1,5 +1,7 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.8-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.11.1-bin.zip
+networkTimeout=10000
+validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists

gradle/wrapper/gradle-wrapper.properties

@@ -55,7 +55,7 @@
 #       Darwin, MinGW, and NonStop.
 #
 #   (3) This script is generated from the Groovy template
-#       https://github.com/gradle/gradle/blob/master/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
+#       https://github.com/gradle/gradle/blob/HEAD/platforms/jvm/plugins-application/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
 #       within the Gradle project.
 #
 #       You can find Gradle at https://github.com/gradle/gradle/.
@@ -80,13 +80,11 @@ do
     esac
 done
 
-APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit
-
-APP_NAME="Gradle"
+# This is normally unused
+# shellcheck disable=SC2034
 APP_BASE_NAME=${0##*/}
-
-# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
-DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
+# Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
+APP_HOME=$( cd "${APP_HOME:-./}" > /dev/null && pwd -P ) || exit
 
 # Use the maximum available, or set MAX_FD != -1 to use that value.
 MAX_FD=maximum
@@ -133,22 +131,29 @@ location of your Java installation."
     fi
 else
     JAVACMD=java
-    which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+    if ! command -v java >/dev/null 2>&1
+    then
+        die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
 
 Please set the JAVA_HOME variable in your environment to match the
 location of your Java installation."
+    fi
 fi
 
 # Increase the maximum file descriptors if we can.
 if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
     case $MAX_FD in #(
       max*)
+        # In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked.
+        # shellcheck disable=SC2039,SC3045
         MAX_FD=$( ulimit -H -n ) ||
             warn "Could not query maximum file descriptor limit"
     esac
     case $MAX_FD in  #(
       '' | soft) :;; #(
       *)
+        # In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked.
+        # shellcheck disable=SC2039,SC3045
         ulimit -n "$MAX_FD" ||
             warn "Could not set maximum file descriptor limit to $MAX_FD"
     esac
@@ -193,18 +198,28 @@ if "$cygwin" || "$msys" ; then
     done
 fi
 
-# Collect all arguments for the java command;
-#   * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of
-#     shell script including quotes and variable substitutions, so put them in
-#     double quotes to make sure that they get re-expanded; and
-#   * put everything else in single quotes, so that it's not re-expanded.
+
+# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
+
+# Collect all arguments for the java command:
+#   * DEFAULT_JVM_OPTS, JAVA_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to contain shell fragments,
+#     and any embedded shellness will be escaped.
+#   * For example: A user cannot expect ${Hostname} to be expanded, as it is an environment variable and will be
+#     treated as '${Hostname}' itself on the command line.
 
 set -- \
         "-Dorg.gradle.appname=$APP_BASE_NAME" \
         -classpath "$CLASSPATH" \
         org.gradle.wrapper.GradleWrapperMain \
         "$@"
 
+# Stop when "xargs" is not available.
+if ! command -v xargs >/dev/null 2>&1
+then
+    die "xargs is not available"
+fi
+
 # Use "xargs" to parse quoted args.
 #
 # With -n1 it outputs one arg per line, with the quotes and backslashes removed.

gradlew

@@ -14,7 +14,7 @@
 @rem limitations under the License.
 @rem
 
-@if "%DEBUG%" == "" @echo off
+@if "%DEBUG%"=="" @echo off
 @rem ##########################################################################
 @rem
 @rem  Gradle startup script for Windows
@@ -25,7 +25,8 @@
 if "%OS%"=="Windows_NT" setlocal
 
 set DIRNAME=%~dp0
-if "%DIRNAME%" == "" set DIRNAME=.
+if "%DIRNAME%"=="" set DIRNAME=.
+@rem This is normally unused
 set APP_BASE_NAME=%~n0
 set APP_HOME=%DIRNAME%
 
@@ -40,13 +41,13 @@ if defined JAVA_HOME goto findJavaFromJavaHome
 
 set JAVA_EXE=java.exe
 %JAVA_EXE% -version >NUL 2>&1
-if "%ERRORLEVEL%" == "0" goto execute
+if %ERRORLEVEL% equ 0 goto execute
 
-echo.
-echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
+echo. 1>&2
+echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 1>&2
+echo. 1>&2
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
+echo location of your Java installation. 1>&2
 
 goto fail
 
@@ -56,11 +57,11 @@ set JAVA_EXE=%JAVA_HOME%/bin/java.exe
 
 if exist "%JAVA_EXE%" goto execute
 
-echo.
-echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
+echo. 1>&2
+echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 1>&2
+echo. 1>&2
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
+echo location of your Java installation. 1>&2
 
 goto fail
 
@@ -75,13 +76,15 @@ set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
 
 :end
 @rem End local scope for the variables with windows NT shell
-if "%ERRORLEVEL%"=="0" goto mainEnd
+if %ERRORLEVEL% equ 0 goto mainEnd
 
 :fail
 rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
 rem the _cmd.exe /c_ return code!
-if  not "" == "%GRADLE_EXIT_CONSOLE%" exit 1
-exit /b 1
+set EXIT_CODE=%ERRORLEVEL%
+if %EXIT_CODE% equ 0 set EXIT_CODE=1
+if not ""=="%GRADLE_EXIT_CONSOLE%" exit %EXIT_CODE%
+exit /b %EXIT_CODE%
 
 :mainEnd
 if "%OS%"=="Windows_NT" endlocal

gradlew.bat

@@ -45,6 +45,7 @@ open class CsmApiConfiguration {
 @Order(Ordered.HIGHEST_PRECEDENCE)
 open class CsmPlatformEnvironmentPostProcessor : EnvironmentPostProcessor {
   private val log = DeferredLog()
+
   override fun postProcessEnvironment(
       environment: ConfigurableEnvironment,
       application: SpringApplication

src/main/kotlin/com/cosmotech/api/config/CsmApiConfiguration.kt

@@ -114,6 +114,7 @@ data class CsmPlatformProperties(
     ) {
       data class CsmStorageUser(val username: String, val password: String)
     }
+
     data class CsmEventBus(
         /** Define if current API use event bus within internal result data service or not */
         val enabled: Boolean = true,
@@ -236,6 +237,7 @@ data class CsmPlatformProperties(
       /** Base Loki url */
       val baseUrl: String = "http://loki.default.svc.cluster.local:3100",
   )
+
   data class Argo(
       /** Argo service base Uri */
       val baseUri: String,

src/main/kotlin/com/cosmotech/api/config/CsmPlatformProperties.kt

@@ -244,8 +244,7 @@ open class CsmRbac(
   internal fun getUserRole(rbacSecurity: RbacSecurity, user: String): String {
     return rbacSecurity.accessControlList
         .firstOrNull { it.id.lowercase() == user.lowercase() }
-        ?.role
-        ?: rbacSecurity.default
+        ?.role ?: rbacSecurity.default
   }
 
   internal fun getAdminCount(rbacSecurity: RbacSecurity, rolesDefinition: RolesDefinition): Int {

src/main/kotlin/com/cosmotech/api/rbac/CsmRbac.kt

@@ -112,6 +112,7 @@ class ApiKeyAuthentication(
   init {
     this.isAuthenticated = true
   }
+
   override fun getCredentials(): Any? {
     return null
   }

src/main/kotlin/com/cosmotech/api/security/filters/ApiKeyAuthenticationFilter.kt

@@ -146,6 +146,7 @@ class KeycloakJwtGrantedAuthoritiesConverter(
 ) : Converter<Jwt, Collection<GrantedAuthority>> {
 
   private val logger = LoggerFactory.getLogger(KeycloakJwtGrantedAuthoritiesConverter::class.java)
+
   override fun convert(jwt: Jwt): Collection<GrantedAuthority> {
     val extractAuthorities = mutableListOf<GrantedAuthority>()
     extractAuthorities.addAll(