Upgrade vulnerable dependencies (ignoring transitive vulnerabilities), and make code changes to fix build breaks from upgrade

Signed-off-by: Emilie <emilie.robichaud@bny.com>

Author: emilie-robichaud

spring-boot-with-admin/admin/pom.xml

@@ -35,16 +35,16 @@
         <maven.compiler.source>11</maven.compiler.source>
         <maven.compiler.target>11</maven.compiler.target>
 
-        <spring-boot-admin.version>2.6.7</spring-boot-admin.version>
-        <spring-cloud.version>3.1.2</spring-cloud.version>
+        <spring-boot-admin.version>3.4.5</spring-boot-admin.version>
+        <spring-cloud.version>4.2.1</spring-cloud.version>
     </properties>
 
     <dependencyManagement>
         <dependencies>
             <dependency>
                 <groupId>org.springframework.boot</groupId>
                 <artifactId>spring-boot-starter-parent</artifactId>
-                <version>2.6.7</version>
+                <version>3.4.5</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>
@@ -91,5 +91,16 @@
             <artifactId>spring-boot-starter-test</artifactId>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-config</artifactId>
+            <version>6.4.5</version>
+        </dependency>
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>javax.servlet-api</artifactId>
+            <version>4.0.1</version>
+            <scope>provided</scope>
+        </dependency>
     </dependencies>
 </project>

spring-boot-with-admin/admin/src/main/java/bny/training/spring/boot/admin/config/SecurityConfiguration.java

@@ -18,20 +18,23 @@
 
 import de.codecentric.boot.admin.server.config.AdminServerProperties;
 import org.springframework.boot.autoconfigure.security.SecurityProperties;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpMethod;
 import org.springframework.security.config.Customizer;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
 import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 
 import java.util.UUID;
 
 @Configuration(proxyBeanMethods = false)
-public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
+public class SecurityConfiguration {
 
 // TODO: https://codecentric.github.io/spring-boot-admin/current/#_securing_spring_boot_admin_server
 // This configuration is not customized to our apps and provides basic authentication.
@@ -46,17 +49,17 @@ public SecurityConfiguration(AdminServerProperties adminServer, SecurityProperti
         this.security = security;
     }
 
-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
         successHandler.setTargetUrlParameter("redirectTo");
         successHandler.setDefaultTargetUrl(this.adminServer.path("/"));
 
         http.authorizeRequests(
-                        authorizeRequests -> authorizeRequests.antMatchers(this.adminServer.path("/assets/**")).permitAll()
-                                .antMatchers(this.adminServer.path("/actuator/info")).permitAll()
-                                .antMatchers(this.adminServer.path("/actuator/health")).permitAll()
-                                .antMatchers(this.adminServer.path("/login")).permitAll().anyRequest().authenticated()
+                        authorizeRequests -> authorizeRequests.requestMatchers(this.adminServer.path("/assets/**")).permitAll()
+                                .requestMatchers(this.adminServer.path("/actuator/info")).permitAll()
+                                .requestMatchers(this.adminServer.path("/actuator/health")).permitAll()
+                                .requestMatchers(this.adminServer.path("/login")).permitAll().anyRequest().authenticated()
                 ).formLogin(
                         formLogin -> formLogin.loginPage(this.adminServer.path("/login")).successHandler(successHandler).and()
                 ).logout(logout -> logout.logoutUrl(this.adminServer.path("/logout"))).httpBasic(Customizer.withDefaults())
@@ -69,12 +72,17 @@ protected void configure(HttpSecurity http) throws Exception {
                                 new AntPathRequestMatcher(this.adminServer.path("/actuator/**"))
                         ))
                 .rememberMe(rememberMe -> rememberMe.key(UUID.randomUUID().toString()).tokenValiditySeconds(1209600));
+        return http.build();
     }
 
     // Required to provide UserDetailsService for "remember functionality"
-    @Override
-    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-        auth.inMemoryAuthentication().withUser(security.getUser().getName())
-                .password("{noop}" + security.getUser().getPassword()).roles("USER");
+    @Bean
+    protected InMemoryUserDetailsManager userDetailsService() {
+        UserDetails user = User.withDefaultPasswordEncoder()
+                .username(security.getUser().getName())
+                .password(security.getUser().getPassword())
+                .roles("USER")
+                .build();
+        return new InMemoryUserDetailsManager(user);
     }
 }

spring-boot-with-admin/notification/pom.xml

@@ -35,9 +35,8 @@
 		<maven.compiler.source>11</maven.compiler.source>
 		<maven.compiler.target>11</maven.compiler.target>
 
-		<log4j2.version>2.17.1</log4j2.version>
-		<spring-cloud.version>2021.0.0</spring-cloud.version>
-		<swagger2.version>2.6.0</swagger2.version>
+		<log4j2.version>2.24.3</log4j2.version>
+		<spring-cloud.version>2024.0.1</spring-cloud.version>
 	</properties>
 
 	<dependencyManagement>
@@ -52,7 +51,7 @@
 			<dependency>
 				<groupId>org.springframework.boot</groupId>
 				<artifactId>spring-boot-starter-parent</artifactId>
-				<version>2.6.3</version>
+				<version>3.4.5</version>
 				<type>pom</type>
 				<scope>import</scope>
 			</dependency>
@@ -107,7 +106,7 @@
 			<groupId>io.projectreactor</groupId>
 			<artifactId>reactor-test</artifactId>
 			<scope>test</scope>
-			<version>3.4.18</version>
+			<version>3.7.5</version>
 		</dependency>
 
     </dependencies>

spring-boot-with-admin/registry/pom.xml

@@ -35,15 +35,15 @@
 		<maven.compiler.source>11</maven.compiler.source>
 		<maven.compiler.target>11</maven.compiler.target>
 
-		<spring-cloud.version>2021.0.0</spring-cloud.version>
+		<spring-cloud.version>2024.0.1</spring-cloud.version>
 	</properties>
 
 	<dependencyManagement>
 		<dependencies>
             <dependency>
 				<groupId>org.springframework.boot</groupId>
 				<artifactId>spring-boot-starter-parent</artifactId>
-				<version>2.6.3</version>
+				<version>3.4.5</version>
 				<type>pom</type>
 				<scope>import</scope>
 			</dependency>

spring-boot/todo/pom.xml

@@ -35,18 +35,14 @@
         <maven.compiler.source>11</maven.compiler.source>
         <maven.compiler.target>11</maven.compiler.target>
 
-        <log4j2.version>2.17.1</log4j2.version>
-        <logback-core.version>1.1.7</logback-core.version>
-        <commons-lang3.version>3.11</commons-lang3.version>
+        <log4j2.version>2.24.3</log4j2.version>
+        <logback-core.version>1.5.18</logback-core.version>
+        <commons-lang3.version>3.17.0</commons-lang3.version>
 
-        <swagger2.version>2.6.0</swagger2.version>
+        <springfox.version>3.0.0</springfox.version>
 
-        <jackson.version>2.21.1</jackson.version>
-
-        <dbunit.version>2.7.0</dbunit.version>
+        <dbunit.version>3.0.0</dbunit.version>
         <spring-test-dbunit.version>1.3.0</spring-test-dbunit.version>
-
-        <rest-assured.version>3.0.3</rest-assured.version>
     </properties>
 
     <dependencyManagement>
@@ -61,7 +57,7 @@
             <dependency>
                 <groupId>org.springframework.boot</groupId>
                 <artifactId>spring-boot-starter-parent</artifactId>
-                <version>2.4.2</version>
+                <version>3.4.5</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>
@@ -123,17 +119,17 @@
         <dependency>
             <groupId>io.springfox</groupId>
             <artifactId>springfox-core</artifactId>
-            <version>${swagger2.version}</version>
+            <version>${springfox.version}</version>
         </dependency>
         <dependency>
             <groupId>io.springfox</groupId>
             <artifactId>springfox-swagger2</artifactId>
-            <version>${swagger2.version}</version>
+            <version>${springfox.version}</version>
         </dependency>
         <dependency>
             <groupId>io.springfox</groupId>
             <artifactId>springfox-swagger-ui</artifactId>
-            <version>${swagger2.version}</version>
+            <version>${springfox.version}</version>
         </dependency>
 
         <!-- Embedded database -->
@@ -163,12 +159,12 @@
         <dependency>
             <groupId>io.rest-assured</groupId>
             <artifactId>rest-assured</artifactId>
-            <version>4.3.3</version>
+            <version>5.5.1</version>
         </dependency>
         <dependency>
             <groupId>io.rest-assured</groupId>
             <artifactId>json-path</artifactId>
-            <version>4.3.3</version>
+            <version>5.5.1</version>
         </dependency>
 
         <dependency>
@@ -182,7 +178,23 @@
                 </exclusion>
             </exclusions>
         </dependency>
-
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>servlet-api</artifactId>
+            <version>2.5</version>
+            <scope>compile</scope>
+        </dependency>
+        <dependency>
+            <groupId>jakarta.validation</groupId>
+            <artifactId>jakarta.validation-api</artifactId>
+            <version>2.0.2</version>
+        </dependency>
+        <dependency>
+            <groupId>javax.persistence</groupId>
+            <artifactId>javax.persistence-api</artifactId>
+            <version>2.2</version>
+            <scope>compile</scope>
+        </dependency>
     </dependencies>
 
     <build>

spring-boot/todo/src/test/java/bny/training/spring/boot/todo/AbstractTodoMockSetupTest.java

@@ -25,9 +25,9 @@
 
 import java.util.Arrays;
 
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.ArgumentMatchers.isNull;
-import static org.mockito.Matchers.any;
-import static org.mockito.Matchers.eq;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
 

spring-framework/ch06_spring-jpa/pom.xml

@@ -99,7 +99,7 @@
         <dependency>
             <groupId>org.hibernate</groupId>
             <artifactId>hibernate-entitymanager</artifactId>
-            <version>5.6.15.Final</version>
+            <version>6.0.0.Alpha7</version>
         </dependency>
 
         <!-- H2 DB -->

spring-framework/ch06_spring-jpa/src/main/java/bny/training/spring/framework/dao/ColoredShapeDaoImpl.java

@@ -17,9 +17,10 @@
 package bny.training.spring.framework.dao;
 
 import bny.training.spring.framework.model.ColoredShape;
-import jakarta.persistence.EntityManager;
-import jakarta.persistence.PersistenceContext;
-
+import java.util.Objects;
+import org.hibernate.Session;
+import org.hibernate.SessionFactory;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Repository;
 import org.springframework.transaction.annotation.Propagation;
 import org.springframework.transaction.annotation.Transactional;
@@ -28,24 +29,28 @@
 @Transactional(readOnly = true)
 public class ColoredShapeDaoImpl implements ColoredShapeDao {
 
-    @PersistenceContext
-    private EntityManager em;
+    @Autowired
+    private SessionFactory sessionFactory;
+
+    protected Session getSession() {
 
+        return this.sessionFactory.getCurrentSession();
+    }
 
     @Override
     public ColoredShape findById(final Long id) {
 
-        return (ColoredShape) em
-                .createQuery("SELECT c FROM ColoredShape c WHERE c.id LIKE :id")
-                .setParameter("id", id)
-                .setMaxResults(1)
-                .getResultList().get(0);
+        return getSession().get(ColoredShape.class, id);
     }
 
     @Override
     @Transactional(readOnly = false, propagation = Propagation.REQUIRES_NEW)
     public void save(final ColoredShape coloredShape) {
 
-        em.merge(coloredShape);
+        if (Objects.isNull(getSession().find(ColoredShape.class, coloredShape.getId()))) {
+            getSession().persist(coloredShape);
+        } else {
+            getSession().merge(coloredShape);
+        }
     }
 }

spring-framework/ch08_spring-rest/pom.xml

@@ -106,17 +106,17 @@
         <dependency>
             <groupId>io.springfox</groupId>
             <artifactId>springfox-core</artifactId>
-            <version>${swagger2.version}</version>
+            <version>${springfox.version}</version>
         </dependency>
         <dependency>
             <groupId>io.springfox</groupId>
             <artifactId>springfox-swagger2</artifactId>
-            <version>${swagger2.version}</version>
+            <version>${springfox.version}</version>
         </dependency>
         <dependency>
             <groupId>io.springfox</groupId>
             <artifactId>springfox-swagger-ui</artifactId>
-            <version>${swagger2.version}</version>
+            <version>${springfox.version}</version>
         </dependency>
 
 

spring-framework/pom.xml

@@ -38,21 +38,21 @@
         <maven.compiler.source>17</maven.compiler.source>
         <maven.compiler.target>17</maven.compiler.target>
 
-        <spring-framework.version>6.0.8</spring-framework.version>
-        <spring-data.jpa>3.0.5</spring-data.jpa>
+        <spring-framework.version>6.2.6</spring-framework.version>
+        <spring-data.jpa>3.4.5</spring-data.jpa>
 
-        <junit5.version>5.9.3</junit5.version>
+        <junit5.version>5.12.2</junit5.version>
 
-        <logback.version>1.4.6</logback.version>
+        <logback.version>1.5.18</logback.version>
 
-        <h2-database.version>2.1.214</h2-database.version>
-        <hibernate.version>6.1.7.Final</hibernate.version>
-        <jcl-over-slf4j.version>2.0.5</jcl-over-slf4j.version>
+        <h2-database.version>2.3.232</h2-database.version>
+        <hibernate.version>6.6.13.Final</hibernate.version>
+        <jcl-over-slf4j.version>2.0.17</jcl-over-slf4j.version>
 
-        <jackson.version>2.4.0</jackson.version>
-        <jaxb-api.version>4.0.0</jaxb-api.version>
+        <jackson.version>2.19.0</jackson.version>
+        <jaxb-api.version>4.0.2</jaxb-api.version>
 
-        <swagger2.version>2.6.0</swagger2.version>
+        <springfox.version>3.0.0</springfox.version>
     </properties>
 
     <modules>
@@ -78,7 +78,7 @@
             <dependency>
                 <groupId>jakarta.persistence</groupId>
                 <artifactId>jakarta.persistence-api</artifactId>
-                <version>3.1.0</version>
+                <version>3.2.0</version>
             </dependency>
         </dependencies>
     </dependencyManagement>