hmcts
diff --git a/‎build.gradle‎
Lines changed: 65 additions & 103 deletions b/‎build.gradle‎
Lines changed: 65 additions & 103 deletions
diff --git a/‎config/owasp/suppressions.xml‎
Lines changed: 0 additions & 8 deletions b/‎config/owasp/suppressions.xml‎
Lines changed: 0 additions & 8 deletions
diff --git a/‎gradle/wrapper/gradle-wrapper.jar‎
-19.3 KB b/‎gradle/wrapper/gradle-wrapper.jar‎
-19.3 KB
diff --git a/‎gradle/wrapper/gradle-wrapper.properties‎
Lines changed: 1 addition & 1 deletion b/‎gradle/wrapper/gradle-wrapper.properties‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎gradlew‎
Lines changed: 13 additions & 9 deletions b/‎gradlew‎
Lines changed: 13 additions & 9 deletions
diff --git a/‎gradlew.bat‎
Lines changed: 12 additions & 10 deletions b/‎gradlew.bat‎
Lines changed: 12 additions & 10 deletions
@@ -3,12 +3,13 @@ plugins {
   id 'checkstyle'
   id 'jacoco'
   id 'java'
-  id "io.freefair.lombok" version "8.10.2"
-  id 'io.spring.dependency-management' version '1.1.0'
-  id 'org.springframework.boot' version '2.7.18'
-  id 'com.github.kt3k.coveralls' version '2.12.2'
   id 'com.github.ben-manes.versions' version '0.51.0'
-  id 'org.sonarqube' version '5.1.0.4882'
+  id 'com.github.kt3k.coveralls' version '2.12.2'
+  id 'io.freefair.lombok' version '8.12'
+  id 'io.spring.dependency-management' version '1.1.7'
+  id 'org.owasp.dependencycheck' version '11.1.1'
+  id 'org.sonarqube' version '6.0.1.5171'
+  id 'org.springframework.boot' version '3.4.1'
   id 'uk.gov.hmcts.java' version '0.12.63'
 }
 
@@ -21,6 +22,10 @@ java {
   }
 }
 
+application {
+  mainClass = 'uk.gov.hmcts.ccd.casemigration.CaseMigrationRunner'
+}
+
 sourceSets {
   functionalTest {
     java {
@@ -61,13 +66,6 @@ configurations {
   smokeTestRuntimeOnly.extendsFrom runtimeOnly
 }
 
-//configurations.all {
-//  resolutionStrategy.dependencySubstitution {
-//    substitute module("ch.qos.logback:logback-classic:1.2.12") with project('ch.qos.logback:logback-classic:1.3.14')
-//    substitute module("ch.qos.logback:logback-core:1.2.12") with project('ch.qos.logback:logback-core:1.3.14')
-//  }
-//}
-
 tasks.withType(JavaCompile) {
   options.compilerArgs << "-Xlint:unchecked" << "-Werror"
 }
@@ -85,10 +83,6 @@ tasks.withType(Test) {
   }
 }
 
-test {
-  failFast = true
-}
-
 task functional(type: Test) {
   description = "Runs functional tests"
   group = "Verification"
@@ -139,7 +133,7 @@ sonarqube {
     property "sonar.projectName", "ccd-case-migration-starter"
     property "sonar.projectKey", "ccd-case-migration-starter"
     property "sonar.exclusions", "**/exception/*.java,**/domain/*.java,**/common/*.java,**/migration/auth/AuthTokenGeneratorConfiguration.java,**/migration/CaseMigrationRunner.java,**/ccd/HttpMessageConverterConfiguration.java"
-    property "sonar.coverage.jacoco.xmlReportPaths", "${jacocoTestReport.reports.xml.outputLocation}"
+    property "sonar.coverage.jacoco.xmlReportPaths", "${project.buildDir}/reports/jacoco/test/jacocoTestReport.xml"
   }
 }
 
@@ -164,102 +158,76 @@ dependencyCheck {
 repositories {
   mavenLocal()
   mavenCentral()
-  maven { url 'https://jitpack.io' }
+  maven { url = 'https://jitpack.io' }
 }
 
 ext {
-  log4JVersion = "2.20.0"
-  restAssuredVersion = '4.3.0!!'
-  lombokVersion = "1.18.34"
-  junit_version = "4.12"
-  junitJupiterVersion = '5.9.3'
-  junitVintageVersion = '5.9.3'
-  powermockVersion = '2.0.9'
-  springSecurity   =  '5.8.15'
-  springCloudVersion = '2021.0.7'
+  set('springCloudVersion', '2024.0.0')
+  set('spring-framework.version', '6.2.1')
+  set('spring-security.version', '6.4.2')
+  set('jackson.version', '2.18.2')
+  set('snakeyaml.version', '2.3')
+  log4JVersion = '2.24.3'
+  junitVersion = '5.11.4'
+  junitPlatform = '1.11.4'
+
+  libraries = [
+    junit5: [
+      "org.junit.jupiter:junit-jupiter-api:${junitVersion}",
+      "org.junit.jupiter:junit-jupiter-engine:${junitVersion}",
+      "org.junit.jupiter:junit-jupiter-params:${junitVersion}",
+      "org.junit.platform:junit-platform-commons:${junitPlatform}",
+      "org.junit.platform:junit-platform-engine:${junitPlatform}",
+      "org.apiguardian:apiguardian-api:1.1.2"
+    ]
+  ]
 }
 
-ext['jackson.version'] = '2.16.0'
-ext['snakeyaml.version'] = '2.0'
-ext['spring-security.version'] = '5.8.15'
-
 dependencies {
-  //implementation group: 'com.nimbusds', name: 'nimbus-jose-jwt', version: '9.37.2' //Fix for CVE-2023-52428
-
-  implementation("org.springframework.cloud:spring-cloud-starter-bootstrap")
-  implementation group: 'org.springframework.boot', name: 'spring-boot-starter-actuator'
-
-  implementation group: 'org.springframework.boot', name: 'spring-boot-starter-aop'
-  implementation group: 'org.springframework.boot', name: 'spring-boot-starter-json'
-  implementation group: 'org.springframework', name: 'spring-context-support'
-  implementation group: 'com.github.hmcts', name: 'idam-java-client', version: '1.5.5'
-  implementation group: 'com.github.hmcts', name: 'service-auth-provider-java-client', version: '3.1.4'
-  implementation group: 'com.github.hmcts', name: 'core-case-data-store-client', version: '4.9.2'
 
-  testImplementation group: 'org.springframework.boot', name: 'spring-boot-starter-test'
-  testImplementation group: 'com.github.tomakehurst', name: 'wiremock', version: '2.33.2'
+  // start::CVE Vulnerability dependency overrides                                                    // MAIN PARENT DEPENDEDNCY
+  implementation group: 'commons-fileupload', name: 'commons-fileupload', version: '1.5'              // idam-java-client
+  implementation group: 'commons-io', name: 'commons-io', version: '2.17.0'                           // idam-java-client
+  implementation group: 'org.apache.logging.log4j', name: 'log4j-api', version: log4JVersion          // spring-cloud-starter-bootstrap
+  implementation group: 'org.apache.logging.log4j', name: 'log4j-to-slf4j', version: log4JVersion     // spring-cloud-starter-bootstrap
 
-  implementation group: 'org.springdoc', name: 'springdoc-openapi-ui', version: '1.7.0'
+  testImplementation group: 'org.mockito', name: 'mockito-junit-jupiter', version:'5.15.2'            // spring-boot-starter-test
 
-  implementation group: 'com.github.hmcts.java-logging', name: 'logging', version: '6.0.1'
-  implementation group: 'ch.qos.logback', name: 'logback-classic', version: '1.5.6'
-  implementation group: 'ch.qos.logback', name: 'logback-core', version: '1.5.6'
+  // end::CVE Vulnerability dependency overrides                                                      // MAIN PARENT DEPENDEDNCY
 
-  implementation group: 'org.apache.logging.log4j', name: 'log4j-api', version: log4JVersion
-  implementation group: 'org.apache.logging.log4j', name: 'log4j-to-slf4j', version: log4JVersion
-  testImplementation group: 'io.rest-assured', name: 'rest-assured', version: '4.5.1'
+  // SPRING
+  implementation group: 'org.springframework', name: 'spring-context-support'
+  implementation group: 'org.springframework.boot', name: 'spring-boot-starter-actuator'
 
+  implementation group: 'org.springframework.boot', name: 'spring-boot-starter-aop'
+  implementation group: 'org.springframework.boot', name: 'spring-boot-starter-json'
+  implementation group: 'org.springframework.cloud', name: 'spring-cloud-starter-bootstrap'
+  implementation group: 'org.springframework.security', name: 'spring-security-oauth2-resource-server'
+  implementation group: 'org.springframework.security', name: 'spring-security-oauth2-client'
+  implementation group: 'org.springframework.security', name: 'spring-security-oauth2-jose'
+  implementation group: 'org.springframework.security', name: 'spring-security-oauth2-core'
+  implementation group: 'org.springframework.security', name: 'spring-security-config'
+
+  implementation group: 'org.springdoc', name: 'springdoc-openapi-starter-webmvc-ui', version: '2.8.1'
+
+  // HMCTS
+  implementation group: 'com.github.hmcts', name: 'ccd-client', version: '5.0.3'
+  implementation group: 'com.github.hmcts', name: 'idam-java-client', version: '3.0.3'
+  implementation group: 'com.github.hmcts', name: 'service-auth-provider-java-client', version: '5.2.0'
+  implementation group: 'com.github.hmcts.java-logging', name: 'logging', version: '6.1.6'
+
+  testImplementation libraries.junit5
+  testImplementation group: 'com.github.hmcts', name: 'fortify-client', version: '1.4.6', classifier: 'all'
+  testImplementation group: 'io.rest-assured', name: 'rest-assured', version: '5.5.0'
   testImplementation group: 'org.springframework.boot', name: 'spring-boot-starter-test'
+  testImplementation group: 'org.springframework.cloud', name: 'spring-cloud-starter-contract-stub-runner', version: '4.1.4'
 
-  testImplementation('org.junit.jupiter:junit-jupiter:5.9.3')
-  testImplementation "org.junit.jupiter:junit-jupiter-api:${junitJupiterVersion}"
-  testRuntimeOnly "org.junit.jupiter:junit-jupiter-engine:${junitJupiterVersion}"
-  testRuntimeOnly "org.junit.vintage:junit-vintage-engine:${junitVintageVersion}"
-  testImplementation group:'org.mockito', name: 'mockito-junit-jupiter', version:'3.12.4'
-  testImplementation group: 'org.powermock', name: 'powermock-api-mockito2', version: powermockVersion
-  testImplementation group: 'org.powermock', name: 'powermock-module-junit4', version: powermockVersion
-  testRuntimeOnly "org.junit.platform:junit-platform-commons:1.9.3"
-  implementation group: 'org.projectlombok', name: 'lombok', version: lombokVersion
-  annotationProcessor group: 'org.projectlombok', name: 'lombok', version: lombokVersion
-  testAnnotationProcessor group: 'org.projectlombok', name: 'lombok', version: lombokVersion
-
-  testImplementation 'com.github.hmcts:fortify-client:1.3.0:all'
-
-  implementation group: 'commons-fileupload', name: 'commons-fileupload', version: '1.5'
-  implementation group: 'commons-io', name: 'commons-io', version: '2.12.0'
-  implementation group: 'org.springframework.security', name: 'spring-security-oauth2-resource-server', version: springSecurity
-  implementation group: 'org.springframework.security', name: 'spring-security-oauth2-client', version: springSecurity
-  implementation group: 'org.springframework.security', name: 'spring-security-oauth2-jose', version: springSecurity
-  implementation group: 'org.springframework.security', name: 'spring-security-oauth2-core', version: springSecurity
-  implementation group: 'org.springframework.security', name: 'spring-security-config', version: springSecurity
 }
 
 dependencyManagement {
   imports {
     mavenBom "org.springframework.cloud:spring-cloud-dependencies:${springCloudVersion}"
   }
-
-  dependencies {
-    dependency 'com.google.guava:guava:30.1.1-jre'
-
-    dependencySet(group: 'commons-beanutils', version: '1.9.4') {
-      entry 'commons-beanutils'
-    }
-
-    dependencySet(group: 'io.rest-assured', version: '4.5.1') {
-      entry 'json-path'
-      entry 'xml-path'
-    }
-    dependencySet(group: 'org.codehaus.groovy', version: '3.0.17') {
-      entry 'groovy'
-      entry 'groovy-xml'
-      entry 'groovy-json'
-    }
-  }
-}
-
-application {
-  mainClass = 'uk.gov.hmcts.reform.migration.CaseMigrationRunner'
 }
 
 bootJar {
@@ -272,27 +240,21 @@ wrapper {
     distributionType = Wrapper.DistributionType.ALL
 }
 
-configurations.all {
-  exclude group: 'org.bouncycastle', module: 'bcprov-jdk15on'
-  exclude group: 'org.springframework.boot', module: 'spring-boot-starter-logging'
-  exclude group: 'org.springframework.security', module: 'spring-security-rsa'
-  exclude group: 'ch.qos.logback', module: 'logback-classic'
-}
-
 test {
   timeout = Duration.ofMinutes(30)
   environment("AZURE_APPLICATIONINSIGHTS_INSTRUMENTATIONKEY", "some-key")
   systemProperty 'java.locale.providers', 'COMPAT'
+  failFast = true
 
   useJUnitPlatform()
 
   testLogging {
     events "failed"
-    exceptionFormat "short"
+    exceptionFormat = "short"
 
     debug {
       events "passed", "started", "skipped", "failed"
-      exceptionFormat "full"
+      exceptionFormat = "full"
     }
 
     info.events = ["failed", "skipped"]
 
@@ -1,10 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?><suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
-  <suppress>
-    <notes>
-        CVE-2023-52428 refer [https://tools.hmcts.net/jira/browse/CCD-6285]
-        CVE-2024-38820 refer [https://tools.hmcts.net/jira/browse/CCD-6278]
-    </notes>
-    <cve>CVE-2023-52428</cve>
-    <cve>CVE-2024-38820</cve>
-  </suppress>
 </suppressions>
@@ -1,6 +1,6 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.10.2-all.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.12.1-all.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME
 
@@ -15,6 +15,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
+# SPDX-License-Identifier: Apache-2.0
+#
 
 ##############################################################################
 #
@@ -55,7 +57,7 @@
 #       Darwin, MinGW, and NonStop.
 #
 #   (3) This script is generated from the Groovy template
-#       https://github.com/gradle/gradle/blob/HEAD/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
+#       https://github.com/gradle/gradle/blob/HEAD/platforms/jvm/plugins-application/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
 #       within the Gradle project.
 #
 #       You can find Gradle at https://github.com/gradle/gradle/.
@@ -83,7 +85,9 @@ done
 # This is normally unused
 # shellcheck disable=SC2034
 APP_BASE_NAME=${0##*/}
-APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit
+# Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
+APP_HOME=$( cd -P "${APP_HOME:-./}" > /dev/null && printf '%s
+' "$PWD" ) || exit
 
 # Use the maximum available, or set MAX_FD != -1 to use that value.
 MAX_FD=maximum
@@ -144,15 +148,15 @@ if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
     case $MAX_FD in #(
       max*)
         # In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked.
-        # shellcheck disable=SC3045
+        # shellcheck disable=SC2039,SC3045
         MAX_FD=$( ulimit -H -n ) ||
             warn "Could not query maximum file descriptor limit"
     esac
     case $MAX_FD in  #(
       '' | soft) :;; #(
       *)
         # In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked.
-        # shellcheck disable=SC3045
+        # shellcheck disable=SC2039,SC3045
         ulimit -n "$MAX_FD" ||
             warn "Could not set maximum file descriptor limit to $MAX_FD"
     esac
@@ -201,11 +205,11 @@ fi
 # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
 DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
 
-# Collect all arguments for the java command;
-#   * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of
-#     shell script including quotes and variable substitutions, so put them in
-#     double quotes to make sure that they get re-expanded; and
-#   * put everything else in single quotes, so that it's not re-expanded.
+# Collect all arguments for the java command:
+#   * DEFAULT_JVM_OPTS, JAVA_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to contain shell fragments,
+#     and any embedded shellness will be escaped.
+#   * For example: A user cannot expect ${Hostname} to be expanded, as it is an environment variable and will be
+#     treated as '${Hostname}' itself on the command line.
 
 set -- \
         "-Dorg.gradle.appname=$APP_BASE_NAME" \
 
@@ -13,6 +13,8 @@
 @rem See the License for the specific language governing permissions and
 @rem limitations under the License.
 @rem
+@rem SPDX-License-Identifier: Apache-2.0
+@rem
 
 @if "%DEBUG%"=="" @echo off
 @rem ##########################################################################
@@ -43,11 +45,11 @@ set JAVA_EXE=java.exe
 %JAVA_EXE% -version >NUL 2>&1
 if %ERRORLEVEL% equ 0 goto execute
 
-echo.
-echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
+echo. 1>&2
+echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 1>&2
+echo. 1>&2
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
+echo location of your Java installation. 1>&2
 
 goto fail
 
@@ -57,11 +59,11 @@ set JAVA_EXE=%JAVA_HOME%/bin/java.exe
 
 if exist "%JAVA_EXE%" goto execute
 
-echo.
-echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
+echo. 1>&2
+echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 1>&2
+echo. 1>&2
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
+echo location of your Java installation. 1>&2
 
 goto fail