CCD-5196 Changes made to resolve CVE (#147)

* Changes made to resolve CVE

* Resolved Spring Boot CVE

---------

Co-authored-by: shahir-ali <[email protected]>

Author: Chris-Hodgson-HMCTS

build.gradle

@@ -61,6 +61,13 @@ configurations {
   smokeTestRuntimeOnly.extendsFrom runtimeOnly
 }
 
+//configurations.all {
+//  resolutionStrategy.dependencySubstitution {
+//    substitute module("ch.qos.logback:logback-classic:1.2.12") with project('ch.qos.logback:logback-classic:1.3.14')
+//    substitute module("ch.qos.logback:logback-core:1.2.12") with project('ch.qos.logback:logback-core:1.3.14')
+//  }
+//}
+
 tasks.withType(JavaCompile) {
   options.compilerArgs << "-Xlint:unchecked" << "-Werror"
 }
@@ -181,6 +188,7 @@ dependencies {
 
   implementation("org.springframework.cloud:spring-cloud-starter-bootstrap")
   implementation group: 'org.springframework.boot', name: 'spring-boot-starter-actuator'
+
   implementation group: 'org.springframework.boot', name: 'spring-boot-starter-aop'
   implementation group: 'org.springframework.boot', name: 'spring-boot-starter-json'
   implementation group: 'org.springframework', name: 'spring-context-support'
@@ -266,8 +274,9 @@ wrapper {
 
 configurations.all {
   exclude group: 'org.bouncycastle', module: 'bcprov-jdk15on'
-  exclude group: 'org.springframework.boot', module: 'spring-boot-starter-security'
+  exclude group: 'org.springframework.boot', module: 'spring-boot-starter-logging'
   exclude group: 'org.springframework.security', module: 'spring-security-rsa'
+  exclude group: 'ch.qos.logback', module: 'logback-classic'
 }
 
 test {

config/owasp/suppressions.xml

@@ -3,7 +3,6 @@
     <notes>Temporary Suppression
         CVE-2023-34055 refer [Ticket]
         CVE-2023-35116 refer [Ticket]
-        CVE-2023-6481 refer [Ticket]
     </notes>
     <cve>CVE-2023-34055</cve>
     <cve>CVE-2023-35116</cve>