From 250f9f3c61435038b8ee5c17054e68fce8fdbb3f Mon Sep 17 00:00:00 2001 From: Ben Lang <132359359+lang-ben@users.noreply.github.com> Date: Thu, 17 Jul 2025 14:26:32 +0100 Subject: [PATCH 1/9] CCD-6618 : Reduce unnecessary dependencies --- build.gradle | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/build.gradle b/build.gradle index 534b136..99cf3dd 100644 --- a/build.gradle +++ b/build.gradle @@ -189,12 +189,9 @@ ext { dependencies { // start::CVE Vulnerability dependency overrides // MAIN PARENT DEPENDEDNCY - implementation group: 'commons-fileupload', name: 'commons-fileupload', version: '1.6.0' // idam-java-client - implementation group: 'commons-io', name: 'commons-io', version: '2.19.0' // idam-java-client - implementation group: 'org.apache.logging.log4j', name: 'log4j-api', version: log4JVersion // spring-cloud-starter-bootstrap - implementation group: 'org.apache.logging.log4j', name: 'log4j-to-slf4j', version: log4JVersion // spring-cloud-starter-bootstrap - testImplementation group: 'org.mockito', name: 'mockito-junit-jupiter', version:'5.15.2' // spring-boot-starter-test + // put CVE vulnerability (sub)dependency overrides here e.g. + // implementation group: 'com.example', name: 'example-lib', version: '1.2.3' // end::CVE Vulnerability dependency overrides // MAIN PARENT DEPENDEDNCY @@ -214,7 +211,7 @@ dependencies { implementation group: 'org.springdoc', name: 'springdoc-openapi-starter-webmvc-ui', version: '2.8.9' // HMCTS - implementation group: 'com.github.hmcts', name: 'ccd-client', version: '5.1.1' + implementation group: 'com.github.hmcts', name: 'core-case-data-store-client', version: '5.1.1' implementation group: 'com.github.hmcts', name: 'idam-java-client', version: '3.0.4' implementation group: 'com.github.hmcts', name: 'service-auth-provider-java-client', version: '5.3.3' implementation group: 'com.github.hmcts.java-logging', name: 'logging', version: '6.1.9' From 637b253bdf2ab3b27e31df05dbc77c468da2ec3f Mon Sep 17 00:00:00 2001 From: Ben Lang <132359359+lang-ben@users.noreply.github.com> Date: Mon, 11 Aug 2025 17:25:53 +0100 Subject: [PATCH 2/9] sonar skipJreProvisioning --- build.gradle | 1 + 1 file changed, 1 insertion(+) diff --git a/build.gradle b/build.gradle index 8778a4c..c08d650 100644 --- a/build.gradle +++ b/build.gradle @@ -132,6 +132,7 @@ sonarqube { properties { property "sonar.projectName", "ccd-case-migration-starter" property "sonar.projectKey", "ccd-case-migration-starter" + property "sonar.scanner.skipJreProvisioning", true property "sonar.exclusions", "**/exception/*.java,**/domain/*.java,**/common/*.java,**/migration/auth/AuthTokenGeneratorConfiguration.java,**/migration/CaseMigrationRunner.java,**/ccd/HttpMessageConverterConfiguration.java" property "sonar.coverage.jacoco.xmlReportPaths", "${project.buildDir}/reports/jacoco/test/jacocoTestReport.xml" } From e7d73cbc4e57d82d322ae7fea4c66ab9085a7909 Mon Sep 17 00:00:00 2001 From: Ben Lang <132359359+lang-ben@users.noreply.github.com> Date: Mon, 11 Aug 2025 17:30:34 +0100 Subject: [PATCH 3/9] rollback sonar --- build.gradle | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/build.gradle b/build.gradle index c08d650..eb6fe8f 100644 --- a/build.gradle +++ b/build.gradle @@ -8,7 +8,7 @@ plugins { id 'io.freefair.lombok' version '8.14' id 'io.spring.dependency-management' version '1.1.7' id 'org.owasp.dependencycheck' version '12.1.3' - id 'org.sonarqube' version '6.2.0.5505' + id 'org.sonarqube' version '6.0.1.5171' id 'org.springframework.boot' version '3.5.4' id 'uk.gov.hmcts.java' version '0.12.67' } @@ -132,7 +132,6 @@ sonarqube { properties { property "sonar.projectName", "ccd-case-migration-starter" property "sonar.projectKey", "ccd-case-migration-starter" - property "sonar.scanner.skipJreProvisioning", true property "sonar.exclusions", "**/exception/*.java,**/domain/*.java,**/common/*.java,**/migration/auth/AuthTokenGeneratorConfiguration.java,**/migration/CaseMigrationRunner.java,**/ccd/HttpMessageConverterConfiguration.java" property "sonar.coverage.jacoco.xmlReportPaths", "${project.buildDir}/reports/jacoco/test/jacocoTestReport.xml" } From b6562863b8a4f0e12f27f69a41aaab7c65344b4a Mon Sep 17 00:00:00 2001 From: Ben Lang <132359359+lang-ben@users.noreply.github.com> Date: Wed, 17 Sep 2025 16:54:27 +0100 Subject: [PATCH 4/9] latest versions --- build.gradle | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/build.gradle b/build.gradle index eb6fe8f..319eb6c 100644 --- a/build.gradle +++ b/build.gradle @@ -5,11 +5,11 @@ plugins { id 'java' id 'com.github.ben-manes.versions' version '0.51.0' // 52 is bugged id 'com.github.kt3k.coveralls' version '2.12.2' - id 'io.freefair.lombok' version '8.14' + id 'io.freefair.lombok' version '8.14.2' id 'io.spring.dependency-management' version '1.1.7' id 'org.owasp.dependencycheck' version '12.1.3' - id 'org.sonarqube' version '6.0.1.5171' - id 'org.springframework.boot' version '3.5.4' + id 'org.sonarqube' version '6.3.1.5724' + id 'org.springframework.boot' version '3.5.5' id 'uk.gov.hmcts.java' version '0.12.67' } @@ -166,8 +166,8 @@ repositories { ext { set('springCloudVersion', '2025.0.0') - set('spring-framework.version', '6.2.9') - set('spring-security.version', '6.5.2') + set('spring-framework.version', '6.2.11') + set('spring-security.version', '6.5.3') set('jackson.version', '2.18.2') set('snakeyaml.version', '2.3') log4JVersion = '2.25.1' @@ -207,7 +207,7 @@ dependencies { implementation group: 'org.springframework.security', name: 'spring-security-oauth2-jose' implementation group: 'org.springframework.security', name: 'spring-security-oauth2-core' implementation group: 'org.springframework.security', name: 'spring-security-config' - implementation group: 'org.springdoc', name: 'springdoc-openapi-starter-webmvc-ui', version: '2.8.9' + implementation group: 'org.springdoc', name: 'springdoc-openapi-starter-webmvc-ui', version: '2.8.13' // HMCTS implementation group: 'com.github.hmcts', name: 'core-case-data-store-client', version: '5.1.1' @@ -217,7 +217,7 @@ dependencies { testImplementation libraries.junit5 testImplementation group: 'com.github.hmcts', name: 'fortify-client', version: '1.4.10', classifier: 'all' - testImplementation group: 'io.rest-assured', name: 'rest-assured', version: '5.5.5' + testImplementation group: 'io.rest-assured', name: 'rest-assured', version: '5.5.6' testImplementation group: 'org.springframework.boot', name: 'spring-boot-starter-test' testImplementation group: 'org.springframework.cloud', name: 'spring-cloud-starter-contract-stub-runner', version: '4.3.0' From d699848ab05eb9c5943d7a89494daadb6ece37a9 Mon Sep 17 00:00:00 2001 From: Ben Lang <132359359+lang-ben@users.noreply.github.com> Date: Thu, 18 Sep 2025 09:44:48 +0100 Subject: [PATCH 5/9] attempt to fix sonar issue --- build.gradle | 1 + 1 file changed, 1 insertion(+) diff --git a/build.gradle b/build.gradle index 319eb6c..4a9c842 100644 --- a/build.gradle +++ b/build.gradle @@ -134,6 +134,7 @@ sonarqube { property "sonar.projectKey", "ccd-case-migration-starter" property "sonar.exclusions", "**/exception/*.java,**/domain/*.java,**/common/*.java,**/migration/auth/AuthTokenGeneratorConfiguration.java,**/migration/CaseMigrationRunner.java,**/ccd/HttpMessageConverterConfiguration.java" property "sonar.coverage.jacoco.xmlReportPaths", "${project.buildDir}/reports/jacoco/test/jacocoTestReport.xml" + property "sonar.scanner.skipJreProvisioning", "true" } } From bdfc46385096df088f9c06f28f1e3530c728c757 Mon Sep 17 00:00:00 2001 From: Ben Lang <132359359+lang-ben@users.noreply.github.com> Date: Thu, 18 Sep 2025 11:29:21 +0100 Subject: [PATCH 6/9] second sonar fix --- build.gradle | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/build.gradle b/build.gradle index 4a9c842..60559de 100644 --- a/build.gradle +++ b/build.gradle @@ -138,6 +138,21 @@ sonarqube { } } + +// Configure JVM arguments for SonarQube to handle SSL truststore issues +tasks.named('sonarqube') { + doFirst { + jvmArgs = [ + '-Dcom.sun.net.ssl.checkRevocation=false', + '-Dtrust_all_cert=true', + '--add-opens', 'java.base/java.lang=ALL-UNNAMED', + '--add-opens', 'java.base/java.nio=ALL-UNNAMED', + '--add-opens', 'java.base/sun.nio.ch=ALL-UNNAMED', + '--add-opens', 'java.management/sun.management=ALL-UNNAMED' + ] + } +} + // before committing a change, make sure task still works dependencyUpdates { def isNonStable = { String version -> From 84c71d59cbc6a4aae950bd9a6b0aeedfdb56b2cf Mon Sep 17 00:00:00 2001 From: Ben Lang <132359359+lang-ben@users.noreply.github.com> Date: Thu, 18 Sep 2025 11:44:43 +0100 Subject: [PATCH 7/9] sonar fix remove coveralls conflict --- build.gradle | 20 +++----------------- 1 file changed, 3 insertions(+), 17 deletions(-) diff --git a/build.gradle b/build.gradle index 60559de..36ab9ee 100644 --- a/build.gradle +++ b/build.gradle @@ -4,7 +4,7 @@ plugins { id 'jacoco' id 'java' id 'com.github.ben-manes.versions' version '0.51.0' // 52 is bugged - id 'com.github.kt3k.coveralls' version '2.12.2' + // id 'com.github.kt3k.coveralls' version '2.12.2' id 'io.freefair.lombok' version '8.14.2' id 'io.spring.dependency-management' version '1.1.7' id 'org.owasp.dependencycheck' version '12.1.3' @@ -134,22 +134,8 @@ sonarqube { property "sonar.projectKey", "ccd-case-migration-starter" property "sonar.exclusions", "**/exception/*.java,**/domain/*.java,**/common/*.java,**/migration/auth/AuthTokenGeneratorConfiguration.java,**/migration/CaseMigrationRunner.java,**/ccd/HttpMessageConverterConfiguration.java" property "sonar.coverage.jacoco.xmlReportPaths", "${project.buildDir}/reports/jacoco/test/jacocoTestReport.xml" - property "sonar.scanner.skipJreProvisioning", "true" - } -} - - -// Configure JVM arguments for SonarQube to handle SSL truststore issues -tasks.named('sonarqube') { - doFirst { - jvmArgs = [ - '-Dcom.sun.net.ssl.checkRevocation=false', - '-Dtrust_all_cert=true', - '--add-opens', 'java.base/java.lang=ALL-UNNAMED', - '--add-opens', 'java.base/java.nio=ALL-UNNAMED', - '--add-opens', 'java.base/sun.nio.ch=ALL-UNNAMED', - '--add-opens', 'java.management/sun.management=ALL-UNNAMED' - ] + property "sonar.scanner.skipJreProvisioning", true + property "sonar.scanner.skipSystemTruststore", true } } From 46d20f8e39b32d5b8cebf22d02687d95d2ccb580 Mon Sep 17 00:00:00 2001 From: Ben Lang <132359359+lang-ben@users.noreply.github.com> Date: Thu, 18 Sep 2025 12:05:10 +0100 Subject: [PATCH 8/9] put back coveralls to see if that was infact the issue --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 36ab9ee..4ce98c1 100644 --- a/build.gradle +++ b/build.gradle @@ -4,7 +4,7 @@ plugins { id 'jacoco' id 'java' id 'com.github.ben-manes.versions' version '0.51.0' // 52 is bugged - // id 'com.github.kt3k.coveralls' version '2.12.2' + id 'com.github.kt3k.coveralls' version '2.12.2' id 'io.freefair.lombok' version '8.14.2' id 'io.spring.dependency-management' version '1.1.7' id 'org.owasp.dependencycheck' version '12.1.3' From 4573ca0642f494f7e4dea8bb8d3ff979ee48b1c1 Mon Sep 17 00:00:00 2001 From: Ben Lang <132359359+lang-ben@users.noreply.github.com> Date: Thu, 18 Sep 2025 12:09:22 +0100 Subject: [PATCH 9/9] apply only the coverall change --- build.gradle | 3 --- 1 file changed, 3 deletions(-) diff --git a/build.gradle b/build.gradle index 4ce98c1..6981524 100644 --- a/build.gradle +++ b/build.gradle @@ -4,7 +4,6 @@ plugins { id 'jacoco' id 'java' id 'com.github.ben-manes.versions' version '0.51.0' // 52 is bugged - id 'com.github.kt3k.coveralls' version '2.12.2' id 'io.freefair.lombok' version '8.14.2' id 'io.spring.dependency-management' version '1.1.7' id 'org.owasp.dependencycheck' version '12.1.3' @@ -134,8 +133,6 @@ sonarqube { property "sonar.projectKey", "ccd-case-migration-starter" property "sonar.exclusions", "**/exception/*.java,**/domain/*.java,**/common/*.java,**/migration/auth/AuthTokenGeneratorConfiguration.java,**/migration/CaseMigrationRunner.java,**/ccd/HttpMessageConverterConfiguration.java" property "sonar.coverage.jacoco.xmlReportPaths", "${project.buildDir}/reports/jacoco/test/jacocoTestReport.xml" - property "sonar.scanner.skipJreProvisioning", true - property "sonar.scanner.skipSystemTruststore", true } }