VUL-6359 (#1132)

lukasz-wolski · github-actions[bot] · web-flow · commit db94066701c5 · 2026-03-10T09:40:35.000Z
* library updates

- checkstyle 12.2.0
- spring-boot 3.4.10
- pact 4.6.19
- poi 5.5.0
- serenity 4.3.3
- pmd 7.19.0
- postgresql 42.7.7
- azure-messaging-servicebus 7.17.17
- openapi 2.8.10
- wiremock 3.13.2
- spring-cloud-contract-wiremock 4.2.3
-

* poi 4.1.2

* replaced deprecated annotation

* checkstyle

* changed how 'null' value is set in contract tests

* local testcontainers

* local env db config guarded by LOCAL_DB_INTEGRATION

* testcontainers 1.21.4

* spring-cloud 2024.0.0

* removed local env db config guarded by LOCAL_DB_INTEGRATION

* spring-cloud 2024.0.3

* removed resetting generated child ids

* reform logging 8.0.0

* addressed ObjectOptimisticLockingFailureException in
should_update_IdamId_when_reinvite_staff_user_true_in_crd

---------

Co-authored-by: github-actions[bot] &lt;41898282+github-actions[bot]@users.noreply.github.com&gt;
diff --git a/build.gradle b/build.gradle
@@ -12,13 +12,14 @@ plugins {
     id 'idea'
     id 'jacoco'
     id 'pmd'
+    id 'checkstyle'
     id 'com.github.ben-manes.versions' version '0.53.0'
     id "info.solidsoft.pitest" version '1.15.0'
     id 'io.spring.dependency-management' version '1.1.7'
     id 'org.sonarqube' version '7.0.0.6105'
-    id 'org.springframework.boot' version '3.3.7'
+    id 'org.springframework.boot' version '3.4.10'
     id "org.flywaydb.flyway" version '11.14.0'
-    id 'au.com.dius.pact' version '4.6.17'
+    id 'au.com.dius.pact' version '4.6.19'
     id 'org.owasp.dependencycheck' version '12.1.6'
     id 'net.serenity-bdd.serenity-gradle-plugin' version '4.2.34'
 }
@@ -29,11 +30,11 @@ def versions = [
   commonsLang3       : '3.17.0',
   lombok             : '1.18.42',
   reformHealthStarter: '0.0.5',
-  reformLogging      : '6.1.9',
+  reformLogging      : '8.0.0',
   sonarPitest        : '0.5',
   jackson            : '2.18.2',
   junitPitest        : '1.2.1',
-  pact_version       : '4.6.16',
+  pact_version       : '4.6.19',
   launchDarklySdk    : '5.10.9',
   restAssured        : '4.3.3',
   log4j              : '2.25.2',
@@ -43,11 +44,11 @@ def versions = [
   bouncycastle       : '1.82',
   junit              : '5.11.4',
   junitPlatform      : '1.11.4',
-  serenity           : '4.2.34',
+  serenity           : '4.3.3',
 ]
 
 ext {
-  springCloudVersion = '2023.0.6'
+  springCloudVersion = '2024.0.3'
 }
 
 application {
@@ -166,7 +167,12 @@ configurations {
   pactTestRuntime.extendsFrom testRuntime
 }
 
+checkstyle {
+  toolVersion = "12.2.0"
+}
+
 pmd {
+  toolVersion = "7.19.0"
   ignoreFailures = true
   sourceSets = [sourceSets.main, sourceSets.test, sourceSets.integrationTest, sourceSets.functionalTest, sourceSets.smokeTest]
   reportsDir = file("$project.buildDir/reports/pmd")
@@ -389,7 +395,7 @@ dependencies {
   implementation group: 'com.nimbusds', name: 'nimbus-jose-jwt', version: '10.5'
   implementation group: 'org.flywaydb', name: 'flyway-core'
   implementation group: 'org.flywaydb', name: 'flyway-database-postgresql'
-  implementation group: 'org.postgresql', name: 'postgresql'
+  implementation group: 'org.postgresql', name: 'postgresql', version: '42.7.7'
 
   implementation group: 'com.google.guava', name: 'guava', version: '33.5.0-jre'
   implementation group: 'jakarta.el', name: 'jakarta.el-api', version: '6.0.1'
@@ -404,14 +410,14 @@ dependencies {
   implementation group: 'org.apache.logging.log4j', name: 'log4j-to-slf4j', version: versions.log4j
 
   implementation group: 'com.azure', name: 'azure-core', version: '1.57.0'
-  implementation group: 'com.azure', name: 'azure-messaging-servicebus', version: '7.17.15'
+  implementation group: 'com.azure', name: 'azure-messaging-servicebus', version: '7.17.17'
   implementation group: 'com.google.code.gson', name: 'gson', version: '2.13.2'
 
   implementation group: 'io.github.openfeign.form', name: 'feign-form', version: '3.8.0'
   implementation group: 'io.github.openfeign.form', name: 'feign-form-spring', version: '3.8.0'
   implementation "io.github.openfeign:feign-httpclient:13.6"
   implementation "com.github.hmcts.java-logging:logging:${versions.reformLogging}"
-  implementation group: 'org.springdoc', name: 'springdoc-openapi-starter-webmvc-ui', version: '2.6.0'
+  implementation group: 'org.springdoc', name: 'springdoc-openapi-starter-webmvc-ui', version: '2.8.10'
 
   testImplementation group: 'com.github.hmcts', name: 'rd-commons-lib', version: '0.1.3'
 
@@ -438,7 +444,7 @@ dependencies {
   testImplementation group: 'org.testcontainers', name: 'postgresql', version: versions.tc_postgresql
   testImplementation group: 'org.testcontainers', name: 'junit-jupiter', version: versions.tc_postgresql
   testImplementation group: 'org.testcontainers', name: 'testcontainers', version: versions.tc_postgresql
-  testImplementation group: 'org.wiremock', name: 'wiremock', version: '3.13.1'
+  testImplementation group: 'org.wiremock', name: 'wiremock', version: '3.13.2'
   testImplementation ("org.mockito:mockito-core:5.20.0") {
     exclude group: "net.bytebuddy", module: "byte-buddy"
     exclude group: "net.bytebuddy", module: "byte-buddy-agent"
@@ -466,7 +472,7 @@ dependencies {
   testImplementation group: 'com.github.mifmif', name: 'generex', version: '1.0.2'
   testImplementation 'com.github.hmcts:fortify-client:1.4.10:all'
 
-  implementation group: 'org.springframework.cloud', name: 'spring-cloud-contract-wiremock'
+  implementation group: 'org.springframework.cloud', name: 'spring-cloud-contract-wiremock', version: '4.2.3'
 
   testImplementation group: 'org.springframework.boot', name: 'spring-boot-starter-test'
 
@@ -494,6 +500,7 @@ dependencies {
   integrationTestImplementation group: 'org.junit.jupiter', name: 'junit-jupiter-params', version: versions.junit
   integrationTestImplementation group: 'org.junit.platform', name: 'junit-platform-commons', version: versions.junitPlatform
   integrationTestRuntimeOnly group: 'org.junit.platform', name: 'junit-platform-engine', version: versions.junitPlatform
+  integrationTestRuntimeOnly group: 'org.jetbrains.kotlin', name: 'kotlin-reflect'
 
   contractTestImplementation group: 'org.junit.jupiter', name: 'junit-jupiter-api', version: versions.junit
   contractTestRuntimeOnly group: 'org.junit.jupiter', name: 'junit-jupiter-engine', version: versions.junit
diff --git a/src/contractTest/java/uk/gov/hmcts/reform/cwrdapi/CommonDataApiConsumerTest.java b/src/contractTest/java/uk/gov/hmcts/reform/cwrdapi/CommonDataApiConsumerTest.java
@@ -111,10 +111,10 @@ private DslPart createCrdListOfValuesResponse() {
                         .stringType("category_key","HearingChannel")
                         .stringType("key","video")
                         .stringType("value_en","Video")
-                        .stringType("value_cy",null)
-                        .stringType("hint_text_en",null)
-                        .stringType("hint_text_cy",null)
-                        .stringType("parent_category",null)
+                        .nullValue("value_cy")
+                        .nullValue("hint_text_en")
+                        .nullValue("hint_text_cy")
+                        .nullValue("parent_category")
                         .stringType("active_flag","Y")
                 )
         ).build();
diff --git a/src/contractTest/java/uk/gov/hmcts/reform/cwrdapi/JrdUserRequestV1ConsumerTest.java b/src/contractTest/java/uk/gov/hmcts/reform/cwrdapi/JrdUserRequestV1ConsumerTest.java
@@ -219,8 +219,8 @@ private DslPart createJrdFetchProfilesResponse() {
 
     private DslPart createJrdProfileUpdateRequest() {
         return newJsonBody(o -> o
-                .stringType("ccdServiceName", null)
-                .stringType("object_ids", null)
+                .nullValue("ccdServiceName")
+                .nullValue("object_ids")
                 .minArrayLike("sidam_ids", 1,
                         PactDslJsonRootValue.stringType("44362987-4b00-f2e7-4ff8-761b87f16bf9"),1)
         ).build();
@@ -237,7 +237,7 @@ private DslPart createJrdProfileUserRequest() {
     private DslPart createJrdProfileForServiceNameRequest() {
         return newJsonBody(o -> o
                 .stringType("ccdServiceName", "CMC")
-                .stringType("object_ids", null)
+                .nullValue("object_ids")
                 .minArrayLike("sidam_ids", 1,
                         PactDslJsonRootValue.stringType("44362987-4b00-f2e7-4ff8-761b87f16bf9"),1)
         ).build();
diff --git a/src/contractTest/java/uk/gov/hmcts/reform/cwrdapi/JrdUserRequestV2ConsumerTest.java b/src/contractTest/java/uk/gov/hmcts/reform/cwrdapi/JrdUserRequestV2ConsumerTest.java
@@ -227,8 +227,8 @@ private DslPart createJrdProfileSearchRequest() {
 
     private DslPart createJrdProfileUpdateRequest() {
         return newJsonBody(o -> o
-                .stringType("ccdServiceName", null)
-                .stringType("object_ids", null)
+                .nullValue("ccdServiceName")
+                .nullValue("object_ids")
                 .minArrayLike("sidam_ids", 1,
                         PactDslJsonRootValue.stringType("44362987-4b00-f2e7-4ff8-761b87f16bf9"),1)
         ).build();
@@ -237,7 +237,7 @@ private DslPart createJrdProfileUpdateRequest() {
     private DslPart createJrdProfileForServiceNameRequest() {
         return newJsonBody(o -> o
                 .stringType("ccdServiceName", "CMC")
-                .stringType("object_ids", null)
+                .nullValue("object_ids")
                 .minArrayLike("sidam_ids", 1,
                         PactDslJsonRootValue.stringType("44362987-4b00-f2e7-4ff8-761b87f16bf9"),1)
         ).build();
diff --git a/src/contractTest/java/uk/gov/hmcts/reform/cwrdapi/StaffReferenceDataProviderTest.java b/src/contractTest/java/uk/gov/hmcts/reform/cwrdapi/StaffReferenceDataProviderTest.java
@@ -18,9 +18,9 @@
 import org.mockito.InjectMocks;
 import org.mockito.Mock;
 import org.mockito.junit.jupiter.MockitoExtension;
-import org.springframework.boot.test.mock.mockito.MockBean;
 import org.springframework.data.domain.Page;
 import org.springframework.data.domain.PageImpl;
+import org.springframework.test.context.bean.override.mockito.MockitoBean;
 import org.springframework.test.context.junit.jupiter.SpringExtension;
 import uk.gov.hmcts.reform.cwrdapi.client.domain.RoleAdditionResponse;
 import uk.gov.hmcts.reform.cwrdapi.client.domain.UserProfileResponse;
@@ -119,7 +119,7 @@ public class StaffReferenceDataProviderTest {
     @Mock
     private CaseWorkerWorkAreaRepository caseWorkerWorkAreaRepository;
 
-    @MockBean
+    @MockitoBean
     private LocationReferenceDataFeignClient locationReferenceDataFeignClient;
 
 
@@ -142,7 +142,7 @@ public class StaffReferenceDataProviderTest {
 
     @InjectMocks
     private StaffRefDataServiceImpl staffRefDataServiceImpl;
-    @MockBean
+    @MockitoBean
     private UserProfileFeignClient userProfileFeignClient;
     @Mock
     StaffProfileCreateUpdateUtil staffProfileCreateUpdateUtil;
diff --git a/src/integrationTest/java/uk/gov/hmcts/reform/cwrdapi/service/ValidationServiceFacadeImplTest.java b/src/integrationTest/java/uk/gov/hmcts/reform/cwrdapi/service/ValidationServiceFacadeImplTest.java
@@ -8,9 +8,9 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.autoconfigure.jdbc.AutoConfigureTestDatabase;
 import org.springframework.boot.test.autoconfigure.orm.jpa.DataJpaTest;
-import org.springframework.boot.test.mock.mockito.MockBean;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.TestPropertySource;
+import org.springframework.test.context.bean.override.mockito.MockitoBean;
 import uk.gov.hmcts.reform.cwrdapi.CaseWorkerRefApiApplication;
 import uk.gov.hmcts.reform.cwrdapi.client.domain.CaseWorkerDomain;
 import uk.gov.hmcts.reform.cwrdapi.client.domain.CaseWorkerProfile;
@@ -51,7 +51,7 @@ class ValidationServiceFacadeImplTest {
     @Autowired
     ExceptionCaseWorkerRepository exceptionCaseWorkerRepository;
 
-    @MockBean
+    @MockitoBean
     JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter;
 
     StaffAuditRepository staffAuditRepository = mock(StaffAuditRepository.class);
diff --git a/src/integrationTest/java/uk/gov/hmcts/reform/cwrdapi/util/AuthorizationEnabledIntegrationTest.java b/src/integrationTest/java/uk/gov/hmcts/reform/cwrdapi/util/AuthorizationEnabledIntegrationTest.java
@@ -11,17 +11,16 @@
 import net.serenitybdd.annotations.WithTag;
 import net.serenitybdd.annotations.WithTags;
 import org.flywaydb.core.Flyway;
-import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.extension.RegisterExtension;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
-import org.springframework.boot.test.mock.mockito.MockBean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.oauth2.jwt.JwtDecoder;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.TestPropertySource;
+import org.springframework.test.context.bean.override.mockito.MockitoBean;
 import uk.gov.hmcts.reform.authorisation.generators.AuthTokenGenerator;
 import uk.gov.hmcts.reform.cwrdapi.client.domain.AttributeResponse;
 import uk.gov.hmcts.reform.cwrdapi.client.domain.RoleAdditionResponse;
@@ -63,13 +62,13 @@
 @ContextConfiguration(classes = {TestConfig.class, RestTemplateConfiguration.class})
 public abstract class AuthorizationEnabledIntegrationTest extends SpringBootIntegrationTest {
 
-    @MockBean
+    @MockitoBean
     protected FeatureToggleServiceImpl featureToggleServiceImpl;
 
-    @MockBean
+    @MockitoBean
     protected TopicPublisher topicPublisher;
 
-    @MockBean
+    @MockitoBean
     LDClient ldClient;
 
     @Autowired
@@ -97,7 +96,7 @@ public abstract class AuthorizationEnabledIntegrationTest extends SpringBootInte
     @Value("${oidc.expiration}")
     private long expiration;
 
-    @MockBean
+    @MockitoBean
     AuthTokenGenerator authTokenGenerator;
 
     @Autowired
@@ -109,8 +108,8 @@ public abstract class AuthorizationEnabledIntegrationTest extends SpringBootInte
     @Autowired
     Flyway flyway;
 
-    @MockBean
-    protected static JwtDecoder jwtDecoder;
+    @MockitoBean
+    protected JwtDecoder jwtDecoder;
 
     @BeforeEach
     public void setUpClient() {
@@ -248,12 +247,6 @@ public void userProfilePostUserWireMock() {
                                 + "}")));
     }
 
-    @AfterEach
-    public void cleanupTestData() {
-        JwtDecoderMockBuilder.resetJwtDecoder();
-    }
-
-
     //removed UUID mock here and put in Test config,hence use this only for insert integration testing
     //for update use insert response UUID in test or other mock methods
     public void userProfileCreateUserWireMock(HttpStatus status) {
@@ -318,4 +311,3 @@ public boolean applyGlobally() {
         }
     }
 }
-
diff --git a/src/integrationTest/java/uk/gov/hmcts/reform/cwrdapi/util/CaseWorkerReferenceDataClient.java b/src/integrationTest/java/uk/gov/hmcts/reform/cwrdapi/util/CaseWorkerReferenceDataClient.java
@@ -24,6 +24,7 @@
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.oauth2.jwt.Jwt;
+import org.springframework.security.oauth2.jwt.JwtDecoder;
 import org.springframework.util.MultiValueMap;
 import org.springframework.web.client.HttpStatusCodeException;
 import org.springframework.web.client.RestClientResponseException;
@@ -90,6 +91,8 @@ public class CaseWorkerReferenceDataClient {
     private long expiration;
     @Autowired
     Environment environment;
+    @Autowired
+    private JwtDecoder jwtDecoder;
     static String bearerToken;
     @Value("${idam.s2s-authorised.services}")
     private String serviceName;
@@ -504,7 +507,7 @@ public String getAndReturnBearerToken(String userId, String role) {
 
     public synchronized void mockJwtToken(String role, String userId, String bearerToken) {
         String[] bearerTokenArray = bearerToken.split(" ");
-        when(JwtDecoderMockBuilder.getJwtDecoder().decode(anyString())).thenReturn(decode(bearerTokenArray[1]));
+        when(jwtDecoder.decode(anyString())).thenReturn(decode(bearerTokenArray[1]));
     }
 
     private Jwt createJwt(String token, JWT parsedJwt) {
@@ -778,7 +781,6 @@ public CaseWorkerProfile generateCaseWorkerProfile(String caseWorkerId,
         List<CaseWorkerSkill> cwSkills = new ArrayList<>();
         CaseWorkerSkill caseWorkerSkill = new CaseWorkerSkill();
         cwSkills.add(caseWorkerSkill);
-        caseWorkerSkill.setCaseWorkerSkillId(1L);
         caseWorkerSkill.setCaseWorkerId(caseWorkerId);
         caseWorkerSkill.setSkillId(1L);
         caseWorkerSkill.setSkill(skill);
diff --git a/src/integrationTest/java/uk/gov/hmcts/reform/cwrdapi/util/JwtDecoderMockBuilder.java b/src/integrationTest/java/uk/gov/hmcts/reform/cwrdapi/util/JwtDecoderMockBuilder.java
diff --git a/src/integrationTest/java/uk/gov/hmcts/reform/cwrdapi/util/JwtTokenUtil.java b/src/integrationTest/java/uk/gov/hmcts/reform/cwrdapi/util/JwtTokenUtil.java
@@ -71,7 +71,7 @@ public static String decodeJwtToken(String jwtToken) {
 
     /**
      * Fetch userId and role from the token body.TokenBody is in json format and it fetches key 'sub'
-     * to get comma separated value containing userId and role
+     * to get comma separated value containing userId and role.
      *
      * @param tokenBody tokenBody in string format
      * @return List containing userId and role
diff --git a/src/main/java/uk/gov/hmcts/reform/cwrdapi/service/IJsrValidatorStaffProfile.java b/src/main/java/uk/gov/hmcts/reform/cwrdapi/service/IJsrValidatorStaffProfile.java
@@ -9,7 +9,7 @@ public interface IJsrValidatorStaffProfile {
     /**
      * JSR validation.
      *
-     * @param staffProfile
+     * @param staffProfile staff profile to validate
      *
      */
     void validateStaffProfile(StaffProfileCreationRequest staffProfile,String operationType);
diff --git a/src/main/java/uk/gov/hmcts/reform/cwrdapi/service/impl/CaseWorkerServiceImpl.java b/src/main/java/uk/gov/hmcts/reform/cwrdapi/service/impl/CaseWorkerServiceImpl.java
@@ -251,14 +251,14 @@ public List<CaseWorkerProfile> persistCaseWorkerInBatch(List<CaseWorkerProfile>
                                                             List<CaseWorkerProfile> suspendedCaseWorkerProfiles,
                                                             Map<String, CaseWorkersProfileCreationRequest>
                                                                     emailToRequestMap) {
-        List<CaseWorkerProfile> processedCwProfiles = null;
         List<CaseWorkerProfile> profilesToBePersisted = new ArrayList<>();
 
         profilesToBePersisted.addAll(newCaseWorkerProfiles);
         profilesToBePersisted.addAll(deleteChildrenAndUpdateCwProfiles(updateCaseWorkerProfiles, emailToRequestMap));
         profilesToBePersisted.addAll(suspendedCaseWorkerProfiles);
         profilesToBePersisted = profilesToBePersisted.stream().filter(Objects::nonNull).collect(toList());
 
+        List<CaseWorkerProfile> processedCwProfiles = null;
         if (isNotEmpty(profilesToBePersisted)) {
             processedCwProfiles = caseWorkerProfileRepo.saveAll(profilesToBePersisted);
             log.info("{}:: {} case worker profiles inserted :: Job Id {}", loggingComponentName,
diff --git a/src/main/java/uk/gov/hmcts/reform/cwrdapi/service/impl/StaffRefDataServiceImpl.java b/src/main/java/uk/gov/hmcts/reform/cwrdapi/service/impl/StaffRefDataServiceImpl.java
@@ -693,16 +693,25 @@ public StaffProfileCreationResponse reinviteStaffProfile(StaffProfileCreationReq
         if (upResponse != null && !upResponse.getIdamId().equals(caseWorkerProfile.getCaseWorkerId())) {
             caseWorkerProfileRepo.delete(caseWorkerProfile);
             cwrCommonRepository.flush();
+            resetGeneratedChildIds(caseWorkerProfile);
             caseWorkerProfile.setCaseWorkerId(upResponse.getIdamId());
             caseWorkerProfile.getCaseWorkerLocations().forEach(e -> e.setCaseWorkerId(upResponse.getIdamId()));
             caseWorkerProfile.getCaseWorkerRoles().forEach(e -> e.setCaseWorkerId(upResponse.getIdamId()));
             caseWorkerProfile.getCaseWorkerWorkAreas().forEach(e -> e.setCaseWorkerId(upResponse.getIdamId()));
             caseWorkerProfile.getCaseWorkerSkills().forEach(e -> e.setCaseWorkerId(upResponse.getIdamId()));
+            caseWorkerProfile.setNew(true);
             caseWorkerProfileRepo.save(caseWorkerProfile);
         }
         return new StaffProfileCreationResponse(caseWorkerProfile.getCaseWorkerId());
     }
 
+    private void resetGeneratedChildIds(CaseWorkerProfile caseWorkerProfile) {
+        caseWorkerProfile.getCaseWorkerLocations().forEach(location -> location.setCaseWorkerLocationId(null));
+        caseWorkerProfile.getCaseWorkerRoles().forEach(role -> role.setCaseWorkerRoleId(null));
+        caseWorkerProfile.getCaseWorkerWorkAreas().forEach(workArea -> workArea.setCaseWorkerWorkAreaId(null));
+        caseWorkerProfile.getCaseWorkerSkills().forEach(skill -> skill.setCaseWorkerSkillId(null));
+    }
+
 
     private CaseWorkerProfile validateStaffProfileForUpdate(StaffProfileCreationRequest profileRequest) {
 

Original file line number	Diff line number	Diff line change
`@@ -71,7 +71,7 @@ public static String decodeJwtToken(String jwtToken) {`
`71`	`71`
`72`	`72`	`/**`
`73`	`73`	`* Fetch userId and role from the token body.TokenBody is in json format and it fetches key 'sub'`
`74`		`- * to get comma separated value containing userId and role`
	`74`	`+ * to get comma separated value containing userId and role.`
`75`	`75`	`*`
`76`	`76`	`* @param tokenBody tokenBody in string format`
`77`	`77`	`* @return List containing userId and role`