ENG-58332:Upgrade Micrometer version (#115)

harshit-kumar-v2 · web-flow · commit e3d0cb98d30f · 2025-03-06T16:54:54.000+05:30
* upgrade micrometer version

* use key

* update version

* version change

* version change

* suppress
diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml
@@ -54,3 +54,5 @@ jobs:
     steps:
       - name: Dependency Check
         uses: hypertrace/github-actions/dependency-check@main
+        with:
+          nvd-api-key: ${{ secrets.NVD_API_KEY }}
diff --git a/build.gradle.kts b/build.gradle.kts
@@ -7,7 +7,7 @@ plugins {
   id("org.hypertrace.publish-plugin") version "1.0.2" apply false
   id("org.hypertrace.jacoco-report-plugin") version "0.2.1" apply false
   id("org.hypertrace.code-style-plugin") version "1.1.2" apply false
-  id("org.owasp.dependencycheck") version "8.3.1"
+  id("org.owasp.dependencycheck") version "12.1.0"
 }
 
 subprojects {
diff --git a/owasp-suppressions.xml b/owasp-suppressions.xml
@@ -1,3 +1,10 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+  <suppress until="2025-05-31Z">
+    <notes><![CDATA[
+   file name: micrometer-registry-prometheus-simpleclient-1.14.4.jar, fix not available yet
+   ]]></notes>
+    <packageUrl regex="true">^pkg:maven/io\.micrometer/micrometer-registry-prometheus-simpleclient@.*$</packageUrl>
+    <cve>CVE-2019-3826</cve>
+  </suppress>
 </suppressions> 
diff --git a/platform-metrics/build.gradle.kts b/platform-metrics/build.gradle.kts
@@ -12,10 +12,12 @@ tasks.test {
 dependencies {
   api("com.typesafe:config:1.4.2")
   api("io.dropwizard.metrics:metrics-jakarta-servlet:4.2.25")
-  api("io.micrometer:micrometer-core:1.10.2")
+  api("io.micrometer:micrometer-core:1.14.4")
   api("jakarta.servlet:jakarta.servlet-api:6.0.0")
 
-  implementation("io.micrometer:micrometer-registry-prometheus:1.10.2")
+  // Using simpleclient flavour since with version >= 1.13.0 micrometer does not support io.prometheus.simpleclient dependencies
+  // https://github.com/micrometer-metrics/micrometer/wiki/1.13-Migration-Guide
+  implementation("io.micrometer:micrometer-registry-prometheus-simpleclient:1.14.4")
 
   implementation("io.github.mweirauch:micrometer-jvm-extras:0.2.2")
   implementation("org.slf4j:slf4j-api:1.7.36")

Original file line number	Diff line number	Diff line change
`@@ -7,7 +7,7 @@ plugins {`
`7`	`7`	`id("org.hypertrace.publish-plugin") version "1.0.2" apply false`
`8`	`8`	`id("org.hypertrace.jacoco-report-plugin") version "0.2.1" apply false`
`9`	`9`	`id("org.hypertrace.code-style-plugin") version "1.1.2" apply false`
`10`		`- id("org.owasp.dependencycheck") version "8.3.1"`
	`10`	`+ id("org.owasp.dependencycheck") version "12.1.0"`
`11`	`11`	`}`
`12`	`12`
`13`	`13`	`subprojects {`