From 4071eacef321465516952730761b257fb749a772 Mon Sep 17 00:00:00 2001
From: nargas-ritu <59389071+nargas-ritu@users.noreply.github.com>
Date: Tue, 11 Jul 2023 10:11:50 +0100
Subject: [PATCH 1/3] CORE-5821: Updated snyk file with the latest reported
 issues

---
 .snyk | 28 +++++-----------------------
 1 file changed, 5 insertions(+), 23 deletions(-)

diff --git a/.snyk b/.snyk
index 36101b2ced..ac47111e0b 100644
--- a/.snyk
+++ b/.snyk
@@ -2,23 +2,14 @@
 version: v1.25.0
 # ignores vulnerabilities until expiry date; change duration by modifying expiry date
 ignore:
-  SNYK-JAVA-ORGJETBRAINSKOTLIN-2628385:
-    - '*':
-        reason: >-
-          Gradle plugins use the version of Kotlin provided by Gradle itself, so
-          it is not susceptible to this vulnerability. In addition, this is a 
-          build-time vulnerability,  released artifacts are not affected due to
-          this.
-        expires: 2022-10-22T10:40:55.991Z
-        created: 2022-09-22T10:40:55.995Z
-  SNYK-JAVA-ORGJETBRAINSKOTLIN-2393744:
+   SNYK-JAVA-ORGJETBRAINSKOTLIN-2393744:
     - '*':
         reason: >-
           This vulnerability relates to information exposure via creation of
           temporary files via Kotlin functions with insecure permissions. Corda
           does not use any of the vulnerable functions so it not susceptible to
           this vulnerability.
-        expires: 2023-06-19T10:40:55.991Z
+        expires: 2023-10-19T10:40:55.991Z
         created: 2022-09-22T10:40:55.995Z
   SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424:
     - '*':
@@ -27,16 +18,7 @@ ignore:
           where this dependency originates, this is used at compile / build time
           only for Kdoc generation and not shipped in any of our releasable
           artifacts.
-        expires: 2023-06-19T10:40:55.991Z
-        created: 2022-12-20T10:40:55.995Z
-  SNYK-JAVA-ORGJSOUP-2989728:
-    - '*':
-        reason: >-
-          Corda5 Shippable artifacts do not make use of dokka-core, which is
-          where this dependency originates, this is used at compile / build time
-          only for Kdoc generation and not shipped in any of our releasable
-          artifacts.
-        expires: 2023-06-19T10:40:55.991Z
+        expires: 2023-10-19T10:40:55.991Z
         created: 2022-12-20T10:40:55.995Z
   SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426:
     - '*':
@@ -45,7 +27,7 @@ ignore:
           where this dependency originates, this is used at compile / build time
           only for Kdoc generation and not shipped in any of our releasable
           artifacts.
-        expires: 2023-06-19T10:40:55.991Z
+        expires: 2023-10-19T10:40:55.991Z
         created: 2022-12-20T10:40:55.995Z
   SNYK-JAVA-COMFASTERXMLWOODSTOX-3091135:
     - '*':
@@ -54,6 +36,6 @@ ignore:
           where this dependency originates, this is used at compile / build time
           only for Kdoc generation and not shipped in any of our releasable
           artifacts.
-        expires: 2023-06-19T13:28:02.582Z
+        expires: 2023-10-19T13:28:02.582Z
         created: 2023-03-20T13:28:02.597Z
 patch: {}

From a83bee3623141f1d34261a4a1d6c52268995f7f3 Mon Sep 17 00:00:00 2001
From: Ronan Browne <ronan.browne@R3.com>
Date: Wed, 12 Jul 2023 14:19:32 +0100
Subject: [PATCH 2/3] CORE-5821: fix indentation in snyk file (#1176)

---
 .snyk | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.snyk b/.snyk
index ac47111e0b..63aea5eda8 100644
--- a/.snyk
+++ b/.snyk
@@ -11,7 +11,7 @@ ignore:
           this vulnerability.
         expires: 2023-10-19T10:40:55.991Z
         created: 2022-09-22T10:40:55.995Z
-  SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424:
+   SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424:
     - '*':
         reason: >-
           Corda5 Shippable artifacts do not make use of dokka-core, which is
@@ -20,7 +20,7 @@ ignore:
           artifacts.
         expires: 2023-10-19T10:40:55.991Z
         created: 2022-12-20T10:40:55.995Z
-  SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426:
+   SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426:
     - '*':
         reason: >-
           Corda5 Shippable artifacts do not make use of dokka-core, which is
@@ -29,7 +29,7 @@ ignore:
           artifacts.
         expires: 2023-10-19T10:40:55.991Z
         created: 2022-12-20T10:40:55.995Z
-  SNYK-JAVA-COMFASTERXMLWOODSTOX-3091135:
+   SNYK-JAVA-COMFASTERXMLWOODSTOX-3091135:
     - '*':
         reason: >-
           Corda5 Shippable artifacts do not make use of dokka-core, which is

From 667cc4cb619d274234c4f2f8690c9a785c3f0de5 Mon Sep 17 00:00:00 2001
From: Sean Brereton <46895769+seanbrereton@users.noreply.github.com>
Date: Fri, 28 Jul 2023 17:40:05 +0100
Subject: [PATCH 3/3] point at public repos (#1173)

Co-authored-by: Ronan Browne <ronan.browne@R3.com>
---
 gradle.properties | 1 +
 settings.gradle   | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/gradle.properties b/gradle.properties
index cfc16fe71a..b8f9a577a3 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -24,6 +24,7 @@ licenseUrl = http://www.apache.org/licenses/LICENSE-2.0.txt
 
 # Artifactory
 artifactoryContextUrl = https://software.r3.com/artifactory
+publicArtifactURL = https://download.corda.net/maven
 
 # Gradle
 # dokka need more metaspace - https://github.com/Kotlin/dokka/issues/1405
diff --git a/settings.gradle b/settings.gradle
index e1c275f069..cbf2191272 100644
--- a/settings.gradle
+++ b/settings.gradle
@@ -15,7 +15,7 @@ pluginManagement {
             }
         } else {
             maven {
-                url "$artifactoryContextUrl/corda-releases"
+                url "${publicArtifactURL}/corda-releases"
                 content {
                     includeGroupByRegex 'net\\.corda\\.plugins(\\..*)?'
                 }
@@ -67,7 +67,7 @@ dependencyResolutionManagement {
             mavenCentral()
 
             maven {
-                url = "$artifactoryContextUrl/corda-dependencies"
+                url = "${publicArtifactURL}/corda-dependencies"
             }
 
             maven {