diff --git a/.github/workflows/ci-dependency-check.yml b/.github/workflows/ci-dependency-check.yml
index b70c32f..601390c 100644
--- a/.github/workflows/ci-dependency-check.yml
+++ b/.github/workflows/ci-dependency-check.yml
@@ -15,7 +15,7 @@ jobs:
steps:
- uses: actions/setup-java@v2
with:
- java-version: 11
+ java-version: 17
distribution: adopt
- uses: actions/checkout@v2
with:
diff --git a/.github/workflows/ci-main.yml b/.github/workflows/ci-main.yml
index 4c33da8..36a91f9 100644
--- a/.github/workflows/ci-main.yml
+++ b/.github/workflows/ci-main.yml
@@ -6,11 +6,11 @@ on:
- main
jobs:
build:
- runs-on: ubuntu-20.04
+ runs-on: ubuntu-latest
steps:
- uses: actions/setup-java@v2
with:
- java-version: 11
+ java-version: 17
distribution: adopt
- uses: actions/checkout@v2
with:
diff --git a/.github/workflows/ci-pullrequest.yml b/.github/workflows/ci-pullrequest.yml
index 558aa10..f577089 100644
--- a/.github/workflows/ci-pullrequest.yml
+++ b/.github/workflows/ci-pullrequest.yml
@@ -7,11 +7,11 @@ on:
- reopened
jobs:
build:
- runs-on: ubuntu-20.04
+ runs-on: ubuntu-latest
steps:
- uses: actions/setup-java@v2
with:
- java-version: 11
+ java-version: 17
distribution: adopt
- uses: actions/checkout@v2
with:
diff --git a/.github/workflows/ci-release-notes.yml b/.github/workflows/ci-release-notes.yml
index b155d77..2fd0c68 100644
--- a/.github/workflows/ci-release-notes.yml
+++ b/.github/workflows/ci-release-notes.yml
@@ -5,7 +5,7 @@ on:
- created
jobs:
release-notes:
- runs-on: ubuntu-20.04
+ runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
diff --git a/.github/workflows/ci-release.yml b/.github/workflows/ci-release.yml
index 9af8f11..2ced4ac 100644
--- a/.github/workflows/ci-release.yml
+++ b/.github/workflows/ci-release.yml
@@ -5,11 +5,11 @@ on:
- created
jobs:
release:
- runs-on: ubuntu-20.04
+ runs-on: ubuntu-latest
steps:
- uses: actions/setup-java@v2
with:
- java-version: 11
+ java-version: 17
distribution: adopt
- uses: actions/checkout@v2
with:
diff --git a/.github/workflows/ci-sonar.yml b/.github/workflows/ci-sonar.yml
index 90171d4..5e7dcc4 100644
--- a/.github/workflows/ci-sonar.yml
+++ b/.github/workflows/ci-sonar.yml
@@ -10,11 +10,11 @@ on:
- reopened
jobs:
sonar:
- runs-on: ubuntu-20.04
+ runs-on: ubuntu-latest
steps:
- uses: actions/setup-java@v2
with:
- java-version: 11
+ java-version: 17
distribution: adopt
- uses: actions/checkout@v2
with:
diff --git a/owasp/suppressions.xml b/owasp/suppressions.xml
index 5f48248..3fd8b02 100644
--- a/owasp/suppressions.xml
+++ b/owasp/suppressions.xml
@@ -1,29 +1,7 @@
- see https://github.com/jeremylong/DependencyCheck/issues/1827>
- CVE-2018-1258
-
-
- see https://github.com/jeremylong/DependencyCheck/issues/2952
- CVE-2011-2732
- CVE-2011-2731
- CVE-2012-5055
-
-
- see https://tomcat.apache.org/security-9.html#Apache_Tomcat_9.x_vulnerabilities vulnerability is fixed in tomcat 9.0.38
- CVE-2020-13943
-
-
- H2 is not used by this project.
- CVE-2021-23463
-
-
- False Positive, Should match only up to 5.3.2 (excluding) but we have 5.6.3
- CVE-2020-5408
-
-
- False Positive, Should match only up to 1.32 (excluding) but we have 1.33
- CVE-2022-38752
+ no YAML content from users is parsed within this service
+ CVE-2022-1471
diff --git a/pom.xml b/pom.xml
index ad59140..9270a25 100644
--- a/pom.xml
+++ b/pom.xml
@@ -13,7 +13,7 @@
eu.europa.ec.dgc
dgc-lib
- 2.0.0
+ latest
jar
dgc-lib
@@ -30,18 +30,16 @@
UTF-8
UTF-8
- 7.3.0
- 11.10
- 1.70
+ 8.0.2
+ 1.72
1.18.24
1.5.3.Final
2.11.0
4.5.2
- 2.13.4
- 2.13.4.2
4.10.0
- 3.2.0
- 3.0.0-M7
+ 3.2.1
+ 3.9.1.2184
+ 3.0.0-M8
0.8.8
@@ -78,24 +76,8 @@
org.springframework.boot
- spring-boot-starter-web
+ spring-boot-starter
true
-
-
- org.yaml
- snakeyaml
-
-
- com.fasterxml.jackson.core
- jackson-databind
-
-
-
-
-
- org.yaml
- snakeyaml
- 1.33
org.springframework.boot
@@ -105,17 +87,10 @@
org.springframework.cloud
spring-cloud-starter-openfeign
-
-
- org.springframework
- spring-web
-
-
io.github.openfeign
feign-httpclient
- ${feign.version}
org.mapstruct
@@ -126,11 +101,10 @@
org.projectlombok
lombok
provided
- ${lombok.version}
org.bouncycastle
- bcpkix-jdk15on
+ bcpkix-jdk18on
${bcpkix.version}
@@ -146,20 +120,11 @@
com.fasterxml.jackson.core
jackson-databind
- ${jackson.databind.version}
com.fasterxml.jackson.datatype
jackson-datatype-jsr310
- ${jackson.version}
-
-
- com.fasterxml.jackson.core
- jackson-databind
-
-
-
org.springframework.boot
spring-boot-starter-test