latest updates due to vulnerability scan

project-husky · Nov 13, 2024 · fa33627 · fa33627
1 parent 5f4886b
commit fa33627
Showing 1 changed file with 118 additions and 5 deletions.
diff --git a/pom.xml b/pom.xml
@@ -1,4 +1,6 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>org.projecthusky</groupId>
 	<artifactId>husky-api</artifactId>
@@ -45,10 +47,11 @@
 		<camel.version>4.8.0</camel.version>
 		<zxing.version>3.5.3</zxing.version>
 		<openhtmltopdf-version>1.1.22</openhtmltopdf-version>
-		<org.hl7.fhir.version>6.3.23</org.hl7.fhir.version>
+		<org.hl7.fhir.version>6.4.1</org.hl7.fhir.version>
 		<fasterxml.version>2.17.2</fasterxml.version>
 		<jakarta.xml.version>3.0.1</jakarta.xml.version>
 		<tomcat.embed.version>10.1.31</tomcat.embed.version>
+		<bouncycastle.version>1.79</bouncycastle.version>
 	</properties>
 	<scm>
 		<connection>scm:git:https://github.com/project-husky/husky.git</connection>
@@ -416,7 +419,56 @@
 				<artifactId>jakarta.activation-api</artifactId>
 				<version>2.1.3</version>
 			</dependency>
-			<!-- PPQ stuff -->
+
+			<dependency>
+				<groupId>org.springframework</groupId>
+				<artifactId>spring-core</artifactId>
+				<version>${spring.version}</version>
+			</dependency>
+			<dependency>
+				<groupId>org.springframework</groupId>
+				<artifactId>spring-context</artifactId>
+				<version>${spring.version}</version>
+			</dependency>
+			<dependency>
+				<groupId>org.springframework</groupId>
+				<artifactId>spring-messaging</artifactId>
+				<version>${spring.version}</version>
+			</dependency>
+			<dependency>
+				<groupId>org.springframework</groupId>
+				<artifactId>spring-tx</artifactId>
+				<version>${spring.version}</version>
+			</dependency>
+			<dependency>
+				<groupId>org.springframework</groupId>
+				<artifactId>spring-web</artifactId>
+				<version>${spring.version}</version>
+			</dependency>
+			<dependency>
+				<groupId>org.springframework</groupId>
+				<artifactId>spring-beans</artifactId>
+				<version>${spring.version}</version>
+			</dependency>
+
+
+			<dependency>
+				<groupId>org.bouncycastle</groupId>
+				<artifactId>bcprov-jdk18on</artifactId>
+				<version>${bouncycastle.version}</version>
+			</dependency>
+			<dependency>
+				<groupId>org.bouncycastle</groupId>
+				<artifactId>bcpkix-jdk18on</artifactId>
+				<version>${bouncycastle.version}</version>
+			</dependency>
+
+			<dependency>
+				<groupId>org.apache.velocity</groupId>
+				<artifactId>velocity-engine-core</artifactId>
+				<version>2.4.1</version>
+			</dependency>
+
 			<dependency>
 				<groupId>org.opensaml</groupId>
 				<artifactId>opensaml-xacml-saml-impl</artifactId>
@@ -427,6 +479,7 @@
 				<artifactId>opensaml-xacml-impl</artifactId>
 				<version>${opensaml.version}</version>
 			</dependency>
+
 			<dependency>
 				<groupId>org.opensaml</groupId>
 				<artifactId>opensaml-storage-impl</artifactId>
@@ -505,8 +558,9 @@
 			</dependency>
 			<dependency>
 				<groupId>org.springframework</groupId>
-				<artifactId>spring-context</artifactId>
+				<artifactId>spring-test</artifactId>
 				<version>${spring.version}</version>
+				<scope>test</scope>
 			</dependency>
 			<dependency>
 				<groupId>org.apache.camel</groupId>
@@ -711,6 +765,11 @@
 				<artifactId>org.hl7.fhir.r4b</artifactId>
 				<version>${org.hl7.fhir.version}</version>
 			</dependency>
+			<dependency>
+				<groupId>ca.uhn.hapi.fhir</groupId>
+				<artifactId>org.hl7.fhir.convertors</artifactId>
+				<version>${org.hl7.fhir.version}</version>
+			</dependency>
 
 			<!-- HTML to PDF conversion -->
 			<dependency>
@@ -810,7 +869,8 @@
 					<groupId>org.ogce</groupId>
 					<artifactId>xpp3</artifactId>
 				</exclusion>
-				<!-- Excluded because a newer version of the library e.g 6.3.23 already exists -->
+				<!-- Excluded because a newer version of the library e.g 6.3.23
+				already exists -->
 				<exclusion>
 					<groupId>ca.uhn.hapi.fhir</groupId>
 					<artifactId>org.hl7.fhir.utilities</artifactId>
@@ -1204,5 +1264,58 @@
 				</plugins>
 			</build>
 		</profile>
+
+		<profile>
+			<id>owasp</id>
+			<build>
+				<plugins>
+					<plugin>
+						<groupId>org.owasp</groupId>
+						<artifactId>dependency-check-maven</artifactId>
+						<version>11.1.0</version>
+						<configuration>
+							<skipProvidedScope>true</skipProvidedScope>
+							<skipRuntimeScope>true</skipRuntimeScope>
+							<skipSystemScope>true</skipSystemScope>
+							<skipTestScope>true</skipTestScope>
+							<inherited>false</inherited>
+							<formats>
+								<format>XML</format>
+								<format>HTML</format>
+								<format>JSON</format>
+							</formats>
+						</configuration>
+						<executions>
+							<execution>
+								<id>owasp-verify</id>
+								<phase>verify</phase>
+								<goals>
+									<goal>check</goal>
+									<goal>aggregate</goal>
+								</goals>
+							</execution>
+						</executions>
+					</plugin>
+				</plugins>
+			</build>
+			<!--
+			<reporting>
+				<plugins>
+					<plugin>
+						<groupId>org.owasp</groupId>
+						<artifactId>dependency-check-maven</artifactId>
+						<version>11.1.0</version>
+						<reportSets>
+							<reportSet>
+								<reports>
+									<report>aggregate</report>
+								</reports>
+							</reportSet>
+						</reportSets>
+					</plugin>
+				</plugins>
+			</reporting>
+			-->
+		</profile>
 	</profiles>
 </project>