Upgrade to upstream version 75.22.0 [KETI-2677]

Signed-off-by: Jaisankar Alagappan <[email protected]>

.github/dependabot.yml

@@ -73,3 +73,64 @@ updates:
     interval: daily
     time: "11:00"
   open-pull-requests-limit: 10
+
+# Added dependabot configuration for 74.5.x branch
+- package-ecosystem: npm
+  directory: "/uaa"
+  schedule:
+    interval: daily
+    time: "11:00"
+  target-branch: "74.5.x"
+  open-pull-requests-limit: 10
+- package-ecosystem: gradle
+  directory: "/statsd"
+  schedule:
+    interval: daily
+    time: "11:00"
+  target-branch: "74.5.x"
+  open-pull-requests-limit: 10
+- package-ecosystem: gradle
+  directory: "/"
+  schedule:
+    interval: daily
+    time: "11:00"
+  target-branch: "74.5.x"
+  open-pull-requests-limit: 10
+  ignore:
+    - dependency-name: "org.apache.tomcat:*"
+      update-types: ["version-update:semver-major"] # Stay in Tomcat 9 because it is still supported, likely until 2027 (https://endoflife.date/tomcat), and bumping to Tomcat 10 requires some major code changes
+- package-ecosystem: gradle
+  directory: "/model"
+  schedule:
+    interval: daily
+    time: "11:00"
+  target-branch: "74.5.x"
+  open-pull-requests-limit: 10
+- package-ecosystem: gradle
+  directory: "/metrics-data"
+  schedule:
+    interval: daily
+    time: "11:00"
+  target-branch: "74.5.x"
+  open-pull-requests-limit: 10
+- package-ecosystem: gradle
+  directory: "/samples/api"
+  schedule:
+    interval: daily
+    time: "11:00"
+  target-branch: "74.5.x"
+  open-pull-requests-limit: 10
+- package-ecosystem: gradle
+  directory: "/server"
+  schedule:
+    interval: daily
+    time: "11:00"
+  target-branch: "74.5.x"
+  open-pull-requests-limit: 10
+- package-ecosystem: gradle
+  directory: "/samples/app"
+  schedule:
+    interval: daily
+    time: "11:00"
+  target-branch: "74.5.x"
+  open-pull-requests-limit: 10

.github/workflows/depsreview.yml

@@ -11,4 +11,4 @@ jobs:
       - name: 'Checkout Repository'
         uses: actions/checkout@v3
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@v1
+        uses: actions/dependency-review-action@v2

README.md

@@ -114,14 +114,8 @@ First run the UAA server as described above:
 From another terminal you can use curl to verify that UAA has started by
 requesting system information:
 
-    $ curl -H "Accept: application/json" localhost:8080/uaa/login
-    {
-      "timestamp":"2012-03-28T18:25:49+0100",
-      "commit_id":"111274e",
-      "prompts":{"username":["text","Username"],
-        "password":["password","Password"]
-      }
-    }
+    $ curl --silent --show-error --head localhost:8080/uaa/login | head -1
+    HTTP/1.1 200
 
 For complex requests it is more convenient to interact with UAA using
 `uaac`, the [UAA Command Line Client](https://github.com/cloudfoundry/cf-uaac).
@@ -144,15 +138,23 @@ To run the unit tests with docker:
 
 ### To run a single test
 
+The default uaa unit tests (`./gradlew test`) use hsqldb. 
+
 Start by finding out which gradle project your test belongs to.
 You can find all project by running
 
     $ ./gradlew projects
 
-Then you can run
-
+To run a specific test class, you can specify the module and the test class. 
+    
     $ ./gradlew :<project name>:test --tests <TestClass>.<MethodName>
 
+In this example, it's running only the 
+JdbcScimGroupMembershipManagerTests tests in the cloudfoundry-identity-server module:
+
+    $ ./gradlew :cloudfoundry-identity-server:test \
+    --tests "org.cloudfoundry.identity.uaa.scim.jdbc.JdbcScimGroupMembershipManagerTests"
+
 or to run all tests in a Class
 
     $ ./gradlew :<project name>:test --tests <TestClass>
@@ -223,7 +225,11 @@ Here are some ways for you to get involved in the community:
   [forks of this repository](https://github.com/cloudfoundry/uaa). If you
   want to contribute code this way, please reference an existing issue
   if there is one as well covering the specific issue you are
-  addressing.  Always submit pull requests to the "develop" branch.
+  addressing. Always submit pull requests to the "develop" branch.
   We strictly adhere to test driven development. We kindly ask that
   pull requests are accompanied with test cases that would be failing
   if ran separately from the pull request.
+* After you create the pull request, you can check the code metrics yourself  
+  in [Github Actions](https://github.com/cloudfoundry/uaa/actions) and on [Sonar](https://sonarcloud.io/project/pull_requests_list?id=cloudfoundry-identity-parent). 
+  The goal for new code should be close to 100% tested and clean code: 
+  [![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=cloudfoundry-identity-parent&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=cloudfoundry-identity-parent)

build.gradle

@@ -8,6 +8,7 @@ buildscript {
 
     repositories {
         mavenCentral()
+        gradlePluginPortal()
         maven {
             url("https://plugins.gradle.org/m2/")
         }
@@ -18,7 +19,6 @@ buildscript {
 
     dependencies {
         classpath(libraries.cargoGradlePlugin)
-        classpath(libraries.prodepsGradlePlugin)
         classpath(libraries.asciidoctorGradlePlugin)
         classpath(libraries.springDependencyMangementGradlePlugin)
         classpath(libraries.springBootGradlePlugin)
@@ -42,9 +42,9 @@ apply(from: "dependencies.gradle")
 def applicationPort = project.hasProperty('port') ? project.getProperty('port').toInteger() : 8080
 
 apply(plugin: "com.bmuschko.cargo")
+apply(plugin: "war")
 
 allprojects {
-    apply(plugin: "propdeps")
     apply(plugin: "io.spring.dependency-management")
     apply(plugin: "org.gradle.test-retry")
     apply(plugin: "org.barfuin.gradle.jacocolog")
@@ -57,8 +57,6 @@ allprojects {
         }
     }
 
-    configurations.provided.transitive = false
-
     repositories {
         mavenCentral()
         maven {
@@ -217,8 +215,8 @@ cargo {
         rmiPort = applicationPort + 10
 
         jvmArgs = ""
-        jvmArgs = String.format("%s -DCLOUDFOUNDRY_CONFIG_PATH=%s", jvmArgs, file("scripts/cargo").getAbsolutePath())
-        jvmArgs = String.format("%s -Dlogging.config=%s", jvmArgs, file("scripts/cargo/log4j2.properties").getAbsolutePath())
+        jvmArgs = String.format("%s -DCLOUDFOUNDRY_CONFIG_PATH='%s'", jvmArgs, file("scripts/cargo").getAbsolutePath())
+        jvmArgs = String.format("%s -Dlogging.config='%s'", jvmArgs, file("scripts/cargo/log4j2.properties").getAbsolutePath())
         jvmArgs = String.format("%s -Dstatsd.enabled=true", jvmArgs)
         if (System.getProperty("spring.profiles.active", "").split(',').contains("debug")) {
             jvmArgs = String.format("%s -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005", jvmArgs)

dependencies.gradle

@@ -4,21 +4,21 @@ ext {
 }
 
 // Versions we're overriding from the Spring Boot Bom
-ext["mariadb.version"] = "2.3.0"
-ext["flyway.version"] = "5.2.4"
+ext["mariadb.version"] = "2.7.4"
+ext["flyway.version"] = "7.15.0"
 ext['log4j2.version'] = '2.17.1' // this pinning can be removed when we bump to a spring boot version that has 2.15.0+ (due to CVE https://github.com/advisories/GHSA-jfh8-c2jp-5v3q in log4j < 2.15.0)
 
 // Versions shared between multiple dependencies
 versions.aspectJVersion = "1.9.4"
 versions.apacheDsVersion = "2.0.0.AM26"
 versions.bouncyCastleVersion = "1.71"
 versions.hamcrestVersion = "2.2"
-versions.springBootVersion = "2.6.8"
+versions.springBootVersion = "2.7.2"
 versions.springSecurityJwtVersion = "1.1.1.RELEASE"
 versions.springSecurityOAuthVersion = "2.5.2.RELEASE"
 versions.springSecuritySamlVersion = "1.0.10.RELEASE"
-versions.springVersion = "5.3.20"
-versions.tomcatCargoVersion = "9.0.63"
+versions.springVersion = "5.3.22"
+versions.tomcatCargoVersion = "9.0.65"
 versions.guavaVersion = "31.1-jre"
 
 // Dependencies (some rely on shared versions, some are shared between projects)
@@ -34,7 +34,7 @@ libraries.bouncyCastlePkix = "org.bouncycastle:bcpkix-jdk18on:${versions.bouncyC
 libraries.bouncyCastleProv = "org.bouncycastle:bcprov-jdk18on:${versions.bouncyCastleVersion}"
 libraries.commonsIo = "commons-io:commons-io:2.11.0"
 libraries.dumbster = "dumbster:dumbster:1.6"
-libraries.eclipseJgit = "org.eclipse.jgit:org.eclipse.jgit:6.1.0.202203080745-r"
+libraries.eclipseJgit = "org.eclipse.jgit:org.eclipse.jgit:6.2.0.202206071550-r"
 libraries.flywayCore = "org.flywaydb:flyway-core"
 libraries.greenmail = "com.icegreen:greenmail:1.6.9"
 libraries.googleAuth = "com.warrenstrange:googleauth:1.5.0"
@@ -116,13 +116,12 @@ libraries.zxing = "com.google.zxing:javase:3.5.0"
 libraries.nimbusJwt = "com.nimbusds:nimbus-jose-jwt:8.23"
 libraries.xmlSecurity = "org.apache.santuario:xmlsec:3.0.0"
 libraries.orgJson = "org.json:json:20220320"
-libraries.spingSamlEsapiDependencyVersion = "org.owasp.esapi:esapi:2.4.0.0"
+libraries.spingSamlEsapiDependencyVersion = "org.owasp.esapi:esapi:2.5.0.0"
 
 // gradle plugins
 libraries.testRetryPlugin = "org.gradle:test-retry-gradle-plugin:1.3.1"
 libraries.asciidoctorGradlePlugin = "org.asciidoctor:asciidoctor-gradle-plugin:1.6.1"
 libraries.cargoGradlePlugin = "com.bmuschko:gradle-cargo-plugin:2.8.0"
-libraries.prodepsGradlePlugin = "io.spring.gradle:propdeps-plugin:0.0.10.RELEASE"
 libraries.springBootGradlePlugin = "org.springframework.boot:spring-boot-gradle-plugin:${versions.springBootVersion}"
 libraries.springDependencyMangementGradlePlugin = "io.spring.gradle:dependency-management-plugin"
 libraries.gradleJcocoPlugin = "gradle.plugin.org.barfuin.gradle.jacocolog:gradle-jacoco-log:1.2.4"

gradle/wrapper/gradle-wrapper.properties

@@ -1,5 +1,5 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-6.9.2-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-7.4.2-bin.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists