diff --git a/NEWS.md b/NEWS.md index 09e5d07..1f0c62d 100644 --- a/NEWS.md +++ b/NEWS.md @@ -1,3 +1,8 @@ +## 4.0.2 2024-04-17 + * ERM-3190 DB Connections are not being released + * SI-52 Review outdated/vulnerable dependencies in mod-service-interaction + * Fixed typo in application-vagrant-db + ## 4.0.1 2024-03-25 * Fix missing spring dependencies from built jar diff --git a/service/build.gradle b/service/build.gradle index c867d9d..62a8014 100644 --- a/service/build.gradle +++ b/service/build.gradle @@ -96,7 +96,10 @@ dependencies { implementation "org.hibernate:hibernate-core:5.6.15.Final" implementation "org.grails.plugins:events" - implementation 'org.grails.plugins:spring-security-core:6.1.1' // Prev 5.2.1 + implementation 'org.grails.plugins:spring-security-core:6.1.1' // NOT IN LINE WITH GRAILS PATCH VERSION + // 5.8.9 affected by https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-6457293 + implementation("org.springframework.security:spring-security-core:5.8.11") + implementation "org.grails.plugins:views-json" implementation "org.grails.plugins:views-json-templates" @@ -124,7 +127,7 @@ dependencies { /* ---- Manually installed dependencies ---- */ implementation 'com.k_int.grails:web-toolkit-ce:9.0.0' - implementation('com.k_int.okapi:grails-okapi:7.0.0') { + implementation('com.k_int.okapi:grails-okapi:7.1.0') { exclude group: 'com.vaadin.external.google', module: 'android-json' } @@ -133,7 +136,7 @@ dependencies { implementation "org.springframework.boot:spring-boot-starter-undertow" // Replaces spring-boot-starter-tomcat implementation "org.hibernate:hibernate-java8" runtimeOnly "com.zaxxer:HikariCP:5.1.0" // Replaces Tomcat JDBC pool - runtimeOnly "org.postgresql:postgresql:42.5.3" + runtimeOnly "org.postgresql:postgresql:42.7.3" implementation ('org.grails.plugins:database-migration:4.2.1') { exclude group: 'org.liquibase', module: 'liquibase-core' @@ -141,9 +144,11 @@ dependencies { implementation 'org.liquibase:liquibase-core:4.19.0' // Prev 4.17.2 -- taken from master of plugin database migration implementation 'com.opencsv:opencsv:5.7.1' - implementation 'commons-io:commons-io:2.6' - implementation 'io.github.virtualdogbert:logback-groovy-config:1.14.1' // Grails 5 and up no longer supports groovy files for logback config - compileOnly 'ch.qos.logback:logback-classic:1.4.7' + implementation 'commons-io:commons-io:2.7' + implementation('io.github.virtualdogbert:logback-groovy-config:1.14.1') + compileOnly 'ch.qos.logback:logback-classic:1.4.7' + // Is on runtime classpath via spring-boot-starter + runtimeOnly 'ch.qos.logback:logback-classic:1.2.13' /* ---- Manually installed testing dependencies ---- */ //implementation "org.grails:grails-gorm-testing-support:2.6.1" @@ -158,8 +163,9 @@ dependencies { implementation 'org.z3950.zing:cql-java:1.13' /* ---- Custom non profile deps ---- */ - implementation 'org.apache.kafka:kafka-clients:2.3.0' - implementation 'com.github.everit-org.json-schema:org.everit.json.schema:1.14.3' + implementation 'org.apache.kafka:kafka-clients:3.7.0' + implementation 'com.github.everit-org.json-schema:org.everit.json.schema:1.14.4' + // Better test reports. testImplementation( 'com.athaydes:spock-reports:2.3.2-groovy-3.0' ) { transitive = false // this avoids affecting your version of Groovy/Spock diff --git a/service/gradle.properties b/service/gradle.properties index 07203df..f7170e2 100644 --- a/service/gradle.properties +++ b/service/gradle.properties @@ -1,9 +1,9 @@ -grailsVersion=6.1.1 -grailsGradlePluginVersion=6.1.1 +grailsVersion=6.1.2 +grailsGradlePluginVersion=6.1.2 # Application appName=mod-service-interaction -appVersion=4.0.1 +appVersion=4.0.2 dockerTagSuffix= dockerRepo=folioci diff --git a/service/grails-app/conf/application-vagrant-db.yml b/service/grails-app/conf/application-vagrant-db.yml index 85caa68..5302278 100644 --- a/service/grails-app/conf/application-vagrant-db.yml +++ b/service/grails-app/conf/application-vagrant-db.yml @@ -14,7 +14,7 @@ dataSource: properties: jmxEnabled: false maximumPoolSize: ${db.maxpoolsize:10} - transactionIsolation: TRANSACTION_READ_COMMITTEDD_COMMITTED + transactionIsolation: TRANSACTION_READ_COMMITTED --- server: host: localhost