CIV-11730 - Bump gradle wrapper and dependencyCheck (#3758)

* Bump gradle wrapper to version 7.6 * remove redundant param for dependencyCheck * update README.md --------- Co-authored-by: dharmendra kumar <[email protected]>
hmcts · Dec 15, 2023 · 37599a5 · 37599a5
1 parent 8442d04
commit 37599a5
Show file tree

Hide file tree

Showing 5 changed files with 20 additions and 8 deletions.
diff --git a/README.md b/README.md
@@ -170,6 +170,19 @@ additional information where necessary.
 
    Still, you shouldn't be doing it so make sure you get in touch with a Technical Lead soon afterwards.
 
+## Gradle Dependency Check - Running Locally
+In the local environment, as of 15/12/2023 where dependency check is mandated to use version 9 or above:
+https://github.com/jeremylong/DependencyCheck?tab=readme-ov-file#900-upgrade-notice
+
+Users will now need to generate a NVD API key for themselves in order to run some gradle dependency commands:
+https://nvd.nist.gov/developers/request-an-api-key
+
+Example
+```
+./gradlew -DdependencyCheck.failBuild=true -Dnvd.api.check.validforhours=24 -Dnvd.api.key=<YOUR_API_KEY_HERE> dependencyCheckAggregate
+```
+
+
 ## License
 
 This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details
diff --git a/build.gradle b/build.gradle
@@ -4,7 +4,7 @@ plugins {
   id 'jacoco'
   id 'io.spring.dependency-management' version '1.1.0'
   id 'org.springframework.boot' version '2.7.11'
-  id 'org.owasp.dependencycheck' version '8.1.2'
+  id 'org.owasp.dependencycheck' version '9.0.4'
   id 'com.github.ben-manes.versions' version '0.47.0'
   id 'org.sonarqube' version '3.4.0.2513'
   id 'au.com.dius.pact' version '4.2.14'
@@ -59,7 +59,6 @@ allprojects {
     // range of 0-10 fails the build, anything greater and it doesn't fail the build
     failBuildOnCVSS = System.getProperty('dependencyCheck.failBuild') == 'true' ? 0 : 11
     suppressionFile = 'config/owasp/suppressions.xml'
-    cveValidForHours = 24
 
     analyzers {
       // Disable scanning of .NET related binaries

diff --git a/gradle/wrapper/gradle-wrapper.jar b/gradle/wrapper/gradle-wrapper.jar
diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties
@@ -1,5 +1,5 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-7.3-all.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-7.6-all.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
diff --git a/gradlew b/gradlew
@@ -1,7 +1,7 @@
 #!/bin/sh
 
 #
-# Copyright © 2015-2021 the original authors.
+# Copyright © 2015-2021 the original authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -32,10 +32,10 @@
 #       Busybox and similar reduced shells will NOT work, because this script
 #       requires all of these POSIX shell features:
 #         * functions;
-#         * expansions «$var», «${var}», «${var:-default}», «${var+SET}»,
-#           «${var#prefix}», «${var%suffix}», and «$( cmd )»;
-#         * compound commands having a testable exit status, especially «case»;
-#         * various built-in commands including «command», «set», and «ulimit».
+#         * expansions «$var», «${var}», «${var:-default}», «${var+SET}»,
+#           «${var#prefix}», «${var%suffix}», and «$( cmd )»;
+#         * compound commands having a testable exit status, especially «case»;
+#         * various built-in commands including «command», «set», and «ulimit».
 #
 #   Important for patching:
 #