DIAC-228 fixing bouncycastle issues (#379)

hmcts · Feb 5, 2024 · 3a8b9dd · 3a8b9dd
1 parent 1b41e14
commit 3a8b9dd
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 8 deletions.
diff --git a/build.gradle b/build.gradle
@@ -309,12 +309,21 @@ dependencies {
   implementation group: 'org.springframework.boot', name: 'spring-boot-starter-validation'
   implementation group: 'org.springframework.boot', name: 'spring-boot-starter-oauth2-client'
   implementation group: 'org.springframework.boot', name: 'spring-boot-starter-oauth2-resource-server'
-  implementation group: 'org.springframework.cloud', name: 'spring-cloud-starter-openfeign', version: versions.springCloud
-  implementation group: 'org.springframework.cloud', name: 'spring-cloud-starter-bootstrap', version: versions.springCloud
-  implementation group: 'org.springframework.cloud', name: 'spring-cloud-starter-netflix-hystrix', version: '2.2.10.RELEASE'
   implementation group: 'org.springframework.cloud', name: 'spring-cloud-dependencies', version: 'Hoxton.SR4'
 
-  implementation group: 'uk.gov.hmcts.reform', name: 'service-auth-provider-client', version: '3.1.4'
+  implementation(group: 'uk.gov.hmcts.reform', name: 'service-auth-provider-client', version: '4.0.0') {
+    exclude group: "org.bouncycastle", module: "bcprov-jdk15on"
+  }
+  implementation(group: 'org.springframework.cloud', name: 'spring-cloud-starter-openfeign', version: '3.1.8') {
+    exclude group: "org.bouncycastle", module: "bcprov-jdk15on"
+  }
+  implementation(group: 'org.springframework.cloud', name: 'spring-cloud-starter-bootstrap' , version: '3.1.7') {
+    exclude group: "org.bouncycastle", module: "bcprov-jdk15on"
+  }
+  implementation(group: 'org.springframework.cloud', name: 'spring-cloud-starter-netflix-hystrix', version: '2.2.10.RELEASE') {
+    exclude group: "org.bouncycastle", module: "bcprov-jdk15on"
+  }
+  implementation group: 'org.bouncycastle', name: 'bcprov-jdk18on', version: '1.74'
   implementation group: 'com.github.hmcts.java-logging', name: 'logging', version: '6.0.1'
   implementation group: 'uk.gov.hmcts.reform', name: 'logging', version: '5.1.7'
   implementation group: 'uk.gov.hmcts.reform', name: 'logging-appinsights', version: '5.1.7'

diff --git a/config/owasp/suppressions.xml b/config/owasp/suppressions.xml
@@ -20,8 +20,4 @@
             ]]</notes>
         <cve>CVE-2022-45688</cve>
     </suppress>
-    <suppress until="2024-01-31">
-        <notes>Suppress until org.springframework.cloud and uk.gov.hmcts.reform/service-auth-provider-client upgrade their org.bouncycastle dependents</notes>
-        <cve>CVE-2023-33202</cve>
-    </suppress>
 </suppressions>