Update all non-major dependencies

Dockerfile

@@ -1,5 +1,5 @@
  # renovate: datasource=github-releases depName=microsoft/ApplicationInsights-Java
-ARG APP_INSIGHTS_AGENT_VERSION=3.4.18
+ARG APP_INSIGHTS_AGENT_VERSION=3.6.2
 
 # Application image
 FROM hmctspublic.azurecr.io/base/java:17-distroless

build.gradle

@@ -4,7 +4,7 @@ buildscript {
     maven { url 'https://jitpack.io' }
   }
   dependencies {
-    classpath("org.yaml:snakeyaml:2.2")
+    classpath("org.yaml:snakeyaml:2.3")
     classpath("net.serenity-bdd:serenity-gradle-plugin:3.2.3")
   }
 }
@@ -14,13 +14,13 @@ plugins {
   id 'checkstyle'
   id 'pmd'
   id 'jacoco'
-  id 'io.spring.dependency-management' version '1.1.4'
+  id 'io.spring.dependency-management' version '1.1.6'
   id 'org.springframework.boot' version '2.7.18'
-  id 'uk.gov.hmcts.java' version '0.12.50'
-  id 'org.owasp.dependencycheck' version '10.0.3'
-  id 'com.github.ben-manes.versions' version '0.50.0'
-  id 'org.sonarqube' version '4.3.0.3225'
-  id 'au.com.dius.pact' version '4.2.14'
+  id 'uk.gov.hmcts.java' version '0.12.63'
+  id 'org.owasp.dependencycheck' version '10.0.4'
+  id 'com.github.ben-manes.versions' version '0.51.0'
+  id 'org.sonarqube' version '4.4.1.3373'
+  id 'au.com.dius.pact' version '4.6.16'
   id 'info.solidsoft.pitest' version '1.15.0'
   id 'io.freefair.lombok' version '6.6.3'
   id 'com.adarshr.test-logger' version '3.2.0'
@@ -31,18 +31,18 @@ apply plugin: "net.serenity-bdd.serenity-gradle-plugin"
 apply plugin: 'project-report'
 
 def versions = [
-        junit              : '5.10.1',
-        junitPlatform      : '1.10.1',
+        junit              : '5.11.4',
+        junitPlatform      : '1.11.4',
         gradlePitest       : '1.15.0',
-        pact_version       : '4.1.38',
-        pitest             : '1.15.3',
+        pact_version       : '4.6.16',
+        pitest             : '1.17.3',
         reformLogging      : '6.0.1',
         reformHealthStarter: '0.0.5',
-        restAssured        : '5.3.2',
-        serenity           : '3.6.22',
+        restAssured        : '5.5.0',
+        serenity           : '3.9.8',
         sonarPitest        : '0.5',
         springHystrix      : '2.2.10.RELEASE',
-        springDoc          : '1.7.0',
+        springDoc          : '1.8.0',
         springCloud        : '3.1.6'
 ]
 
@@ -150,7 +150,7 @@ task fortifyScan(type: JavaExec, description: 'Run fortify scan.')  {
 
 checkstyle {
   maxWarnings = 0
-  toolVersion = '10.12.0'
+  toolVersion = '10.21.0'
   getConfigDirectory().set(new File(rootDir, 'config/checkstyle'))
 }
 
@@ -169,7 +169,7 @@ pmd {
 }
 
 jacoco {
-  toolVersion = "0.8.11"
+  toolVersion = "0.8.12"
 }
 
 jacocoTestReport {
@@ -237,26 +237,26 @@ dependencyManagement {
   dependencies {
 
     dependency group: 'commons-fileupload', name: 'commons-fileupload', version: '1.5'
-    dependency group: 'com.google.guava', name: 'guava', version: '32.1.2-jre'
-    dependency group: 'org.yaml', name: 'snakeyaml', version: '2.2'
+    dependency group: 'com.google.guava', name: 'guava', version: '32.1.3-jre'
+    dependency group: 'org.yaml', name: 'snakeyaml', version: '2.3'
 
-    dependencySet(group: 'com.fasterxml.jackson.core', version: '2.16.0') {
+    dependencySet(group: 'com.fasterxml.jackson.core', version: '2.18.2') {
       entry 'jackson-databind'
       entry 'jackson-core'
       entry 'jackson-annotations'
     }
 
-    dependencySet(group: 'com.fasterxml.jackson.dataformat', version: '2.16.0') {
+    dependencySet(group: 'com.fasterxml.jackson.dataformat', version: '2.18.2') {
       entry 'jackson-dataformat-yaml'
       entry 'jackson-dataformat-cbor'
     }
 
-    dependencySet(group: 'com.fasterxml.jackson.datatype', version: '2.16.0') {
+    dependencySet(group: 'com.fasterxml.jackson.datatype', version: '2.18.2') {
       entry 'jackson-datatype-jsr310'
       entry 'jackson-datatype-jdk8'
     }
 
-    dependencySet(group: 'com.fasterxml.jackson.module', version: '2.16.0') {
+    dependencySet(group: 'com.fasterxml.jackson.module', version: '2.18.2') {
       entry 'jackson-module-parameter-names'
       entry 'jackson-module-afterburner'
     }
@@ -311,69 +311,69 @@ dependencies {
   implementation group: 'org.springframework.boot', name: 'spring-boot-starter-oauth2-resource-server'
   implementation group: 'org.springframework.cloud', name: 'spring-cloud-dependencies', version: 'Hoxton.SR4'
 
-  implementation(group: 'com.github.hmcts', name: 'service-auth-provider-java-client', version: '4.0.3') {
+  implementation(group: 'com.github.hmcts', name: 'service-auth-provider-java-client', version: '4.1.2') {
     exclude group: "org.bouncycastle", module: "bcprov-jdk15on"
   }
-  implementation(group: 'org.springframework.cloud', name: 'spring-cloud-starter-openfeign', version: '3.1.8') {
+  implementation(group: 'org.springframework.cloud', name: 'spring-cloud-starter-openfeign', version: '3.1.9') {
     exclude group: "org.bouncycastle", module: "bcprov-jdk15on"
   }
-  implementation(group: 'org.springframework.cloud', name: 'spring-cloud-starter-bootstrap' , version: '3.1.7') {
+  implementation(group: 'org.springframework.cloud', name: 'spring-cloud-starter-bootstrap' , version: '3.1.9') {
     exclude group: "org.bouncycastle", module: "bcprov-jdk15on"
   }
   implementation(group: 'org.springframework.cloud', name: 'spring-cloud-starter-netflix-hystrix', version: '2.2.10.RELEASE') {
     exclude group: "org.bouncycastle", module: "bcprov-jdk15on"
   }
-  implementation group: 'org.bouncycastle', name: 'bcprov-jdk18on', version: '1.74'
-  implementation group: 'com.github.hmcts.java-logging', name: 'logging', version: '6.0.1'
-  implementation group: 'com.github.hmcts.java-logging', name: 'logging-appinsights', version: '6.0.1'
+  implementation group: 'org.bouncycastle', name: 'bcprov-jdk18on', version: '1.79'
+  implementation group: 'com.github.hmcts.java-logging', name: 'logging', version: '6.1.7'
+  implementation group: 'com.github.hmcts.java-logging', name: 'logging-appinsights', version: '6.1.7'
 
-  implementation group: 'com.github.hmcts', name: 'auth-checker-lib', version: '2.1.6'
+  implementation group: 'com.github.hmcts', name: 'auth-checker-lib', version: '2.3.0'
 
   implementation group: 'org.springdoc', name: 'springdoc-openapi-ui', version: versions.springDoc
 
   implementation group: 'org.apiguardian', name:'apiguardian-api', version: '1.1.2'
 
   // CVE-2019-17195
-  implementation group: 'com.nimbusds', name: 'nimbus-jose-jwt', version: '9.37.2'
+  implementation group: 'com.nimbusds', name: 'nimbus-jose-jwt', version: '9.47'
 
   // CVE-2021-27568
-  implementation group: 'net.minidev', name: 'json-smart', version: '2.5.0'
+  implementation group: 'net.minidev', name: 'json-smart', version: '2.5.1'
 
-  implementation group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.16.0'
+  implementation group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.18.2'
   implementation group: 'org.apache.httpcomponents', name: 'httpclient', version: '4.5.14'
-  implementation group: 'commons-io', name: 'commons-io', version: '2.15.1'
+  implementation group: 'commons-io', name: 'commons-io', version: '2.18.0'
 
-  implementation group: 'ch.qos.logback', name: 'logback-classic', version: '1.2.13'
-  implementation group: 'ch.qos.logback', name: 'logback-core', version: '1.2.13'
+  implementation group: 'ch.qos.logback', name: 'logback-classic', version: '1.5.12'
+  implementation group: 'ch.qos.logback', name: 'logback-core', version: '1.5.12'
   implementation group: 'net.logstash.logback', name: 'logstash-logback-encoder', version: '8.0'
 
-  implementation group: 'net.bytebuddy', name: 'byte-buddy', version: '1.14.10'
+  implementation group: 'net.bytebuddy', name: 'byte-buddy', version: '1.15.11'
   implementation group: 'com.sun.xml.bind', name: 'jaxb-osgi', version: '2.3.9'
   implementation group: 'org.springframework.boot', name: 'spring-boot-starter-cache'
   implementation group: 'com.launchdarkly', name: 'launchdarkly-java-server-sdk', version: '6.3.0'
 
   implementation group: 'com.github.ben-manes.caffeine', name: 'caffeine'
 
-  implementation group: 'org.apache.tomcat.embed', name: 'tomcat-embed-core', version: '9.0.83'
-  implementation group: 'org.apache.tomcat.embed', name: 'tomcat-embed-websocket', version: '9.0.83'
+  implementation group: 'org.apache.tomcat.embed', name: 'tomcat-embed-core', version: '9.0.98'
+  implementation group: 'org.apache.tomcat.embed', name: 'tomcat-embed-websocket', version: '9.0.98'
 
-  compileOnly group: 'org.projectlombok', name: 'lombok', version: '1.18.30'
-  annotationProcessor group: 'org.projectlombok', name: 'lombok', version: '1.18.30'
-  testCompileOnly group: 'org.projectlombok', name: 'lombok', version: '1.18.30'
-  testAnnotationProcessor group: 'org.projectlombok', name: 'lombok', version: '1.18.30'
+  compileOnly group: 'org.projectlombok', name: 'lombok', version: '1.18.36'
+  annotationProcessor group: 'org.projectlombok', name: 'lombok', version: '1.18.36'
+  testCompileOnly group: 'org.projectlombok', name: 'lombok', version: '1.18.36'
+  testAnnotationProcessor group: 'org.projectlombok', name: 'lombok', version: '1.18.36'
 
   testImplementation(group: 'org.springframework.boot', name: 'spring-boot-starter-test', version: '2.7.18') {
     exclude group: 'junit', module: 'junit'
     exclude group: 'org.junit.vintage', module: 'junit-vintage-engine'
   }
 
-  testImplementation group: 'com.github.tomakehurst', name: 'wiremock', version: '2.35.1'
+  testImplementation group: 'com.github.tomakehurst', name: 'wiremock', version: '2.35.2'
   testImplementation group: 'org.mockito', name: 'mockito-core', version: '3.12.4'
   testImplementation group: 'org.powermock', name: 'powermock-api-mockito2', version: '2.0.9'
   testImplementation(group: 'org.springframework.boot', name: 'spring-boot-starter-test') {
     exclude group: "com.vaadin.external.google", module: "android-json"
   }
-  testImplementation(group: 'org.springframework.cloud', name: 'spring-cloud-contract-wiremock', version: '3.1.8') {
+  testImplementation(group: 'org.springframework.cloud', name: 'spring-cloud-contract-wiremock', version: '3.1.10') {
     exclude group: "com.github.tomakehurst", module: "wiremock-standalone"
   }
   testImplementation group: 'org.springframework.security', name: 'spring-security-test'
@@ -382,7 +382,7 @@ dependencies {
   testImplementation "info.solidsoft.gradle.pitest:gradle-pitest-plugin:${versions.gradlePitest}"
   testImplementation "org.codehaus.sonar-plugins:sonar-pitest-plugin:${versions.sonarPitest}"
 
-  testImplementation group: 'net.bytebuddy', name: 'byte-buddy-agent', version: '1.14.10'
+  testImplementation group: 'net.bytebuddy', name: 'byte-buddy-agent', version: '1.15.11'
   testImplementation group: 'com.vladsch.flexmark', name: 'flexmark-all', version: '0.64.8'
 
   testImplementation group: 'io.rest-assured', name: 'rest-assured-all', version: versions.restAssured
@@ -395,15 +395,15 @@ dependencies {
   testImplementation group: 'net.serenity-bdd', name: 'serenity-rest-assured', version: versions.serenity
   testImplementation group: 'net.serenity-bdd', name: 'serenity-spring', version: versions.serenity
 
-  testImplementation group: 'com.github.hmcts', name: 'fortify-client', version: '1.3.0', classifier: 'all', {
+  testImplementation group: 'com.github.hmcts', name: 'fortify-client', version: '1.4.5', classifier: 'all', {
     exclude group: 'commons-io', module: 'commons-io'
     exclude group: 'org.apache.commons', module: 'commons-lang3'
   }
 
   //PACT testing
-  contractTestImplementation group: 'com.google.guava', name: 'guava', version: '32.1.2-jre'
+  contractTestImplementation group: 'com.google.guava', name: 'guava', version: '32.1.3-jre'
   contractTestImplementation group: 'org.springframework.boot', name: 'spring-boot-starter-web'
-  contractTestImplementation group: 'org.assertj', name: 'assertj-core', version: '3.24.2'
+  contractTestImplementation group: 'org.assertj', name: 'assertj-core', version: '3.26.3'
   //pact contract testing
   contractTestImplementation group: 'au.com.dius.pact.consumer', name: 'junit5', version: versions.pact_version
   contractTestImplementation group: 'au.com.dius', name: 'pact-jvm-model', version: '3.6.15'

gradle/wrapper/gradle-wrapper.properties

@@ -1,6 +1,6 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.9-all.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.11.1-all.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME

gradlew

@@ -15,6 +15,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
+# SPDX-License-Identifier: Apache-2.0
+#
 
 ##############################################################################
 #
@@ -55,7 +57,7 @@
 #       Darwin, MinGW, and NonStop.
 #
 #   (3) This script is generated from the Groovy template
-#       https://github.com/gradle/gradle/blob/HEAD/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
+#       https://github.com/gradle/gradle/blob/HEAD/platforms/jvm/plugins-application/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
 #       within the Gradle project.
 #
 #       You can find Gradle at https://github.com/gradle/gradle/.
@@ -84,7 +86,8 @@ done
 # shellcheck disable=SC2034
 APP_BASE_NAME=${0##*/}
 # Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
-APP_HOME=$( cd "${APP_HOME:-./}" > /dev/null && pwd -P ) || exit
+APP_HOME=$( cd -P "${APP_HOME:-./}" > /dev/null && printf '%s
+' "$PWD" ) || exit
 
 # Use the maximum available, or set MAX_FD != -1 to use that value.
 MAX_FD=maximum

gradlew.bat

@@ -13,6 +13,8 @@
 @rem See the License for the specific language governing permissions and
 @rem limitations under the License.
 @rem
+@rem SPDX-License-Identifier: Apache-2.0
+@rem
 
 @if "%DEBUG%"=="" @echo off
 @rem ##########################################################################

infrastructure/.terraform-version

@@ -1 +1 @@
-1.6.5
+1.10.2