Snyk/updates 10 2024 (#748)

* fix: upgrade axios from 1.7.4 to 1.7.7

Snyk has created this PR to upgrade axios from 1.7.4 to 1.7.7.

See this package in yarn:
axios

See this project in Snyk:
https://app.snyk.io/org/oph-snyk/project/84abdeeb-9d9e-4376-92f5-0d0983809ad7?utm_source=github-cloud-app&utm_medium=referral&page=upgrade-pr

* fix: upgrade org.liquibase:liquibase-core from 4.29.1 to 4.29.2

Snyk has created this PR to upgrade org.liquibase:liquibase-core from 4.29.1 to 4.29.2.

See this package in maven:
org.liquibase:liquibase-core

See this project in Snyk:
https://app.snyk.io/org/oph-snyk/project/d824f7ed-bf61-4724-becd-c480f7e7c8ea?utm_source=github-cloud-app&utm_medium=referral&page=upgrade-pr

* fix: upgrade io.netty:netty-resolver-dns-native-macos from 4.1.112.Final to 4.1.113.Final

Snyk has created this PR to upgrade io.netty:netty-resolver-dns-native-macos from 4.1.112.Final to 4.1.113.Final.

See this package in maven:
io.netty:netty-resolver-dns-native-macos

See this project in Snyk:
https://app.snyk.io/org/oph-snyk/project/e59ac9f1-fa97-493f-be51-738241cda069?utm_source=github-cloud-app&utm_medium=referral&page=upgrade-pr

* fix: upgrade react-router-dom from 6.26.1 to 6.26.2

Snyk has created this PR to upgrade react-router-dom from 6.26.1 to 6.26.2.

See this package in yarn:
react-router-dom

See this project in Snyk:
https://app.snyk.io/org/oph-snyk/project/84abdeeb-9d9e-4376-92f5-0d0983809ad7?utm_source=github-cloud-app&utm_medium=referral&page=upgrade-pr

* fix: backend/pom.xml to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8230364
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8230365

* fix: backend/pom.xml to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8230364
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8230365
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8230366

* fix: backend/pom.xml to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8230372
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8230373
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8230364
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8230365
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8230366
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8230367
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8230368

* fix: backend/pom.xml to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8230372
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8230373
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8230364
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8230365
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8230366
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8230367
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8230368

* fix: backend/pom.xml to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-8309135
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8230372
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8230373
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8230364
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8230365
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8230366
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8230367
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8230368

* VKT:AKR:OTR:YKI(Backend) Dummy commit for [deploy]

* YKI(Backend) Disable default authentication [deploy]

---------

Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com>

backend/akr/src/main/java/fi/oph/akr/config/AppConfig.java

@@ -86,15 +86,15 @@ public SpringResourceTemplateResolver emailTemplateResolver(final ApplicationCon
   }
 
   private static WebClient.Builder webClientBuilderWithCallerId(final String connectionProviderName) {
-    ConnectionProvider connectionProvider = ConnectionProvider
+    final ConnectionProvider connectionProvider = ConnectionProvider
       .builder(connectionProviderName)
       .maxConnections(50)
       .maxIdleTime(Duration.ofSeconds(20))
       .maxLifeTime(Duration.ofSeconds(60))
       .pendingAcquireTimeout(Duration.ofSeconds(60))
       .evictInBackground(Duration.ofSeconds(120))
       .build();
-    HttpClient httpClient = HttpClient.create(connectionProvider);
+    final HttpClient httpClient = HttpClient.create(connectionProvider);
     return WebClient
       .builder()
       .defaultHeader("Caller-Id", Constants.CALLER_ID)

backend/otr/src/main/java/fi/oph/otr/util/DateUtil.java

@@ -1,7 +1,6 @@
 package fi.oph.otr.util;
 
 import java.time.LocalDate;
-import java.time.LocalDateTime;
 import java.time.format.DateTimeFormatter;
 
 public class DateUtil {

backend/pom.xml

@@ -33,9 +33,9 @@
     <!-- openai v2 https://springdoc.org/#migrating-from-springdoc-v1 -->
     <springdoc-openapi.version>2.6.0</springdoc-openapi.version>
     <!-- latest version for Java 17 https://github.com/lukas-krecan/ShedLock#versions -->
-    <shedlock.version>4.48.0</shedlock.version>
+    <shedlock.version>5.13.0</shedlock.version>
     <poi.version>5.3.0</poi.version>
-    <liquibase.version>4.29.1</liquibase.version>
+    <liquibase.version>4.29.2</liquibase.version>
   </properties>
 
   <dependencies>
@@ -55,13 +55,13 @@
     <dependency>
       <groupId>org.springframework.security</groupId>
       <artifactId>spring-security-config</artifactId>
-      <version>6.3.3</version>
+      <version>6.3.4</version>
     </dependency>
     <!-- Force 6.3.3 since there is vulnerability in 6.3.1 -->
     <dependency>
       <groupId>org.springframework.security</groupId>
       <artifactId>spring-security-web</artifactId>
-      <version>6.3.3</version>
+      <version>6.3.4</version>
     </dependency>
     <dependency>
       <groupId>org.springframework.boot</groupId>

backend/vkt/pom.xml

@@ -51,7 +51,7 @@
     <dependency>
       <groupId>io.netty</groupId>
       <artifactId>netty-resolver-dns-native-macos</artifactId>
-      <version>4.1.112.Final</version>
+      <version>4.1.113.Final</version>
       <classifier>osx-aarch_64</classifier>
       <scope>runtime</scope>
     </dependency>

backend/vkt/src/main/java/fi/oph/vkt/repository/CasTicketRepository.java

@@ -1,7 +1,6 @@
 package fi.oph.vkt.repository;
 
 import fi.oph.vkt.model.CasTicket;
-import fi.oph.vkt.model.Person;
 import java.time.LocalDateTime;
 import java.util.List;
 import java.util.Optional;

backend/yki/src/main/java/fi/oph/yki/YkiApplication.java

@@ -6,7 +6,7 @@
 @SpringBootApplication
 public class YkiApplication {
 
-  public static void main(String[] args) {
+  public static void main(final String[] args) {
     SpringApplication.run(YkiApplication.class, args);
   }
 }

backend/yki/src/main/java/fi/oph/yki/config/security/WebSecurityConfig.java

@@ -2,6 +2,8 @@
 
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.AuthenticationServiceException;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.web.SecurityFilterChain;
@@ -31,4 +33,11 @@ public static HttpSecurity configCsrf(final HttpSecurity httpSecurity) throws Ex
       configurer.csrfTokenRepository(csrfTokenRepository).csrfTokenRequestHandler(requestHandler)
     );
   }
+
+  @Bean
+  public AuthenticationManager noopAuthenticationManager() {
+    return authentication -> {
+      throw new AuthenticationServiceException("Authentication is disabled");
+    };
+  }
 }

frontend/package.json

@@ -34,7 +34,7 @@
     "@mui/x-date-pickers": "^5.0.20",
     "@reduxjs/toolkit": "^1.9.7",
     "@types/js-cookie": "^3.0.6",
-    "axios": "^1.7.4",
+    "axios": "^1.7.7",
     "dayjs": "^1.11.13",
     "finnish-personal-identity-code-validator": "kimmotaskinen/finnish-personal-identity-code-validator#support-new-delimiters",
     "history": "^5.3.0",
@@ -46,7 +46,7 @@
     "react-dom": "^18.3.1",
     "react-i18next": "^13.5.0",
     "react-redux": "^8.1.3",
-    "react-router-dom": "6.26.1",
+    "react-router-dom": "6.26.2",
     "redux-saga": "^1.3.0"
   },
   "devDependencies": {

frontend/yarn.lock

@@ -2633,7 +2633,7 @@ __metadata:
     "@types/react-test-renderer": "npm:^18.0.5"
     "@typescript-eslint/eslint-plugin": "npm:^6.10.0"
     "@typescript-eslint/parser": "npm:^6.10.0"
-    axios: "npm:^1.7.4"
+    axios: "npm:^1.7.7"
     babel-jest: "npm:^29.7.0"
     babel-loader: "npm:^9.1.3"
     compression-webpack-plugin: "npm:^10.0.0"
@@ -2670,7 +2670,7 @@ __metadata:
     react-dom: "npm:^18.3.1"
     react-i18next: "npm:^13.5.0"
     react-redux: "npm:^8.1.3"
-    react-router-dom: "npm:6.26.1"
+    react-router-dom: "npm:6.26.2"
     react-test-renderer: "npm:^18.2.0"
     redux-saga: "npm:^1.3.0"
     sass: "npm:^1.69.5"
@@ -2816,10 +2816,10 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@remix-run/router@npm:1.19.1":
-  version: 1.19.1
-  resolution: "@remix-run/router@npm:1.19.1"
-  checksum: 2800c2f6567a982fe942aacc4cb5b170e7cc89bd455960e3bea2424161ff7dac32d01886322d88dd19b88d1bea711f39566d17f02b73eeb74999affb471f8f52
+"@remix-run/router@npm:1.19.2":
+  version: 1.19.2
+  resolution: "@remix-run/router@npm:1.19.2"
+  checksum: 31b62b66ea68bd62018189047de7b262700113438f62407df019f81a9856a08a705b2b77454be9293518e2f5f3bbf3f8b858ac19f48cb7d89f8ab56b7b630c19
   languageName: node
   linkType: hard
 
@@ -4331,14 +4331,14 @@ __metadata:
   languageName: node
   linkType: hard
 
-"axios@npm:^1.7.4":
-  version: 1.7.4
-  resolution: "axios@npm:1.7.4"
+"axios@npm:^1.7.7":
+  version: 1.7.7
+  resolution: "axios@npm:1.7.7"
   dependencies:
     follow-redirects: "npm:^1.15.6"
     form-data: "npm:^4.0.0"
     proxy-from-env: "npm:^1.1.0"
-  checksum: 7a1429be1e3d0c2e1b96d4bba4d113efbfabc7c724bed107beb535c782c7bea447ff634886b0c7c43395a264d085450d009eb1154b5f38a8bae49d469fdcbc61
+  checksum: 7f875ea13b9298cd7b40fd09985209f7a38d38321f1118c701520939de2f113c4ba137832fe8e3f811f99a38e12c8225481011023209a77b0c0641270e20cde1
   languageName: node
   linkType: hard
 
@@ -11076,27 +11076,27 @@ __metadata:
   languageName: node
   linkType: hard
 
-"react-router-dom@npm:6.26.1":
-  version: 6.26.1
-  resolution: "react-router-dom@npm:6.26.1"
+"react-router-dom@npm:6.26.2":
+  version: 6.26.2
+  resolution: "react-router-dom@npm:6.26.2"
   dependencies:
-    "@remix-run/router": "npm:1.19.1"
-    react-router: "npm:6.26.1"
+    "@remix-run/router": "npm:1.19.2"
+    react-router: "npm:6.26.2"
   peerDependencies:
     react: ">=16.8"
     react-dom: ">=16.8"
-  checksum: 1bd255d1ff88f477699c72656e7c07702a907e644388a1bea1c648f2df0c3c86db2e90bea945b1d43eaf84ebab194f3868f3788502965ad5f20c508c6874f1fe
+  checksum: 4eee37839bd1a660807c090b4d272e4aa9b95d8a9a932cdcdf7c5b10735f39b6db73bad79b08a3012386a7e225ff6bf60435e2741fb7c68e137ac5a6295d4308
   languageName: node
   linkType: hard
 
-"react-router@npm:6.26.1":
-  version: 6.26.1
-  resolution: "react-router@npm:6.26.1"
+"react-router@npm:6.26.2":
+  version: 6.26.2
+  resolution: "react-router@npm:6.26.2"
   dependencies:
-    "@remix-run/router": "npm:1.19.1"
+    "@remix-run/router": "npm:1.19.2"
   peerDependencies:
     react: ">=16.8"
-  checksum: b3761515c75da65a1678f005d08a6285ceccd9df7237ae6fdd9ab2ab816ef328435b75610f705ecd9ecd41c6878fd22eb9b44c5391cdef2e1ed99ddbc78de8a4
+  checksum: 496e855b53e61066c1791e354f5d79eab56a128d9722fdc6486c3ecd3b3a0bf9968e927028f429893b157f3cc10fc09e890a055847723ee242663e7995fedc9d
   languageName: node
   linkType: hard