Merge pull request #766 from Opetushallitus/fix/snyk-2024-12

security updates 2024-12
Opetushallitus · Dec 13, 2024 · c0a3a6f · c0a3a6f
2 parents 01b9dd7 + e9cc8b3
commit c0a3a6f
Show file tree

Hide file tree

Showing 15 changed files with 64 additions and 58 deletions.
diff --git a/.github/workflows/akr.yml b/.github/workflows/akr.yml
@@ -5,6 +5,7 @@ on:
   push:
     paths:
       - "backend/akr/**"
+      - "backend/pom.xml"
       - "frontend/packages/akr/**"
       - "frontend/yarn.lock"
       - "!**/*.md"

diff --git a/.github/workflows/common-backend.yml b/.github/workflows/common-backend.yml
@@ -18,7 +18,7 @@ env:
 
 jobs:
   common-backend:
-    if: ${{ contains(github.event.head_commit.message, inputs.app-name) }}
+    if: ${{ contains(github.event.head_commit.message, inputs.app-name) || contains(github.ref, 'snyk-io') }}
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3

diff --git a/.github/workflows/common-frontend.yml b/.github/workflows/common-frontend.yml
@@ -18,7 +18,7 @@ env:
 
 jobs:
   common-frontend:
-    if: ${{ contains(github.event.head_commit.message, inputs.app-name) || contains(github.ref, 'dependabot') }}
+    if: ${{ contains(github.event.head_commit.message, inputs.app-name) || contains(github.ref, 'snyk-io') }}
     runs-on: ubuntu-latest
     strategy:
       matrix:

diff --git a/.github/workflows/otr.yml b/.github/workflows/otr.yml
@@ -5,6 +5,7 @@ on:
   push:
     paths:
       - "backend/otr/**"
+      - "backend/pom.xml"
       - "frontend/packages/otr/**"
       - "frontend/yarn.lock"
       - "!**/*.md"

diff --git a/.github/workflows/vkt.yml b/.github/workflows/vkt.yml
@@ -5,6 +5,7 @@ on:
   push:
     paths:
       - "backend/vkt/**"
+      - "backend/pom.xml"
       - "frontend/packages/vkt/**"
       - "frontend/yarn.lock"
       - "!**/*.md"

diff --git a/.github/workflows/yki.yml b/.github/workflows/yki.yml
@@ -5,6 +5,7 @@ on:
   push:
     paths:
       - "backend/yki/**"
+      - "backend/pom.xml"
       - "frontend/packages/yki/**"
       - "frontend/yarn.lock"
       - "!**/*.md"

diff --git a/backend/akr/pom.xml b/backend/akr/pom.xml
@@ -21,7 +21,7 @@
     <dependency>
       <groupId>commons-io</groupId>
       <artifactId>commons-io</artifactId>
-      <version>2.16.1</version>
+      <version>2.17.0</version>
     </dependency>
   </dependencies>
 </project>
diff --git a/backend/akr/src/main/resources/application.yaml b/backend/akr/src/main/resources/application.yaml
@@ -33,16 +33,17 @@ spring:
     templateResolverOrder: 1
 management:
   endpoints:
-    enabled-by-default: false
+    access:
+      default: none
     web:
       base-path: "/api/actuator"
       exposure:
         include: "health,info"
   endpoint:
     info:
-      enabled: true
+      access: read_only
     health:
-      enabled: true
+      access: read_only
 springdoc:
   swagger-ui:
     path: /api/swagger-ui.html

diff --git a/backend/otr/src/main/resources/application.yaml b/backend/otr/src/main/resources/application.yaml
@@ -33,16 +33,17 @@ spring:
     templateResolverOrder: 1
 management:
   endpoints:
-    enabled-by-default: false
+    access:
+      default: none
     web:
       base-path: "/api/actuator"
       exposure:
         include: "health,info"
   endpoint:
     info:
-      enabled: true
+      access: read_only
     health:
-      enabled: true
+      access: read_only
 springdoc:
   swagger-ui:
     path: /api/swagger-ui.html

diff --git a/backend/pom.xml b/backend/pom.xml
@@ -7,7 +7,7 @@
   <parent>
     <groupId>org.springframework.boot</groupId>
     <artifactId>spring-boot-starter-parent</artifactId>
-    <version>3.3.2</version>
+    <version>3.4.0</version>
     <relativePath/>
   </parent>
   <!-- lookup parent from repository -->
@@ -31,11 +31,12 @@
     <plugin.prettier.goal>write</plugin.prettier.goal>
 
     <!-- openai v2 https://springdoc.org/#migrating-from-springdoc-v1 -->
-    <springdoc-openapi.version>2.6.0</springdoc-openapi.version>
+    <springdoc-openapi.version>2.7.0</springdoc-openapi.version>
     <!-- latest version for Java 17 https://github.com/lukas-krecan/ShedLock#versions -->
-    <shedlock.version>5.13.0</shedlock.version>
+    <shedlock.version>5.16.0</shedlock.version>
     <poi.version>5.3.0</poi.version>
     <liquibase.version>4.29.2</liquibase.version>
+    <spring-framework.version>6.2.1</spring-framework.version>
   </properties>
 
   <dependencies>
@@ -51,17 +52,13 @@
       <groupId>org.springframework.boot</groupId>
       <artifactId>spring-boot-starter-security</artifactId>
     </dependency>
-    <!-- Force 6.3.3 since there is vulnerability in 6.3.1 -->
     <dependency>
       <groupId>org.springframework.security</groupId>
       <artifactId>spring-security-config</artifactId>
-      <version>6.3.4</version>
     </dependency>
-    <!-- Force 6.3.3 since there is vulnerability in 6.3.1 -->
     <dependency>
       <groupId>org.springframework.security</groupId>
       <artifactId>spring-security-web</artifactId>
-      <version>6.3.4</version>
     </dependency>
     <dependency>
       <groupId>org.springframework.boot</groupId>
@@ -135,6 +132,7 @@
       <groupId>com.squareup.okhttp3</groupId>
       <artifactId>mockwebserver</artifactId>
       <scope>test</scope>
+      <version>4.12.0</version>
     </dependency>
     <dependency>
       <groupId>org.jsoup</groupId>

diff --git a/backend/vkt/pom.xml b/backend/vkt/pom.xml
@@ -51,7 +51,7 @@
     <dependency>
       <groupId>io.netty</groupId>
       <artifactId>netty-resolver-dns-native-macos</artifactId>
-      <version>4.1.113.Final</version>
+      <version>4.1.115.Final</version>
       <classifier>osx-aarch_64</classifier>
       <scope>runtime</scope>
     </dependency>

diff --git a/backend/vkt/src/main/resources/application.yaml b/backend/vkt/src/main/resources/application.yaml
@@ -41,16 +41,17 @@ spring:
     templateResolverOrder: 1
 management:
   endpoints:
-    enabled-by-default: false
+    access:
+      default: none
     web:
       base-path: "/api/actuator"
       exposure:
         include: "health,info"
   endpoint:
     info:
-      enabled: true
+      access: read_only
     health:
-      enabled: true
+      access: read_only
 springdoc:
   swagger-ui:
     path: /api/swagger-ui.html

diff --git a/backend/yki/src/main/resources/application.yaml b/backend/yki/src/main/resources/application.yaml
@@ -20,16 +20,17 @@ spring:
     templateResolverOrder: 1
 management:
   endpoints:
-    enabled-by-default: false
+    access:
+      default: none
     web:
       base-path: "/status"
       exposure:
         include: "health,info"
   endpoint:
     info:
-      enabled: true
+      access: read_only
     health:
-      enabled: true
+      access: read_only
 springdoc:
   swagger-ui:
     path: /swagger-ui.html

diff --git a/frontend/package.json b/frontend/package.json
@@ -27,26 +27,26 @@
   "dependencies": {
     "@emotion/react": "^11.13.0",
     "@emotion/styled": "^11.13.0",
-    "@fontsource/roboto": "^5.0.14",
+    "@fontsource/roboto": "^5.1.0",
     "@mui/icons-material": "^5.16.7",
     "@mui/material": "^5.16.7",
     "@mui/system": "^5.16.7",
     "@mui/x-date-pickers": "^5.0.20",
     "@reduxjs/toolkit": "^1.9.7",
     "@types/js-cookie": "^3.0.6",
-    "axios": "^1.7.7",
+    "axios": "^1.7.8",
     "dayjs": "^1.11.13",
     "finnish-personal-identity-code-validator": "kimmotaskinen/finnish-personal-identity-code-validator#support-new-delimiters",
     "history": "^5.3.0",
-    "i18next": "^23.14.0",
+    "i18next": "^23.16.0",
     "i18next-browser-languagedetector": "^7.2.1",
     "js-cookie": "^3.0.5",
     "normalize.css": "^8.0.1",
     "react": "^18.3.1",
     "react-dom": "^18.3.1",
     "react-i18next": "^13.5.0",
     "react-redux": "^8.1.3",
-    "react-router-dom": "6.26.2",
+    "react-router-dom": "6.27.0",
     "redux-saga": "^1.3.0"
   },
   "devDependencies": {

diff --git a/frontend/yarn.lock b/frontend/yarn.lock
@@ -1909,10 +1909,10 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@fontsource/roboto@npm:^5.0.14":
-  version: 5.0.15
-  resolution: "@fontsource/roboto@npm:5.0.15"
-  checksum: 99e1aaf6b1d7cda566c3eb03b44f5b6250d27d2e49ba5364beae3295eaa422983bc0e799aad71ba81958cf7ce0eb0c237d50f266166e930d04d9178a8d9c7295
+"@fontsource/roboto@npm:^5.1.0":
+  version: 5.1.0
+  resolution: "@fontsource/roboto@npm:5.1.0"
+  checksum: a6fb7d4a4605bead714b7e9151912bc7a7577ce8c2cd7e4e725d1ab38d6c5e654f61f38c62cb122504c20f63114a76081fedd532520a4d769e1271d432b61636
   languageName: node
   linkType: hard
 
@@ -2613,7 +2613,7 @@ __metadata:
     "@cypress/webpack-preprocessor": "npm:^6.0.0"
     "@emotion/react": "npm:^11.13.0"
     "@emotion/styled": "npm:^11.13.0"
-    "@fontsource/roboto": "npm:^5.0.14"
+    "@fontsource/roboto": "npm:^5.1.0"
     "@mui/icons-material": "npm:^5.16.7"
     "@mui/material": "npm:^5.16.7"
     "@mui/system": "npm:^5.16.7"
@@ -2633,7 +2633,7 @@ __metadata:
     "@types/react-test-renderer": "npm:^18.0.5"
     "@typescript-eslint/eslint-plugin": "npm:^6.10.0"
     "@typescript-eslint/parser": "npm:^6.10.0"
-    axios: "npm:^1.7.7"
+    axios: "npm:^1.7.8"
     babel-jest: "npm:^29.7.0"
     babel-loader: "npm:^9.1.3"
     compression-webpack-plugin: "npm:^10.0.0"
@@ -2656,7 +2656,7 @@ __metadata:
     git-revision-webpack-plugin: "npm:^5.0.0"
     history: "npm:^5.3.0"
     html-webpack-plugin: "npm:^5.5.3"
-    i18next: "npm:^23.14.0"
+    i18next: "npm:^23.16.0"
     i18next-browser-languagedetector: "npm:^7.2.1"
     jest: "npm:^29.7.0"
     jest-environment-jsdom: "npm:^29.7.0"
@@ -2670,7 +2670,7 @@ __metadata:
     react-dom: "npm:^18.3.1"
     react-i18next: "npm:^13.5.0"
     react-redux: "npm:^8.1.3"
-    react-router-dom: "npm:6.26.2"
+    react-router-dom: "npm:6.27.0"
     react-test-renderer: "npm:^18.2.0"
     redux-saga: "npm:^1.3.0"
     sass: "npm:^1.69.5"
@@ -2816,10 +2816,10 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@remix-run/router@npm:1.19.2":
-  version: 1.19.2
-  resolution: "@remix-run/router@npm:1.19.2"
-  checksum: 31b62b66ea68bd62018189047de7b262700113438f62407df019f81a9856a08a705b2b77454be9293518e2f5f3bbf3f8b858ac19f48cb7d89f8ab56b7b630c19
+"@remix-run/router@npm:1.20.0":
+  version: 1.20.0
+  resolution: "@remix-run/router@npm:1.20.0"
+  checksum: e1d2420db94a1855b97f1784898d0ae389cf3b77129b8f419e51d4833b77ca2c92ac09e2cb558015324d64580a138fd6faa31e52fcc3ba90e3cc382a1a324d4a
   languageName: node
   linkType: hard
 
@@ -4331,14 +4331,14 @@ __metadata:
   languageName: node
   linkType: hard
 
-"axios@npm:^1.7.7":
-  version: 1.7.7
-  resolution: "axios@npm:1.7.7"
+"axios@npm:^1.7.8":
+  version: 1.7.8
+  resolution: "axios@npm:1.7.8"
   dependencies:
     follow-redirects: "npm:^1.15.6"
     form-data: "npm:^4.0.0"
     proxy-from-env: "npm:^1.1.0"
-  checksum: 7f875ea13b9298cd7b40fd09985209f7a38d38321f1118c701520939de2f113c4ba137832fe8e3f811f99a38e12c8225481011023209a77b0c0641270e20cde1
+  checksum: 7ddcde188041ac55090186254b4025eb2af842be3cf615ce45393fd7f543c1eab0ad2fdd2017a5f6190695e3ecea73ee5e9c37f204854aec2698f9579046efdf
   languageName: node
   linkType: hard
 
@@ -7838,12 +7838,12 @@ __metadata:
   languageName: node
   linkType: hard
 
-"i18next@npm:^23.14.0":
-  version: 23.15.1
-  resolution: "i18next@npm:23.15.1"
+"i18next@npm:^23.16.0":
+  version: 23.16.4
+  resolution: "i18next@npm:23.16.4"
   dependencies:
     "@babel/runtime": "npm:^7.23.2"
-  checksum: bfd4935517ddd68bd12ccc0b7bd454f1a19403b627d79a2fe81c9059380674f085804f8d7475dd248a887f90d9e2da0f9be64179ddf32e9eebac47e4b9f92889
+  checksum: a3aa6189aa4bf3022c372a03c88a2216d420b70f01369bd1017f7e51d0ed012dcda8b5f6476021835ab9574ee0ac5d056049fe4b720b5458b42bcc6ae66bd38d
   languageName: node
   linkType: hard
 
@@ -11076,27 +11076,27 @@ __metadata:
   languageName: node
   linkType: hard
 
-"react-router-dom@npm:6.26.2":
-  version: 6.26.2
-  resolution: "react-router-dom@npm:6.26.2"
+"react-router-dom@npm:6.27.0":
+  version: 6.27.0
+  resolution: "react-router-dom@npm:6.27.0"
   dependencies:
-    "@remix-run/router": "npm:1.19.2"
-    react-router: "npm:6.26.2"
+    "@remix-run/router": "npm:1.20.0"
+    react-router: "npm:6.27.0"
   peerDependencies:
     react: ">=16.8"
     react-dom: ">=16.8"
-  checksum: 4eee37839bd1a660807c090b4d272e4aa9b95d8a9a932cdcdf7c5b10735f39b6db73bad79b08a3012386a7e225ff6bf60435e2741fb7c68e137ac5a6295d4308
+  checksum: cfbcbc1d387d3341a335e3a075e487cc09dcbb62f1b83bc827fc3eec937523d5647a2c4488c804dc61581e65561823d0166d17b5dbc8579998c25b5a0bcabad6
   languageName: node
   linkType: hard
 
-"react-router@npm:6.26.2":
-  version: 6.26.2
-  resolution: "react-router@npm:6.26.2"
+"react-router@npm:6.27.0":
+  version: 6.27.0
+  resolution: "react-router@npm:6.27.0"
   dependencies:
-    "@remix-run/router": "npm:1.19.2"
+    "@remix-run/router": "npm:1.20.0"
   peerDependencies:
     react: ">=16.8"
-  checksum: 496e855b53e61066c1791e354f5d79eab56a128d9722fdc6486c3ecd3b3a0bf9968e927028f429893b157f3cc10fc09e890a055847723ee242663e7995fedc9d
+  checksum: 352e3af2075cdccf9d114b7e06d94a1b46a2147ba9d6e8643787a92464f5fd9ead950252a98d551f99f21860288bcf3a4f088cb5f46b28d1274a4e2ba24cc0f9
   languageName: node
   linkType: hard