From dd05bcd064e67c0de6e6499d07b22e8459cedbf5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Randi=20=C3=98yri?= <randi.oyri@digdir.no>
Date: Wed, 30 Oct 2024 12:24:57 +0100
Subject: [PATCH] ID-4759: Upgrade to Spring-boot 3.3.4 (user-service) (#227)

---
 .trivyignore |  7 -------
 README.md    | 12 ++++++------
 pom.xml      |  5 ++---
 3 files changed, 8 insertions(+), 16 deletions(-)

diff --git a/.trivyignore b/.trivyignore
index 1b76aad..fae8376 100644
--- a/.trivyignore
+++ b/.trivyignore
@@ -1,8 +1 @@
-CVE-2024-22257 # Broken Access Control in Spring Security. fixed 6.2.2
-CVE-2024-22259 # spring-web. fixed 6.1.5. Brukar ikkje AuthenticatedVoter.
-CVE-2024-22262 # spring-web. fixed: 6.1.6. host validation fail for uricomponentbuilder, does not use it
-CVE-2024-34750 # tomcat - improper exception handling
-CVE-2024-34156 # encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures...
-CVE-2024-38816 # spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource
-CVE-2023-52428 # com.nimbusds:nimbus-jose-jwt: large JWE p2c -> DDOS. fixed 9.37.2
 CVE-2024-38821 # org.springframework.security:spring-security-web: Spring-WebFlux: Authorization Bypass of Static Resources. Fixed 6.2.7, 6.0.13, 6.1.11, 6.3.4
diff --git a/README.md b/README.md
index 5661cc2..ca19972 100644
--- a/README.md
+++ b/README.md
@@ -21,8 +21,11 @@ To build and run the application you need:
 
 The application has profiles located in the [resources](src/main/resources) directory.
 
-| Profile | Description                                    |
-|---------|------------------------------------------------|
+| Profile   | Description                                                      |
+|-----------|------------------------------------------------------------------|
+| local-h2  | Local development with embedded H2-database                      |
+| local-dev | Local development which requires a preinstalled MariaDB database |
+| docker    | User docker cluster locally, run by docker-compose file          |
 
 The application can be started with Maven:
 
@@ -49,8 +52,5 @@ a [default configuration](src/main/resources/application.yaml) in the applicatio
 * DATASOURCE_PASSWORD (password to idporten_user database for user user_service)
 * API_KEY (api-key for /login access)
 
-## Runtime dependencies
-* idporten-validators
-* idporten-access-log-spring-boot-3-starter
-* idporten-log-audit
+
 
diff --git a/pom.xml b/pom.xml
index 190381a..447aeee 100644
--- a/pom.xml
+++ b/pom.xml
@@ -5,7 +5,7 @@
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>3.2.3</version>
+        <version>3.3.4</version>
         <relativePath/> <!-- lookup parent from repository -->
     </parent>
     <groupId>no.idporten</groupId>
@@ -18,14 +18,13 @@
         <idporten-validators.version>1.4.1</idporten-validators.version>
         <idporten-fnr-generate.version>1.0.1</idporten-fnr-generate.version>
         <springdoc.version>2.6.0</springdoc.version>
-        <idporten-access-log.version>2.4.1</idporten-access-log.version>
+        <idporten-access-log.version>2.4.3</idporten-access-log.version>
         <idporten-audit-log.version>1.2.6</idporten-audit-log.version>
         <nimbus.jose.jwt.version>9.23</nimbus.jose.jwt.version>
         <idporten-actuator-starter.version>1.2.0</idporten-actuator-starter.version>
         <open.telemetry.version>2.6.0</open.telemetry.version>
         <mariadb-java-client.version>3.4.1</mariadb-java-client.version>
         <idporten-metric-constants.version>1.1.0</idporten-metric-constants.version>
-        <logback.version>1.5.6</logback.version>
     </properties>
     <dependencies>
         <dependency>