Andreas Svanberg
857f646678
All checks were successful
Build and test / build-and-test (push) Successful in 7m13s
Fixes #28 ([CVE-2024-38809](https://spring.io/security/cve-2024-38809)), #29 ([CVE-2024-38816](https://spring.io/security/cve-2024-38816)), and #46 ([CVE-2024-38820](https://spring.io/security/cve-2024-38820)) Chose to stay on the 3.2 Spring Boot train despite 3.4 being out. Waiting for a more conscious to do the upgrade in case there are other changes required. Luckily none of the preconditions of the vulnerabilities were true for SciPro so they could not be exploited. Reviewed-on: #52 Reviewed-by: Tom Zhao <tom.zhao@dsv.su.se> Co-authored-by: Andreas Svanberg <andreass@dsv.su.se> Co-committed-by: Andreas Svanberg <andreass@dsv.su.se>
452 lines
17 KiB
XML
Executable File
452 lines
17 KiB
XML
Executable File
<?xml version="1.0" encoding="UTF-8"?>
|
|
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
|
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/maven-v4_0_0.xsd">
|
|
|
|
<modelVersion>4.0.0</modelVersion>
|
|
<groupId>se.su.dsv.scipro</groupId>
|
|
<artifactId>SciPro</artifactId>
|
|
<packaging>pom</packaging>
|
|
<version>0.1-SNAPSHOT</version>
|
|
<name>SciPro</name>
|
|
|
|
<modules>
|
|
<module>core</module>
|
|
<module>view</module>
|
|
<module>daisy-integration</module>
|
|
<module>war</module>
|
|
<module>api</module>
|
|
</modules>
|
|
|
|
<properties>
|
|
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
|
|
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
|
|
|
|
<!-- Dependency versions -->
|
|
<slf4j.version>2.0.7</slf4j.version>
|
|
<log4j2.version>2.20.0</log4j2.version>
|
|
<wicket.version>10.1.0</wicket.version>
|
|
|
|
<!-- See https://hibernate.org/orm/releases/ for which version Hibernate implements -->
|
|
<jakarta.persistence-api.version>3.1.0</jakarta.persistence-api.version>
|
|
<hibernate.version>6.5.0.Final</hibernate.version>
|
|
<mariadb-java-client.version>3.2.0</mariadb-java-client.version>
|
|
|
|
<querydsl.version>5.0.0</querydsl.version>
|
|
<jakarta.servlet.version>5.0.0</jakarta.servlet.version>
|
|
<junit.version>5.9.3</junit.version>
|
|
<hsqldb.version>2.7.1</hsqldb.version>
|
|
<mockito.version>5.3.1</mockito.version>
|
|
<flyway.version>9.19.1</flyway.version>
|
|
<jersey.version>3.1.6</jersey.version>
|
|
<poi.version>5.2.5</poi.version>
|
|
<jackson.version>2.17.0</jackson.version>
|
|
|
|
<!-- Database stuff -->
|
|
<database.showSql>false</database.showSql>
|
|
<database.generateDdl>false</database.generateDdl>
|
|
</properties>
|
|
|
|
<dependencyManagement>
|
|
<dependencies>
|
|
<dependency>
|
|
<groupId>se.su.dsv.scipro</groupId>
|
|
<artifactId>core</artifactId>
|
|
<version>${project.version}</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>se.su.dsv.scipro</groupId>
|
|
<artifactId>core</artifactId>
|
|
<version>${project.version}</version>
|
|
<type>test-jar</type>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
|
|
<!-- WICKET DEPENDENCIES -->
|
|
<dependency>
|
|
<groupId>org.apache.wicket</groupId>
|
|
<artifactId>wicket-core</artifactId>
|
|
<version>${wicket.version}</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.apache.wicket</groupId>
|
|
<artifactId>wicket-extensions</artifactId>
|
|
<version>${wicket.version}</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.apache.wicket</groupId>
|
|
<artifactId>wicket-tester</artifactId>
|
|
<version>${wicket.version}</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.wicketstuff</groupId>
|
|
<artifactId>wicketstuff-jasperreports</artifactId>
|
|
<version>${wicket.version}</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.wicketstuff</groupId>
|
|
<artifactId>wicketstuff-select2</artifactId>
|
|
<version>${wicket.version}</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.apache.wicket</groupId>
|
|
<artifactId>wicket-ioc</artifactId>
|
|
<version>${wicket.version}</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.apache.wicket</groupId>
|
|
<artifactId>wicket-spring</artifactId>
|
|
<version>${wicket.version}</version>
|
|
</dependency>
|
|
|
|
<dependency>
|
|
<groupId>org.springframework.boot</groupId>
|
|
<artifactId>spring-boot-dependencies</artifactId>
|
|
<version>3.2.12</version>
|
|
<scope>import</scope>
|
|
<type>pom</type>
|
|
</dependency>
|
|
|
|
<!-- Servlet API, needed for compilation. -->
|
|
<dependency>
|
|
<groupId>jakarta.servlet</groupId>
|
|
<artifactId>jakarta.servlet-api</artifactId>
|
|
<version>${jakarta.servlet.version}</version>
|
|
<scope>provided</scope>
|
|
</dependency>
|
|
|
|
<!-- LOGGING DEPENDENCIES -->
|
|
<dependency>
|
|
<groupId>org.slf4j</groupId>
|
|
<artifactId>slf4j-api</artifactId>
|
|
<version>${slf4j.version}</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.slf4j</groupId>
|
|
<artifactId>jcl-over-slf4j</artifactId>
|
|
<version>${slf4j.version}</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.apache.logging.log4j</groupId>
|
|
<artifactId>log4j-bom</artifactId>
|
|
<version>${log4j2.version}</version>
|
|
<type>pom</type>
|
|
<scope>import</scope>
|
|
</dependency>
|
|
|
|
<!-- Database stuff -->
|
|
<dependency>
|
|
<groupId>org.hsqldb</groupId>
|
|
<artifactId>hsqldb</artifactId>
|
|
<version>${hsqldb.version}</version>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
|
|
<dependency>
|
|
<groupId>org.mariadb.jdbc</groupId>
|
|
<artifactId>mariadb-java-client</artifactId>
|
|
<version>${mariadb-java-client.version}</version>
|
|
</dependency>
|
|
|
|
<!--QueryDSL-->
|
|
<dependency>
|
|
<groupId>com.querydsl</groupId>
|
|
<artifactId>querydsl-bom</artifactId>
|
|
<version>${querydsl.version}</version>
|
|
<type>pom</type>
|
|
<scope>import</scope>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>com.querydsl</groupId>
|
|
<artifactId>querydsl-jpa</artifactId>
|
|
<version>${querydsl.version}</version>
|
|
<classifier>jakarta</classifier>
|
|
</dependency>
|
|
|
|
<!-- JPA -->
|
|
<dependency>
|
|
<groupId>jakarta.persistence</groupId>
|
|
<artifactId>jakarta.persistence-api</artifactId>
|
|
<version>${jakarta.persistence-api.version}</version>
|
|
</dependency>
|
|
<!-- Hibernate impl -->
|
|
<dependency>
|
|
<groupId>org.hibernate.orm</groupId>
|
|
<artifactId>hibernate-core</artifactId>
|
|
<version>${hibernate.version}</version>
|
|
<scope>runtime</scope>
|
|
</dependency>
|
|
|
|
<!-- Jersey/Jax-Rs -->
|
|
<dependency>
|
|
<groupId>jakarta.ws.rs</groupId>
|
|
<artifactId>jakarta.ws.rs-api</artifactId>
|
|
<version>3.1.0</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.glassfish.jersey</groupId>
|
|
<artifactId>jersey-bom</artifactId>
|
|
<version>${jersey.version}</version>
|
|
<type>pom</type>
|
|
<scope>import</scope>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>com.fasterxml.jackson</groupId>
|
|
<artifactId>jackson-bom</artifactId>
|
|
<version>${jackson.version}</version>
|
|
<type>pom</type>
|
|
<scope>import</scope>
|
|
</dependency>
|
|
|
|
<!-- Additional dependencies -->
|
|
<dependency>
|
|
<groupId>com.google.guava</groupId>
|
|
<artifactId>guava</artifactId>
|
|
<version>32.0.1-jre</version>
|
|
</dependency>
|
|
|
|
<dependency>
|
|
<groupId>jakarta.mail</groupId>
|
|
<artifactId>jakarta.mail-api</artifactId>
|
|
<version>2.1.3</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>jakarta.activation</groupId>
|
|
<artifactId>jakarta.activation-api</artifactId>
|
|
<version>2.1.3</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.eclipse.angus</groupId>
|
|
<artifactId>jakarta.mail</artifactId>
|
|
<version>2.0.2</version>
|
|
<scope>runtime</scope>
|
|
</dependency>
|
|
|
|
<!-- Test stuff -->
|
|
<dependency>
|
|
<groupId>org.junit</groupId>
|
|
<artifactId>junit-bom</artifactId>
|
|
<version>${junit.version}</version>
|
|
<type>pom</type>
|
|
<scope>import</scope>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.mockito</groupId>
|
|
<artifactId>mockito-core</artifactId>
|
|
<version>${mockito.version}</version>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.mockito</groupId>
|
|
<artifactId>mockito-junit-jupiter</artifactId>
|
|
<version>${mockito.version}</version>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.hamcrest</groupId>
|
|
<artifactId>hamcrest</artifactId>
|
|
<version>2.2</version>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.apache.poi</groupId>
|
|
<artifactId>poi</artifactId>
|
|
<version>${poi.version}</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.apache.poi</groupId>
|
|
<artifactId>poi-ooxml</artifactId>
|
|
<version>${poi.version}</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.flywaydb</groupId>
|
|
<artifactId>flyway-core</artifactId>
|
|
<version>${flyway.version}</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.flywaydb</groupId>
|
|
<artifactId>flyway-mysql</artifactId>
|
|
<version>${flyway.version}</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.springdoc</groupId>
|
|
<artifactId>springdoc-openapi-starter-webmvc-ui</artifactId>
|
|
<version>2.5.0</version>
|
|
</dependency>
|
|
</dependencies>
|
|
</dependencyManagement>
|
|
|
|
<dependencies>
|
|
<!-- LOGGING DEPENDENCIES - LOG4J -->
|
|
<dependency>
|
|
<groupId>org.slf4j</groupId>
|
|
<artifactId>slf4j-api</artifactId>
|
|
</dependency>
|
|
|
|
<!-- Additional dependencies -->
|
|
<dependency>
|
|
<groupId>javax.inject</groupId>
|
|
<artifactId>javax.inject</artifactId>
|
|
<version>1</version>
|
|
</dependency>
|
|
|
|
<!-- Test stuff -->
|
|
<dependency>
|
|
<groupId>org.junit.jupiter</groupId>
|
|
<artifactId>junit-jupiter</artifactId>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.mockito</groupId>
|
|
<artifactId>mockito-junit-jupiter</artifactId>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.hamcrest</groupId>
|
|
<artifactId>hamcrest</artifactId>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.mockito</groupId>
|
|
<artifactId>mockito-core</artifactId>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.slf4j</groupId>
|
|
<artifactId>slf4j-simple</artifactId>
|
|
<version>${slf4j.version}</version>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
</dependencies>
|
|
|
|
<build>
|
|
<pluginManagement>
|
|
<plugins>
|
|
<plugin>
|
|
<groupId>org.owasp</groupId>
|
|
<artifactId>dependency-check-maven</artifactId>
|
|
<version>6.5.0</version>
|
|
<configuration>
|
|
<suppressionFiles>
|
|
<suppressionFile>owasp.xml</suppressionFile>
|
|
</suppressionFiles>
|
|
</configuration>
|
|
</plugin>
|
|
<plugin>
|
|
<groupId>org.apache.maven.plugins</groupId>
|
|
<artifactId>maven-jar-plugin</artifactId>
|
|
<version>3.3.0</version>
|
|
</plugin>
|
|
<plugin>
|
|
<groupId>org.apache.maven.plugins</groupId>
|
|
<artifactId>maven-compiler-plugin</artifactId>
|
|
<version>3.11.0</version>
|
|
</plugin>
|
|
<plugin>
|
|
<groupId>org.apache.maven.plugins</groupId>
|
|
<artifactId>maven-war-plugin</artifactId>
|
|
<version>3.4.0</version>
|
|
</plugin>
|
|
</plugins>
|
|
</pluginManagement>
|
|
<plugins>
|
|
<plugin>
|
|
<groupId>org.apache.maven.plugins</groupId>
|
|
<artifactId>maven-clean-plugin</artifactId>
|
|
<version>3.3.1</version>
|
|
</plugin>
|
|
<plugin>
|
|
<groupId>org.apache.maven.plugins</groupId>
|
|
<artifactId>maven-dependency-plugin</artifactId>
|
|
<version>3.6.0</version>
|
|
</plugin>
|
|
<plugin>
|
|
<groupId>org.codehaus.mojo</groupId>
|
|
<artifactId>versions-maven-plugin</artifactId>
|
|
<version>2.15.0</version>
|
|
</plugin>
|
|
<plugin>
|
|
<groupId>org.apache.maven.plugins</groupId>
|
|
<artifactId>maven-surefire-plugin</artifactId>
|
|
<version>3.1.0</version>
|
|
</plugin>
|
|
<plugin>
|
|
<groupId>org.apache.maven.plugins</groupId>
|
|
<artifactId>maven-compiler-plugin</artifactId>
|
|
<inherited>true</inherited>
|
|
<configuration>
|
|
<release>17</release>
|
|
<showDeprecation>true</showDeprecation>
|
|
<showWarnings>true</showWarnings>
|
|
</configuration>
|
|
</plugin>
|
|
<plugin>
|
|
<groupId>org.apache.maven.plugins</groupId>
|
|
<artifactId>maven-resources-plugin</artifactId>
|
|
<version>3.3.1</version>
|
|
<configuration>
|
|
<nonFilteredFileExtensions>
|
|
<nonFilteredFileExtension>p12</nonFilteredFileExtension>
|
|
</nonFilteredFileExtensions>
|
|
</configuration>
|
|
</plugin>
|
|
<plugin>
|
|
<groupId>org.apache.maven.plugins</groupId>
|
|
<artifactId>maven-war-plugin</artifactId>
|
|
<configuration>
|
|
<packagingExcludes>WEB-INF/web.xml</packagingExcludes>
|
|
</configuration>
|
|
</plugin>
|
|
<plugin>
|
|
<groupId>com.github.eirslett</groupId>
|
|
<artifactId>frontend-maven-plugin</artifactId>
|
|
<version>1.9.1</version>
|
|
|
|
<!-- the parent execution will reformat all files including submodules -->
|
|
<inherited>false</inherited>
|
|
|
|
<configuration>
|
|
<nodeVersion>v22.11.0</nodeVersion>
|
|
<installDirectory>${project.build.outputDirectory}</installDirectory>
|
|
</configuration>
|
|
<executions>
|
|
<execution>
|
|
<goals>
|
|
<goal>install-node-and-npm</goal>
|
|
</goals>
|
|
<phase>validate</phase>
|
|
</execution>
|
|
<execution>
|
|
<id>install</id>
|
|
<phase>validate</phase>
|
|
<goals>
|
|
<goal>npm</goal>
|
|
</goals>
|
|
<configuration>
|
|
<arguments>install</arguments>
|
|
</configuration>
|
|
</execution>
|
|
<execution>
|
|
<id>check-format</id>
|
|
<phase>verify</phase>
|
|
<goals>
|
|
<goal>npm</goal>
|
|
</goals>
|
|
<configuration>
|
|
<arguments>run format:check</arguments>
|
|
</configuration>
|
|
</execution>
|
|
<execution>
|
|
<id>reformat</id>
|
|
<phase>none</phase>
|
|
<goals>
|
|
<goal>npm</goal>
|
|
</goals>
|
|
<configuration>
|
|
<arguments>run format</arguments>
|
|
</configuration>
|
|
</execution>
|
|
</executions>
|
|
</plugin>
|
|
</plugins>
|
|
</build>
|
|
</project> |