Merge pull request #28 from Kilemonn/upgrade-depdencies-reduce-vulnerabilities

Upgrade depdencies reduce vulnerabilities

Author: Kilemonn

build.gradle.kts

@@ -1,62 +1,61 @@
 import org.jetbrains.kotlin.gradle.tasks.KotlinCompile
 
 plugins {
-    id("org.springframework.boot") version "2.7.5"
-    id("io.spring.dependency-management") version "1.0.14.RELEASE"
-    kotlin("jvm") version "1.8.20"
-    kotlin("plugin.spring") version "1.8.20"
+    id("org.springframework.boot") version "3.2.0"
+    id("io.spring.dependency-management") version "1.1.4"
+    kotlin("jvm") version "1.9.21"
+    kotlin("plugin.spring") version "1.9.21"
     jacoco
 }
 
 group = "au.kilemon"
 // Make sure version matches version defined in MessageQueueApplication
-version = "0.3.0"
+version = "0.3.1"
 java.sourceCompatibility = JavaVersion.VERSION_17
 
 repositories {
     mavenCentral()
 }
 
 dependencies {
-    implementation("org.springframework.boot:spring-boot-starter-web:3.0.6")
-    implementation("org.springframework.boot:spring-boot-starter-validation:2.7.5")
-
+    implementation("org.springframework.boot:spring-boot-starter-web:3.2.0")
+    implementation("org.springframework.boot:spring-boot-starter-validation:3.2.0")
+    implementation("org.springframework.boot:spring-boot-starter-data-redis:3.2.0")
     // JPA dependency
-    implementation("org.springframework.boot:spring-boot-starter-data-jpa:2.7.5")
-
-    // https://mvnrepository.com/artifact/org.springdoc/springdoc-openapi-ui
-    implementation("org.springdoc:springdoc-openapi-ui:1.6.11")
+    implementation("org.springframework.boot:spring-boot-starter-data-jpa:3.2.0")
+    // No SQL drivers
+    // https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-data-mongodb
+    implementation("org.springframework.boot:spring-boot-starter-data-mongodb:3.2.0")
 
-    implementation("org.springframework.boot:spring-boot-starter-data-redis:3.0.6")
+    // https://mvnrepository.com/artifact/org.springdoc/springdoc-openapi-starter-webmvc-ui
+    implementation("org.springdoc:springdoc-openapi-starter-webmvc-api:2.3.0")
+    // https://mvnrepository.com/artifact/org.springdoc/springdoc-openapi-starter-webmvc-ui
+    implementation("org.springdoc:springdoc-openapi-starter-webmvc-ui:2.3.0")
 
-    implementation("com.google.code.gson:gson:2.10")
+    implementation("com.google.code.gson:gson:2.10.1")
 
-    compileOnly("org.projectlombok:lombok:1.18.24")
+    compileOnly("org.projectlombok:lombok:1.18.30")
 
     // https://mvnrepository.com/artifact/org.jetbrains.kotlin/kotlin-reflect
-    runtimeOnly("org.jetbrains.kotlin:kotlin-reflect:1.8.20")
+    runtimeOnly("org.jetbrains.kotlin:kotlin-reflect:1.9.21")
 
     // Database drivers
     // https://mvnrepository.com/artifact/com.mysql/mysql-connector-j
-    implementation("com.mysql:mysql-connector-j:8.0.31")
+    implementation("com.mysql:mysql-connector-j:8.2.0")
     // https://mvnrepository.com/artifact/org.postgresql/postgresql
-    implementation("org.postgresql:postgresql:42.5.1")
-
-    // No SQL drivers
-    // https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-data-mongodb
-    implementation("org.springframework.boot:spring-boot-starter-data-mongodb:3.1.3")
+    implementation("org.postgresql:postgresql:42.7.1")
 
     // JWT token
     // https://mvnrepository.com/artifact/com.auth0/java-jwt
     implementation("com.auth0:java-jwt:4.4.0")
 
     // Test dependencies
-    testImplementation("org.springframework.boot:spring-boot-starter-test:3.0.6")
+    testImplementation("org.springframework.boot:spring-boot-starter-test:3.2.0")
     // Required to mock MultiQueue objects since they apparently override a final 'remove(Object)' method.
-    testImplementation("org.mockito:mockito-inline:5.1.0")
-    testImplementation("org.junit.jupiter:junit-jupiter-api:5.9.0")
-    testImplementation("org.testcontainers:testcontainers:1.19.2")
-    testImplementation("org.testcontainers:junit-jupiter:1.17.5")
+    testImplementation("org.mockito:mockito-inline:5.2.0")
+    testImplementation("org.junit.jupiter:junit-jupiter-api:5.10.1")
+    testImplementation("org.testcontainers:testcontainers:1.19.3")
+    testImplementation("org.testcontainers:junit-jupiter:1.19.3")
     testImplementation(kotlin("test"))
 }
 

src/main/kotlin/au/kilemon/messagequeue/MessageQueueApplication.kt

@@ -17,7 +17,7 @@ open class MessageQueueApplication
         /**
          * Application version number, make sure this matches what is defined in `build.gradle.kts`.
          */
-        const val VERSION: String = "0.3.0"
+        const val VERSION: String = "0.3.1"
     }
 }
 

src/main/kotlin/au/kilemon/messagequeue/authentication/AuthenticationMatrix.kt

@@ -1,8 +1,13 @@
 package au.kilemon.messagequeue.authentication
 
 import com.fasterxml.jackson.annotation.JsonIgnore
+import jakarta.persistence.Column
+import jakarta.persistence.Entity
+import jakarta.persistence.GeneratedValue
+import jakarta.persistence.GenerationType
+import jakarta.persistence.Id
+import jakarta.persistence.Table
 import java.io.Serializable
-import javax.persistence.*
 
 /**
  * An object that holds subqueue authentication information.

src/main/kotlin/au/kilemon/messagequeue/filter/CorrelationIdFilter.kt

@@ -1,15 +1,16 @@
 package au.kilemon.messagequeue.filter
 
 import au.kilemon.messagequeue.logging.HasLogger
+import jakarta.servlet.FilterChain
+import jakarta.servlet.http.HttpServletRequest
+import jakarta.servlet.http.HttpServletResponse
 import org.slf4j.Logger
 import org.slf4j.MDC
 import org.springframework.core.annotation.Order
 import org.springframework.stereotype.Component
 import org.springframework.web.filter.OncePerRequestFilter
 import java.util.*
-import javax.servlet.FilterChain
-import javax.servlet.http.HttpServletRequest
-import javax.servlet.http.HttpServletResponse
+
 
 /**
  * A request filter that either takes the incoming provided [CORRELATION_ID_HEADER] and sets it into the [MDC] OR

src/main/kotlin/au/kilemon/messagequeue/filter/JwtAuthenticationFilter.kt

@@ -8,6 +8,9 @@ import au.kilemon.messagequeue.authentication.token.JwtTokenProvider
 import au.kilemon.messagequeue.rest.controller.AuthController
 import au.kilemon.messagequeue.rest.controller.MessageQueueController
 import au.kilemon.messagequeue.rest.controller.SettingsController
+import jakarta.servlet.FilterChain
+import jakarta.servlet.http.HttpServletRequest
+import jakarta.servlet.http.HttpServletResponse
 import org.slf4j.Logger
 import org.slf4j.MDC
 import org.springframework.beans.factory.annotation.Autowired
@@ -18,9 +21,6 @@ import org.springframework.stereotype.Component
 import org.springframework.web.filter.OncePerRequestFilter
 import org.springframework.web.servlet.HandlerExceptionResolver
 import java.util.*
-import javax.servlet.FilterChain
-import javax.servlet.http.HttpServletRequest
-import javax.servlet.http.HttpServletResponse
 
 /**
  * A filter responsible for verifying provided Jwt tokens when sub-queues are being accessed.
@@ -38,6 +38,9 @@ class JwtAuthenticationFilter: OncePerRequestFilter(), HasLogger
 
         const val SUB_QUEUE = "Sub-Queue"
 
+        const val SWAGGER_DOC_ENDPOINT = "/swagger-ui"
+        const val SWAGGER_DOC_CONFIG_ENDPOINT = "/api-docs"
+
         /**
          * Gets the stored [SUB_QUEUE] from the [MDC].
          * This can be null if no valid token is provided.
@@ -134,7 +137,9 @@ class JwtAuthenticationFilter: OncePerRequestFilter(), HasLogger
             Pair(HttpMethod.GET, "${MessageQueueController.MESSAGE_QUEUE_BASE_PATH}${MessageQueueController.ENDPOINT_OWNERS}"),
             Pair(HttpMethod.GET, AuthController.AUTH_PATH),
             Pair(HttpMethod.POST, AuthController.AUTH_PATH),
-            Pair(HttpMethod.GET, SettingsController.SETTINGS_PATH)
+            Pair(HttpMethod.GET, SettingsController.SETTINGS_PATH),
+            Pair(HttpMethod.GET, SWAGGER_DOC_ENDPOINT),
+            Pair(HttpMethod.GET, SWAGGER_DOC_CONFIG_ENDPOINT)
         )
 
         return noTokenCheckEndpoints

src/main/kotlin/au/kilemon/messagequeue/message/QueueMessage.kt

@@ -2,10 +2,16 @@ package au.kilemon.messagequeue.message
 
 import com.fasterxml.jackson.annotation.JsonIgnore
 import io.swagger.v3.oas.annotations.media.Schema
+import jakarta.persistence.Column
+import jakarta.persistence.Entity
+import jakarta.persistence.GeneratedValue
+import jakarta.persistence.GenerationType
+import jakarta.persistence.Id
+import jakarta.persistence.Lob
+import jakarta.persistence.Table
 import org.springframework.util.SerializationUtils
 import java.io.Serializable
 import java.util.*
-import javax.persistence.*
 
 /**
  * A base [QueueMessage] object which will wrap any object that is placed into the `MultiQueue`.
@@ -36,7 +42,7 @@ class QueueMessage: Serializable
     var assignedTo: String? = null
 
     @Schema(description = "The message payload, this can be any type of complex or simple object that you wish.")
-    @Transient
+    @jakarta.persistence.Transient
     var payload: Any? = null
         set(value)
         {
@@ -56,7 +62,7 @@ class QueueMessage: Serializable
 
     @JsonIgnore
     @Lob
-    @Column
+    @Column(length = 50000)
     var payloadBytes: ByteArray? = SerializationUtils.serialize(payload)
 
     /**

src/main/kotlin/au/kilemon/messagequeue/rest/controller/MessageQueueController.kt

@@ -16,6 +16,7 @@ import io.swagger.v3.oas.annotations.media.Content
 import io.swagger.v3.oas.annotations.responses.ApiResponse
 import io.swagger.v3.oas.annotations.responses.ApiResponses
 import io.swagger.v3.oas.annotations.tags.Tag
+import jakarta.validation.Valid
 import org.slf4j.Logger
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.http.HttpStatus
@@ -25,7 +26,6 @@ import org.springframework.web.bind.annotation.*
 import org.springframework.web.server.ResponseStatusException
 import java.util.*
 import java.util.stream.Collectors
-import javax.validation.Valid
 import kotlin.collections.HashSet
 
 /**

src/main/kotlin/au/kilemon/messagequeue/rest/response/RestResponseExceptionHandler.kt

@@ -21,7 +21,7 @@ class RestResponseExceptionHandler: ResponseEntityExceptionHandler()
     @ExceptionHandler(ResponseStatusException::class)
     fun handleResponseStatusException(ex: ResponseStatusException): ResponseEntity<ErrorResponse>
     {
-        return ResponseEntity<ErrorResponse>(ErrorResponse(ex.reason), ex.status)
+        return ResponseEntity<ErrorResponse>(ErrorResponse(ex.reason), ex.statusCode)
     }
 
     @ExceptionHandler(MultiQueueAuthorisationException::class)

src/main/resources/logback.xml

@@ -2,8 +2,8 @@
 <configuration>
     <!-- Properties list for use below -->
     <property name="LOGS" value="./logs"/>
-    <property name="PATTERN" value="%d %p [%X{correlationId}] %C{1.} [%t] %m%n"/>
-    <property name="ARCHIVED_FILE_SUFFIX" value="-%d{yyyy-MM-dd}.%i"/>
+    <property name="PATTERN" value="%d %p [%t] [%X{correlationId}] %C{1} - %m%n"/>
+    <property name="ARCHIVED_FILE_SUFFIX" value="%d{yyyy-MM-dd}.%i"/>
 
     <!-- Console appender formatting -->
     <appender name="Console" class="ch.qos.logback.core.ConsoleAppender">
@@ -19,7 +19,7 @@
             <Pattern>${PATTERN}</Pattern>
         </encoder>
         <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
-            <fileNamePattern>${LOGS}/error${ARCHIVED_FILE_SUFFIX}.log</fileNamePattern>
+            <fileNamePattern>${LOGS}/error-${ARCHIVED_FILE_SUFFIX}.log</fileNamePattern>
             <maxFileSize>10MB</maxFileSize>
         </rollingPolicy>
     </appender>
@@ -31,7 +31,7 @@
             <Pattern>${PATTERN}</Pattern>
         </encoder>
         <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
-            <fileNamePattern>${LOGS}/message-queue${ARCHIVED_FILE_SUFFIX}.log</fileNamePattern>
+            <fileNamePattern>${LOGS}/message-queue-${ARCHIVED_FILE_SUFFIX}.log</fileNamePattern>
             <maxFileSize>10MB</maxFileSize>
         </rollingPolicy>
     </appender>

src/test/kotlin/au/kilemon/messagequeue/filter/JwtAuthenticationFilterTest.kt

@@ -7,6 +7,7 @@ import au.kilemon.messagequeue.configuration.QueueConfiguration
 import au.kilemon.messagequeue.logging.LoggingConfiguration
 import au.kilemon.messagequeue.queue.MultiQueueTest
 import au.kilemon.messagequeue.rest.controller.MessageQueueController
+import jakarta.servlet.http.HttpServletRequest
 import org.junit.jupiter.api.AfterEach
 import org.junit.jupiter.api.Assertions
 import org.junit.jupiter.api.BeforeEach
@@ -24,7 +25,6 @@ import org.springframework.test.context.junit.jupiter.SpringExtension
 import org.springframework.web.servlet.HandlerExceptionResolver
 import org.springframework.web.servlet.handler.HandlerExceptionResolverComposite
 import java.util.*
-import javax.servlet.http.HttpServletRequest
 
 /**
  * A test class for the [JwtAuthenticationFilter].