From c32de8563b5b0c26beca20f5e66a93bff97c1f1e Mon Sep 17 00:00:00 2001 From: Mend Renovate Date: Sun, 10 May 2026 11:46:20 +0000 Subject: [PATCH] FINERACT-2421: Update all non-major dependencies --- .github/workflows/build-core.yml | 8 +- .github/workflows/build-cucumber.yml | 4 +- .github/workflows/build-e2e-tests.yml | 6 +- .github/workflows/build-mariadb.yml | 6 +- .github/workflows/build-mysql.yml | 8 +- .github/workflows/build-postgresql.yml | 6 +- .github/workflows/build-progressive-loan.yml | 6 +- .github/workflows/build-quality-checks.yml | 8 +- .../regression-safety-db-changes.yml | 2 +- ...tegration-test-sequentially-postgresql.yml | 6 +- .../verify-api-backward-compatibility.yml | 2 +- .../workflows/verify-liquibase-ddl-safety.yml | 2 +- build.gradle | 30 +-- buildSrc/build.gradle | 2 +- .../org.apache.fineract.dependencies.gradle | 200 +++++++++--------- docker-compose-postgresql-kafka.yml | 2 +- fineract-e2e-tests-runner/build.gradle | 4 +- gradle/wrapper/gradle-wrapper.properties | 2 +- settings.gradle | 2 +- 19 files changed, 153 insertions(+), 153 deletions(-) diff --git a/.github/workflows/build-core.yml b/.github/workflows/build-core.yml index 1a5f435742e..a72f9578be9 100644 --- a/.github/workflows/build-core.yml +++ b/.github/workflows/build-core.yml @@ -29,7 +29,7 @@ jobs: distribution: 'zulu' - name: Cache Gradle dependencies - uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: | ~/.gradle/caches @@ -67,7 +67,7 @@ jobs: tar --exclude='./fineract-workspace.tar' -cf fineract-workspace.tar . - name: Upload workspace - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: fineract-workspace-${{ github.run_id }} path: fineract-workspace.tar @@ -75,7 +75,7 @@ jobs: - name: Archive test results if: always() - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: test-results-build-core path: '**/build/reports/' @@ -84,7 +84,7 @@ jobs: - name: Archive server logs if: always() - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: server-logs-build-core path: '**/build/cargo/' diff --git a/.github/workflows/build-cucumber.yml b/.github/workflows/build-cucumber.yml index 6a83eb5425e..4b267d12420 100644 --- a/.github/workflows/build-cucumber.yml +++ b/.github/workflows/build-cucumber.yml @@ -41,7 +41,7 @@ jobs: - name: Archive test results if: always() - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: test-results-cucumber path: '**/build/reports/' @@ -50,7 +50,7 @@ jobs: - name: Archive server logs if: always() - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: server-logs-cucumber path: '**/build/cargo/' diff --git a/.github/workflows/build-e2e-tests.yml b/.github/workflows/build-e2e-tests.yml index c5e8a11faa4..db4e3fccb48 100644 --- a/.github/workflows/build-e2e-tests.yml +++ b/.github/workflows/build-e2e-tests.yml @@ -155,7 +155,7 @@ jobs: - name: Upload test results if: always() - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: allure-results-shard-${{ matrix.shard_index }} path: | @@ -168,7 +168,7 @@ jobs: - name: Upload Allure Report if: always() - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: allure-report-shard-${{ matrix.shard_index }} path: allure-report-shard-${{ matrix.shard_index }} @@ -176,7 +176,7 @@ jobs: - name: Upload logs if: always() - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: logs-shard-${{ matrix.shard_index }} path: | diff --git a/.github/workflows/build-mariadb.yml b/.github/workflows/build-mariadb.yml index bee6031c389..ac88df49741 100644 --- a/.github/workflows/build-mariadb.yml +++ b/.github/workflows/build-mariadb.yml @@ -26,7 +26,7 @@ jobs: options: --health-cmd="healthcheck.sh --su-mysql --connect --innodb_initialized" --health-interval=5s --health-timeout=2s --health-retries=3 mock-oauth2-server: - image: ghcr.io/navikt/mock-oauth2-server:3.0.1 + image: ghcr.io/navikt/mock-oauth2-server:3.0.3 ports: - 9000:9000 env: @@ -136,7 +136,7 @@ jobs: - name: Archive test results if: always() - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: test-results-${{ matrix.task }} path: '**/build/reports/' @@ -144,7 +144,7 @@ jobs: - name: Archive server logs if: always() - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: server-logs-${{ matrix.task }} path: '**/build/cargo/' diff --git a/.github/workflows/build-mysql.yml b/.github/workflows/build-mysql.yml index 654213fdb3a..7ff8418ff16 100644 --- a/.github/workflows/build-mysql.yml +++ b/.github/workflows/build-mysql.yml @@ -18,7 +18,7 @@ jobs: services: mysql: - image: mysql:9.1 + image: mysql:9.7 ports: - 3306:3306 env: @@ -26,7 +26,7 @@ jobs: options: --health-cmd="mysqladmin ping" --health-interval=5s --health-timeout=2s --health-retries=3 mock-oauth2-server: - image: ghcr.io/navikt/mock-oauth2-server:3.0.1 + image: ghcr.io/navikt/mock-oauth2-server:3.0.3 ports: - 9000:9000 env: @@ -131,7 +131,7 @@ jobs: - name: Archive test results if: always() - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: test-results-${{ matrix.task }} path: '**/build/reports/' @@ -139,7 +139,7 @@ jobs: - name: Archive server logs if: always() - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: server-logs-${{ matrix.task }} path: '**/build/cargo/' diff --git a/.github/workflows/build-postgresql.yml b/.github/workflows/build-postgresql.yml index 4f842dea3c8..945d3e965e6 100644 --- a/.github/workflows/build-postgresql.yml +++ b/.github/workflows/build-postgresql.yml @@ -27,7 +27,7 @@ jobs: options: --health-cmd="pg_isready -q -d postgres -U root" --health-interval=5s --health-timeout=2s --health-retries=3 mock-oauth2-server: - image: ghcr.io/navikt/mock-oauth2-server:3.0.1 + image: ghcr.io/navikt/mock-oauth2-server:3.0.3 ports: - 9000:9000 env: @@ -132,7 +132,7 @@ jobs: - name: Archive test results if: always() - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: test-results-${{ matrix.task }} path: '**/build/reports/' @@ -140,7 +140,7 @@ jobs: - name: Archive server logs if: always() - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: server-logs-${{ matrix.task }} path: '**/build/cargo/' diff --git a/.github/workflows/build-progressive-loan.yml b/.github/workflows/build-progressive-loan.yml index caaa98130b1..e9f3e5dd8fe 100644 --- a/.github/workflows/build-progressive-loan.yml +++ b/.github/workflows/build-progressive-loan.yml @@ -57,7 +57,7 @@ jobs: - name: Archive test results if: always() - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: test-results-build-progressive-loan path: | @@ -68,7 +68,7 @@ jobs: - name: Archive Progressive Loan JAR if: always() - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: progressive-loan-jar path: ${{ env.EMBEDDABLE_JAR_FILE }} @@ -77,7 +77,7 @@ jobs: - name: Archive server logs if: always() - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: server-logs-build-progressive-loan path: '**/build/cargo/' diff --git a/.github/workflows/build-quality-checks.yml b/.github/workflows/build-quality-checks.yml index d9e627455ea..fb8f09a57f8 100644 --- a/.github/workflows/build-quality-checks.yml +++ b/.github/workflows/build-quality-checks.yml @@ -41,7 +41,7 @@ jobs: - name: Archive Javadoc reports if: always() - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: javadoc-reports-quality-checks path: '**/build/docs/javadoc/' @@ -82,7 +82,7 @@ jobs: - name: Archive Checkstyle reports if: always() - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: checkstyle-reports-quality-checks path: '**/build/reports/checkstyle/' @@ -123,7 +123,7 @@ jobs: - name: Archive RAT reports if: always() - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: rat-reports-quality-checks path: '**/build/reports/rat/' @@ -164,7 +164,7 @@ jobs: - name: Archive SpotBugs reports if: always() - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: spotbugs-reports-quality-checks path: '**/build/reports/spotbugs/' diff --git a/.github/workflows/regression-safety-db-changes.yml b/.github/workflows/regression-safety-db-changes.yml index 9445daa8313..a515ebe16c6 100644 --- a/.github/workflows/regression-safety-db-changes.yml +++ b/.github/workflows/regression-safety-db-changes.yml @@ -378,7 +378,7 @@ jobs: - name: Upload test results if: always() - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: regression-safety-results path: | diff --git a/.github/workflows/run-integration-test-sequentially-postgresql.yml b/.github/workflows/run-integration-test-sequentially-postgresql.yml index add9fe90562..cabca088e15 100644 --- a/.github/workflows/run-integration-test-sequentially-postgresql.yml +++ b/.github/workflows/run-integration-test-sequentially-postgresql.yml @@ -20,7 +20,7 @@ jobs: POSTGRES_PASSWORD: postgres options: --health-cmd="pg_isready -q -d postgres -U root" --health-interval=5s --health-timeout=2s --health-retries=3 mock-oauth2-server: - image: ghcr.io/navikt/mock-oauth2-server:3.0.1 + image: ghcr.io/navikt/mock-oauth2-server:3.0.3 ports: - 9000:9000 env: @@ -82,7 +82,7 @@ jobs: ./gradlew --no-daemon --console=plain :oauth2-tests:test -PdbType=postgresql -x buildJavaSdk - name: Archive test results if: always() - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: test-results retention-days: 5 @@ -93,7 +93,7 @@ jobs: oauth2-tests/build/reports/ - name: Archive server logs if: always() - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: server-logs retention-days: 5 diff --git a/.github/workflows/verify-api-backward-compatibility.yml b/.github/workflows/verify-api-backward-compatibility.yml index 27b54c5fd34..ba186101077 100644 --- a/.github/workflows/verify-api-backward-compatibility.yml +++ b/.github/workflows/verify-api-backward-compatibility.yml @@ -233,7 +233,7 @@ jobs: - name: Archive breaking change report if: always() - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: api-compatibility-report path: fineract-provider/build/swagger-brake/ diff --git a/.github/workflows/verify-liquibase-ddl-safety.yml b/.github/workflows/verify-liquibase-ddl-safety.yml index d69b1ede173..5a5be74112f 100644 --- a/.github/workflows/verify-liquibase-ddl-safety.yml +++ b/.github/workflows/verify-liquibase-ddl-safety.yml @@ -111,7 +111,7 @@ jobs: - name: Archive report if: always() && steps.changes.outputs.has_changes == 'true' - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: ddl-safety-report path: ${{ runner.temp }}/ddl-safety-report/ diff --git a/build.gradle b/build.gradle index 6be0057fcd8..97ce5d2b61f 100644 --- a/build.gradle +++ b/build.gradle @@ -110,29 +110,29 @@ buildscript { plugins { id 'me.qoomon.git-versioning' version '6.4.4' - id "org.barfuin.gradle.taskinfo" version "2.2.0" + id "org.barfuin.gradle.taskinfo" version "2.2.1" id 'com.adarshr.test-logger' version '4.0.0' id 'com.diffplug.spotless' version '6.25.0' apply false id 'org.nosphere.apache.rat' version '0.8.1' apply false id 'com.github.hierynomus.license' version '0.16.1' apply false id 'com.github.jk1.dependency-license-report' version '2.9' apply false - id 'org.zeroturnaround.gradle.jrebel' version '1.2.0' apply false - id 'org.springframework.boot' version '3.5.13' apply false - id 'net.ltgt.errorprone' version '4.1.0' apply false - id 'io.swagger.core.v3.swagger-gradle-plugin' version '2.2.23' apply false - id 'com.gorylenko.gradle-git-properties' version '2.4.2' apply false + id 'org.zeroturnaround.gradle.jrebel' version '1.2.2' apply false + id 'org.springframework.boot' version '3.5.14' apply false + id 'net.ltgt.errorprone' version '4.4.0' apply false + id 'io.swagger.core.v3.swagger-gradle-plugin' version '2.2.49' apply false + id 'com.gorylenko.gradle-git-properties' version '2.5.7' apply false id 'org.asciidoctor.jvm.convert' version '4.0.5' apply false id 'org.asciidoctor.jvm.pdf' version '4.0.5' apply false - id 'com.google.cloud.tools.jib' version '3.4.5' apply false - id 'org.sonarqube' version '6.0.1.5171' - id 'com.github.andygoossens.modernizer' version '1.10.0' apply false - id 'com.github.spotbugs' version '6.0.26' apply false - id 'se.thinkcode.cucumber-runner' version '0.0.11' apply false + id 'com.google.cloud.tools.jib' version '3.5.3' apply false + id 'org.sonarqube' version '6.3.1.5724' + id 'com.github.andygoossens.modernizer' version '1.13.0' apply false + id 'com.github.spotbugs' version '6.5.4' apply false + id 'se.thinkcode.cucumber-runner' version '0.0.14' apply false id "com.github.davidmc24.gradle.plugin.avro-base" version "1.9.1" apply false - id 'org.openapi.generator' version '7.8.0' apply false - id 'com.gradleup.shadow' version '9.3.2' apply false - id 'me.champeau.jmh' version '0.7.1' apply false - id 'org.cyclonedx.bom' version '3.1.0' apply false + id 'org.openapi.generator' version '7.22.0' apply false + id 'com.gradleup.shadow' version '9.4.1' apply false + id 'me.champeau.jmh' version '0.7.3' apply false + id 'org.cyclonedx.bom' version '3.2.4' apply false id 'com.docktape.swagger-brake' version '2.7.0' apply false } diff --git a/buildSrc/build.gradle b/buildSrc/build.gradle index de2e63c05c1..3d099538fd3 100644 --- a/buildSrc/build.gradle +++ b/buildSrc/build.gradle @@ -45,7 +45,7 @@ configurations.all { resolutionStrategy { dependencySubstitution { // Substitution is to resolve CVE-2025-12183 - substitute module('org.lz4:lz4-java') using module('at.yawk.lz4:lz4-java:1.10.1') + substitute module('org.lz4:lz4-java') using module('at.yawk.lz4:lz4-java:1.11.0') } } } diff --git a/buildSrc/src/main/groovy/org.apache.fineract.dependencies.gradle b/buildSrc/src/main/groovy/org.apache.fineract.dependencies.gradle index 8a9d1d811bc..8336a64251f 100644 --- a/buildSrc/src/main/groovy/org.apache.fineract.dependencies.gradle +++ b/buildSrc/src/main/groovy/org.apache.fineract.dependencies.gradle @@ -24,19 +24,19 @@ dependencyManagement { imports { mavenBom 'com.squareup.okhttp3:okhttp-bom:4.12.0' mavenBom 'org.slf4j:slf4j-bom:2.0.17' - mavenBom 'io.micrometer:micrometer-bom:1.13.6' - mavenBom 'org.springframework.boot:spring-boot-dependencies:3.5.13' - mavenBom 'io.awspring.cloud:spring-cloud-aws-dependencies:3.2.1' - mavenBom 'io.opentelemetry:opentelemetry-bom:1.44.1' - mavenBom 'org.jetbrains.kotlin:kotlin-bom:2.0.21' - mavenBom 'org.junit:junit-bom:5.11.3' - mavenBom 'com.fasterxml.jackson:jackson-bom:2.19.2' - mavenBom 'io.cucumber:cucumber-bom:7.20.1' - mavenBom 'org.mockito:mockito-bom:5.14.2' - mavenBom 'software.amazon.awssdk:bom:2.29.9' - mavenBom 'io.github.resilience4j:resilience4j-bom:2.2.0' - mavenBom 'org.testcontainers:testcontainers-bom:1.20.4' - mavenBom 'org.glassfish.jersey:jersey-bom:3.1.10' + mavenBom 'io.micrometer:micrometer-bom:1.16.5' + mavenBom 'org.springframework.boot:spring-boot-dependencies:3.5.14' + mavenBom 'io.awspring.cloud:spring-cloud-aws-dependencies:3.4.2' + mavenBom 'io.opentelemetry:opentelemetry-bom:1.62.0' + mavenBom 'org.jetbrains.kotlin:kotlin-bom:2.3.21' + mavenBom 'org.junit:junit-bom:5.14.4' + mavenBom 'com.fasterxml.jackson:jackson-bom:2.21.3' + mavenBom 'io.cucumber:cucumber-bom:7.34.3' + mavenBom 'org.mockito:mockito-bom:5.23.0' + mavenBom 'software.amazon.awssdk:bom:2.44.4' + mavenBom 'io.github.resilience4j:resilience4j-bom:2.4.0' + mavenBom 'org.testcontainers:testcontainers-bom:1.21.4' + mavenBom 'org.glassfish.jersey:jersey-bom:3.1.11' } dependencies { @@ -44,43 +44,43 @@ dependencyManagement { // We do not use :+ to get the latest available version available on Maven Central, as that could suddenly break things. // We use the Renovate Bot to automatically propose Pull Requests (PRs) when upgrades for all of these versions are available. - dependency 'ch.qos.logback:logback-core:1.5.19' - dependency 'ch.qos.logback:logback-classic:1.5.19' + dependency 'ch.qos.logback:logback-core:1.5.32' + dependency 'ch.qos.logback:logback-classic:1.5.32' dependency 'ch.qos.logback.contrib:logback-json-classic:0.1.5' dependency 'ch.qos.logback.contrib:logback-jackson:0.1.5' dependency 'org.codehaus.janino:janino:3.1.12' - dependency 'org.eclipse.persistence:org.eclipse.persistence.jpa:4.0.2' - dependency 'com.google.guava:guava:33.1.0-jre' - dependency 'com.google.code.gson:gson:2.11.0' - dependency 'com.google.googlejavaformat:google-java-format:1.24.0' - dependency 'org.apache.commons:commons-collections4:4.4' + dependency 'org.eclipse.persistence:org.eclipse.persistence.jpa:4.0.9' + dependency 'com.google.guava:guava:33.6.0-jre' + dependency 'com.google.code.gson:gson:2.14.0' + dependency 'com.google.googlejavaformat:google-java-format:1.35.0' + dependency 'org.apache.commons:commons-collections4:4.5.0' dependency 'org.apache.commons:commons-compress:1.28.0' - dependency ('software.amazon.msk:aws-msk-iam-auth:2.2.0') { + dependency ('software.amazon.msk:aws-msk-iam-auth:2.3.6') { exclude 'commons-logging:commons-logging:' } dependency ('org.apache.commons:commons-email:1.6.0') { exclude 'com.sun.mail:javax.mail' exclude 'javax.activation:activation' } - dependency 'commons-io:commons-io:2.18.0' - dependency 'com.github.librepdf:openpdf:3.0.0' + dependency 'commons-io:commons-io:2.22.0' + dependency 'com.github.librepdf:openpdf:3.0.4' dependency ('org.mnode.ical4j:ical4j:3.2.19') { exclude 'com.sun.mail:javax.mail' exclude 'org.codehaus.groovy:groovy' } - dependency 'org.apache.commons:commons-csv:1.12.0' - dependency 'org.quartz-scheduler:quartz:2.5.0' - dependency 'org.ehcache:ehcache:3.10.8' + dependency 'org.apache.commons:commons-csv:1.14.1' + dependency 'org.quartz-scheduler:quartz:2.5.2' + dependency 'org.ehcache:ehcache:3.12.0' dependency 'com.github.spullara.mustache.java:compiler:0.9.14' dependency 'com.jayway.jsonpath:json-path:3.0.0' - dependency ('org.apache.tika:tika-core:3.2.3') { + dependency ('org.apache.tika:tika-core:3.3.0') { exclude 'commons-logging:commons-logging' } - dependency ('org.apache.tika:tika-core:3.2.3') { + dependency ('org.apache.tika:tika-core:3.3.0') { exclude 'commons-logging:commons-logging' } - dependency ('org.apache.tika:tika-parser-miscoffice-module:3.2.3') { + dependency ('org.apache.tika:tika-parser-miscoffice-module:3.3.0') { exclude 'org.bouncycastle:bcprov-jdk15on' exclude 'org.bouncycastle:bcjmail-jdk15on' exclude 'org.bouncycastle:bcprov-jdk18on' @@ -97,7 +97,7 @@ dependencyManagement { exclude 'org.apache.commons:commons-compress' exclude 'xml-apis:xml-apis' } - dependency ('org.apache.tika:tika-parser-microsoft-module:3.2.3') { + dependency ('org.apache.tika:tika-parser-microsoft-module:3.3.0') { exclude 'org.bouncycastle:bcprov-jdk15on' exclude 'org.bouncycastle:bcjmail-jdk15on' exclude 'org.bouncycastle:bcprov-jdk18on' @@ -114,7 +114,7 @@ dependencyManagement { exclude 'org.apache.commons:commons-compress' exclude 'xml-apis:xml-apis' } - dependency ('org.apache.tika:tika-parser-image-module:3.2.3') { + dependency ('org.apache.tika:tika-parser-image-module:3.3.0') { exclude 'org.bouncycastle:bcprov-jdk15on' exclude 'org.bouncycastle:bcjmail-jdk15on' exclude 'org.bouncycastle:bcprov-jdk18on' @@ -138,86 +138,86 @@ dependencyManagement { dependency 'jakarta.jms:jakarta.jms-api:3.1.0' dependency 'jakarta.ws.rs:jakarta.ws.rs-api:3.1.0' dependency 'org.glassfish.jaxb:jaxb-runtime:2.3.6' // Swagger needs exactly this version - dependency 'joda-time:joda-time:2.13.1' + dependency 'joda-time:joda-time:2.14.2' - dependency 'io.github.classgraph:classgraph:4.8.179' - dependency 'org.awaitility:awaitility:4.2.2' - dependency 'com.github.spotbugs:spotbugs-annotations:4.8.6' + dependency 'io.github.classgraph:classgraph:4.8.184' + dependency 'org.awaitility:awaitility:4.3.0' + dependency 'com.github.spotbugs:spotbugs-annotations:4.9.8' dependency 'javax.cache:cache-api:1.1.1' dependency 'org.mock-server:mockserver-junit-jupiter:5.15.0' dependency 'org.webjars:webjars-locator-core:0.59' dependency 'com.icegreen:greenmail-junit5:2.0.1' // fineract client dependencies - dependency "com.squareup.retrofit2:retrofit:2.11.0" - dependency "com.squareup.retrofit2:retrofit-mock:2.11.0" - dependency "com.squareup.retrofit2:adapter-java8:2.11.0" - dependency "com.squareup.retrofit2:adapter-rxjava2:2.11.0" - dependency "com.squareup.retrofit2:adapter-rxjava3:2.11.0" - dependency "com.squareup.retrofit2:adapter-guava:2.11.0" - dependency "com.squareup.retrofit2:converter-wire:2.11.0" - dependency "com.squareup.retrofit2:converter-jackson:2.11.0" - dependency "com.squareup.retrofit2:converter-simplexml:2.11.0" - dependency "com.squareup.retrofit2:converter-jaxb:2.11.0" - dependency "com.squareup.retrofit2:converter-java8:2.11.0" - dependency "com.squareup.retrofit2:converter-scalars:2.11.0" - dependency "com.squareup.retrofit2:converter-gson:2.11.0" - dependency "com.squareup.retrofit2:converter-protobuf:2.11.0" + dependency "com.squareup.retrofit2:retrofit:2.12.0" + dependency "com.squareup.retrofit2:retrofit-mock:2.12.0" + dependency "com.squareup.retrofit2:adapter-java8:2.12.0" + dependency "com.squareup.retrofit2:adapter-rxjava2:2.12.0" + dependency "com.squareup.retrofit2:adapter-rxjava3:2.12.0" + dependency "com.squareup.retrofit2:adapter-guava:2.12.0" + dependency "com.squareup.retrofit2:converter-wire:2.12.0" + dependency "com.squareup.retrofit2:converter-jackson:2.12.0" + dependency "com.squareup.retrofit2:converter-simplexml:2.12.0" + dependency "com.squareup.retrofit2:converter-jaxb:2.12.0" + dependency "com.squareup.retrofit2:converter-java8:2.12.0" + dependency "com.squareup.retrofit2:converter-scalars:2.12.0" + dependency "com.squareup.retrofit2:converter-gson:2.12.0" + dependency "com.squareup.retrofit2:converter-protobuf:2.12.0" dependency 'io.reactivex.rxjava2:rxjava:2.2.21' dependency "io.gsonfire:gson-fire:1.9.0" dependency "com.google.code.findbugs:jsr305:3.0.2" - dependency "commons-codec:commons-codec:1.17.1" - dependency "org.projectlombok:lombok:1.18.36" + dependency "commons-codec:commons-codec:1.22.0" + dependency "org.projectlombok:lombok:1.18.46" - dependency 'org.bouncycastle:bcpkix-jdk18on:1.81' - dependency 'org.bouncycastle:bcprov-jdk18on:1.81' - dependency 'org.bouncycastle:bcutil-jdk18on:1.81' - dependency 'org.bouncycastle:bcpg-jdk18on:1.81' + dependency 'org.bouncycastle:bcpkix-jdk18on:1.84' + dependency 'org.bouncycastle:bcprov-jdk18on:1.84' + dependency 'org.bouncycastle:bcutil-jdk18on:1.84' + dependency 'org.bouncycastle:bcpg-jdk18on:1.84' - dependency 'org.eclipse.jgit:org.eclipse.jgit:7.2.1.202505142326-r' - dependency 'org.eclipse.jgit:org.eclipse.jgit.gpg.bc:7.2.1.202505142326-r' - dependency 'org.eclipse.jgit:org.eclipse.jgit.ssh.apache:7.2.1.202505142326-r' + dependency 'org.eclipse.jgit:org.eclipse.jgit:7.6.0.202603022253-r' + dependency 'org.eclipse.jgit:org.eclipse.jgit.gpg.bc:7.6.0.202603022253-r' + dependency 'org.eclipse.jgit:org.eclipse.jgit.ssh.apache:7.6.0.202603022253-r' - dependency ('com.tmatesoft.svnkit:svnkit:1.10.12') + dependency ('com.tmatesoft.svnkit:svnkit:1.10.13') dependency 'com.vdurmont:semver4j:3.1.0' dependency 'org.beryx:text-io:3.4.1' - dependency ('org.springdoc:springdoc-openapi-starter-webmvc-ui:2.6.0') { + dependency ('org.springdoc:springdoc-openapi-starter-webmvc-ui:2.8.17') { exclude 'io.swagger.core.v3:swagger-core' } - dependency 'com.google.cloud.sql:mysql-socket-factory-connector-j-8:1.23.1' + dependency 'com.google.cloud.sql:mysql-socket-factory-connector-j-8:1.28.3' - dependency ('org.apache.activemq:activemq-client:6.2.4') { + dependency ('org.apache.activemq:activemq-client:6.2.5') { exclude 'javax.annotation:javax.annotation-api' } - dependency 'io.swagger.core.v3:swagger-annotations-jakarta:2.2.22' - dependency ('io.swagger.core.v3:swagger-jaxrs2-jakarta:2.2.22') { + dependency 'io.swagger.core.v3:swagger-annotations-jakarta:2.2.49' + dependency ('io.swagger.core.v3:swagger-jaxrs2-jakarta:2.2.49') { exclude 'jakarta.activation:jakarta.activation-api' } - dependency ('io.swagger.core.v3:swagger-core-jakarta:2.2.22') { + dependency ('io.swagger.core.v3:swagger-core-jakarta:2.2.49') { exclude 'jakarta.activation:jakarta.activation-api' } dependency 'jakarta.annotation:jakarta.annotation-api:3.0.0' - dependency 'jakarta.activation:jakarta.activation-api:2.1.3' + dependency 'jakarta.activation:jakarta.activation-api:2.1.4' dependency ('com.sun.mail:jakarta.mail:2.0.2') { // Spring needs this version exclude 'com.sun.activation:jakarta.activation' } - dependency ('jakarta.xml.bind:jakarta.xml.bind-api:4.0.2') { + dependency ('jakarta.xml.bind:jakarta.xml.bind-api:4.0.5') { exclude 'jakarta.activation:jakarta.activation-api' } dependency 'jakarta.validation:jakarta.validation-api:3.1.1' - dependency 'org.hibernate.validator:hibernate-validator:9.0.1.Final' + dependency 'org.hibernate.validator:hibernate-validator:9.1.0.Final' dependency ('org.liquibase:liquibase-core:4.33.0') { exclude 'javax.xml.bind:jaxb-api' } dependency 'org.liquibase.ext:liquibase-postgresql:4.33.0' - dependency ('org.dom4j:dom4j:2.1.4') { + dependency ('org.dom4j:dom4j:2.2.0') { exclude 'relaxngDatatype:relaxngDatatype' // already in com.sun.xml.bind:jaxb-osgi:2.3.0.1 // FINERACT-940 && FINERACT-966 https://github.com/spotbugs/spotbugs/issues/1128 exclude 'xpp3:xpp3' @@ -225,34 +225,34 @@ dependencyManagement { } dependency 'org.owasp.esapi:esapi:2.7.0.0' - dependency 'org.awaitility:awaitility:4.2.2' + dependency 'org.awaitility:awaitility:4.3.0' - dependencySet(group: 'org.apache.poi', version: '5.4.1') { + dependencySet(group: 'org.apache.poi', version: '5.5.1') { entry 'poi' entry 'poi-ooxml' entry 'poi-ooxml-schemas' } - dependencySet(group: 'io.rest-assured', version: '5.5.1') { + dependencySet(group: 'io.rest-assured', version: '5.5.7') { entry 'rest-assured' entry 'json-path' entry 'xml-path' } - dependency 'org.apache.groovy:groovy-xml:5.0.2' - dependency 'org.apache.groovy:groovy-json:5.0.2' + dependency 'org.apache.groovy:groovy-xml:5.0.6' + dependency 'org.apache.groovy:groovy-json:5.0.6' dependency 'org.mapstruct:mapstruct:1.6.3' dependency 'org.mapstruct:mapstruct-processor:1.6.3' - dependency "org.apache.avro:avro:1.12.0" + dependency "org.apache.avro:avro:1.12.1" - dependency ('org.mariadb.jdbc:mariadb-java-client:3.5.7') { + dependency ('org.mariadb.jdbc:mariadb-java-client:3.5.8') { exclude 'org.slf4j:jcl-over-slf4j' exclude 'org.slf4j:slf4j-api' } - dependency 'org.postgresql:postgresql:42.7.9' + dependency 'org.postgresql:postgresql:42.7.11' - dependency 'com.mysql:mysql-connector-j:9.3.0' + dependency 'com.mysql:mysql-connector-j:9.7.0' dependency 'org.assertj:assertj-core:3.27.7' @@ -261,24 +261,24 @@ dependencyManagement { dependency 'org.mockito:mockito-inline:5.2.0' - dependency 'org.wiremock:wiremock-standalone:3.13.0' - dependency 'org.apache.sshd:sshd-common:2.15.0' - dependency 'org.apache.sshd:sshd-core:2.15.0' + dependency 'org.wiremock:wiremock-standalone:3.13.2' + dependency 'org.apache.sshd:sshd-common:2.17.1' + dependency 'org.apache.sshd:sshd-core:2.17.1' - dependency 'io.cucumber:cucumber-java:7.20.1' - dependency 'io.cucumber:cucumber-java8:7.20.1' - dependency 'io.cucumber:cucumber-junit-platform-engine:7.20.1' - dependency 'io.cucumber:cucumber-spring:7.20.1' + dependency 'io.cucumber:cucumber-java:7.34.3' + dependency 'io.cucumber:cucumber-java8:7.34.3' + dependency 'io.cucumber:cucumber-junit-platform-engine:7.34.3' + dependency 'io.cucumber:cucumber-spring:7.34.3' dependency 'org.reflections:reflections:0.10.2' dependency 'org.openjdk.jmh:jmh-core:1.37' dependency 'org.openjdk.jmh:jmh-generator-annprocess:1.37' - dependency 'org.springframework.restdocs:spring-restdocs-asciidoctor:3.0.3' - dependency 'org.springframework.restdocs:spring-restdocs-mockmvc:3.0.3' - dependency 'org.springframework.restdocs:spring-restdocs-webtestclient:3.0.3' - dependency 'org.springframework.restdocs:spring-restdocs-restassured:3.0.3' + dependency 'org.springframework.restdocs:spring-restdocs-asciidoctor:3.0.5' + dependency 'org.springframework.restdocs:spring-restdocs-mockmvc:3.0.5' + dependency 'org.springframework.restdocs:spring-restdocs-webtestclient:3.0.5' + dependency 'org.springframework.restdocs:spring-restdocs-restassured:3.0.5' dependency 'com.lmax:disruptor:4.0.0' @@ -289,22 +289,22 @@ dependencyManagement { } dependency 'com.ibm.icu:icu4j:78.3' - dependency 'org.yakworks:spring-icu4j:0.4.2' - dependency 'org.apache.commons:commons-lang3:3.18.0' - dependency 'com.nimbusds:nimbus-jose-jwt:10.0.2' + dependency 'org.yakworks:spring-icu4j:0.5.2' + dependency 'org.apache.commons:commons-lang3:3.20.0' + dependency 'com.nimbusds:nimbus-jose-jwt:10.9' // Force Spring Framework version: CVE-2025-41249 (now managed by Spring Boot 3.5.13 BOM at 6.2.17) - dependency 'org.springframework:spring-core:6.2.17' + dependency 'org.springframework:spring-core:6.2.18' // Force Spring Security version: CVE-2025-41248, CVE-2026-22732 - dependency 'org.springframework.security:spring-security-core:6.5.9' + dependency 'org.springframework.security:spring-security-core:6.5.10' // Force netty-codec version: CVE-2025-67735, CVE-2026-33870, CVE-2026-33871 - dependency 'io.netty:netty-codec:4.1.132.Final' - dependency 'io.netty:netty-codec-http:4.1.132.Final' - dependency 'io.netty:netty-codec-http2:4.1.132.Final' + dependency 'io.netty:netty-codec:4.2.13.Final' + dependency 'io.netty:netty-codec-http:4.2.13.Final' + dependency 'io.netty:netty-codec-http2:4.2.13.Final' // Force lz4-java version: CVE-2025-12183 - dependency 'at.yawk.lz4:lz4-java:1.10.1' + dependency 'at.yawk.lz4:lz4-java:1.11.0' // Force Thymeleaf version: CVE-2026-40477, CVE-2026-40478 (Spring Boot 3.5.13 still ships 3.1.3) - dependency 'org.thymeleaf:thymeleaf:3.1.4.RELEASE' - dependency 'org.thymeleaf:thymeleaf-spring6:3.1.4.RELEASE' + dependency 'org.thymeleaf:thymeleaf:3.1.5.RELEASE' + dependency 'org.thymeleaf:thymeleaf-spring6:3.1.5.RELEASE' // Force tomcat-embed-core version: CVE-2025-24813, CVE-2025-66614, CVE-2026-29145, CVE-2026-24734, CVE-2026-34483, CVE-2026-34487 dependency 'org.apache.tomcat.embed:tomcat-embed-core:10.1.54' dependency 'org.apache.tomcat.embed:tomcat-embed-el:10.1.54' diff --git a/docker-compose-postgresql-kafka.yml b/docker-compose-postgresql-kafka.yml index 3a9bbb72a4c..45a9401cac2 100644 --- a/docker-compose-postgresql-kafka.yml +++ b/docker-compose-postgresql-kafka.yml @@ -20,7 +20,7 @@ version: "3.7" services: kafka: - image: "apache/kafka:4.1.1-rc2" + image: "apache/kafka:4.2.0-rc2" ports: - "9092:9092" env_file: diff --git a/fineract-e2e-tests-runner/build.gradle b/fineract-e2e-tests-runner/build.gradle index efa762c44e2..0793bc2e8c5 100644 --- a/fineract-e2e-tests-runner/build.gradle +++ b/fineract-e2e-tests-runner/build.gradle @@ -18,8 +18,8 @@ */ plugins { - id 'se.thinkcode.cucumber-runner' version '0.0.11' - id 'io.qameta.allure' version '3.0.2' + id 'se.thinkcode.cucumber-runner' version '0.0.14' + id 'io.qameta.allure' version '3.2.0' } apply plugin: 'java' diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties index d4081da476b..4f5eb9dcc0e 100644 --- a/gradle/wrapper/gradle-wrapper.properties +++ b/gradle/wrapper/gradle-wrapper.properties @@ -1,6 +1,6 @@ distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists -distributionUrl=https\://services.gradle.org/distributions/gradle-8.14.3-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-8.14.5-bin.zip networkTimeout=10000 validateDistributionUrl=true zipStoreBase=GRADLE_USER_HOME diff --git a/settings.gradle b/settings.gradle index cd1caeb12cd..cc45f2797ae 100644 --- a/settings.gradle +++ b/settings.gradle @@ -19,7 +19,7 @@ plugins { id 'com.gradle.develocity' version '3.18.2' - id 'com.gradle.common-custom-user-data-gradle-plugin' version '2.0.2' + id 'com.gradle.common-custom-user-data-gradle-plugin' version '2.6.0' } def isCI = System.getenv('JENKINS_URL') != null