chore(deps): fixed dependency updates (#127)

* chore(deps): update all non-major dependencies * chore(deps): updated chart dependencies * chore: fixed formatting complaints * chore(trivy): added fastxml vuln and removed some ignored ones * chore: rm unused deps and fixed Dockerfile builds * ci: bumped scorecard action --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
miracum · Jun 25, 2023 · 386ad7f · 386ad7f
1 parent 560baf0
commit 386ad7f
Show file tree

Hide file tree

Showing 17 changed files with 67 additions and 75 deletions.
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
@@ -37,7 +37,7 @@ jobs:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@80e868c13c90f172d68d1f4501dee99e2479f7af # v2.1.3
+        uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031 # v2.2.0
         with:
           results_file: results.sarif
           results_format: sarif

diff --git a/.trivyignore b/.trivyignore
@@ -1,12 +1,11 @@
-CVE-2022-1471
-CVE-2022-25857
-CVE-2022-46175
-CVE-2022-23491
 CVE-2016-1000027
+CVE-2022-46175
+
+# not affected by snakeyaml
+CVE-2022-1471
 
-# only present in hapi fhir r5 which is transitively included by camel but unused
-CVE-2023-24057
-CVE-2023-28465
+# fast-xml-parser, not relevant since we aren't working with or exposing XML
+CVE-2023-34104
 
 # Image user should not be 'root'
 # this is only used by the cypress image

diff --git a/charts/recruit/Chart.lock b/charts/recruit/Chart.lock
@@ -7,12 +7,12 @@ dependencies:
   version: 5.2.3
 - name: ohdsi
   repository: oci://ghcr.io/chgl/charts
-  version: 0.21.4
+  version: 0.21.5
 - name: postgresql
   repository: oci://registry-1.docker.io/bitnamicharts
   version: 12.5.6
 - name: fhir-pseudonymizer
   repository: oci://ghcr.io/miracum/charts
-  version: 0.4.2
-digest: sha256:c0a958c4084656506f0214b26b5517c6103105f6342d491500314c0e73077ed3
-generated: "2023-06-04T20:46:38.882465413+02:00"
+  version: 0.4.3
+digest: sha256:be0c1ee70c87cd1878f2f9b68bc94de38df65aa64c7eb3cd2d3a0c0b778b16da
+generated: "2023-06-25T12:32:07.507634977Z"
diff --git a/charts/recruit/Chart.yaml b/charts/recruit/Chart.yaml
@@ -30,14 +30,14 @@ dependencies:
   - condition: ohdsi.enabled
     name: ohdsi
     repository: oci://ghcr.io/chgl/charts
-    version: 0.21.4
+    version: 0.21.5
   - name: postgresql
     version: 12.5.6
     repository: oci://registry-1.docker.io/bitnamicharts
     condition: postgresql.enabled
   - condition: fhir-pseudonymizer.enabled
     name: fhir-pseudonymizer
-    version: 0.4.2
+    version: 0.4.3
     repository: oci://ghcr.io/miracum/charts
 # x-release-please-start-version
 version: 10.1.2

diff --git a/charts/recruit/values.yaml b/charts/recruit/values.yaml
@@ -32,7 +32,7 @@ waitForPostgresInitContainer:
   image: # +doc-gen:ignore
     registry: docker.io
     repository: bitnami/postgresql
-    tag: 15.1.0-debian-11-r0@sha256:27915588d5203a10a1c23624d9c81644437f33b7c224e25f79bcd9bd09bbb8e2
+    tag: 15.3.0-debian-11-r7@sha256:cc301eef743685f4f69d1d719853988e8a9650c90fd9521f4742ce400b3fdf6a
     pullPolicy: IfNotPresent
 
 # container security context applied to init containers used by the query, list, and notify modules.
@@ -669,7 +669,7 @@ curl: # +doc-gen:ignore
   image:
     registry: docker.io
     repository: curlimages/curl
-    tag: 8.00.1@sha256:9e886c104cae1072f7874c9c214f77c6758f2e8a477234e32eda5fcbfa41f225
+    tag: 8.1.2@sha256:fcf8b68aa7af25898d21b47096ceb05678665ae182052283bd0d7128149db55f
 
 broadseaAtlasdb:
   # -- whether to deploy the OHDSI Broadsea Atlasdb (<https://github.com/OHDSI/Broadsea-Atlasdb>)

diff --git a/src/Dockerfile b/src/Dockerfile
@@ -1,10 +1,9 @@
-FROM docker.io/library/gradle:8.1.1@sha256:7fcf85eecab73a3889738cdd5bce8794083ceb3af977adff8ad62723886e0023 AS build
+FROM docker.io/library/gradle:8.1.1-jdk17@sha256:e7a4bc8f4ee27feae2eac4de61ca64406b7137e6f6b107052accd24bf0806043 AS build
 WORKDIR /home/gradle/src
-ENV GRADLE_USER_HOME /gradle \
-    TZ="UTC"
+ENV GRADLE_USER_HOME="/gradle"
 
-ARG OPENTELEMETRY_JAVA_AGENT_VERSION=1.25.1
-RUN wget --quiet https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases/download/v${OPENTELEMETRY_JAVA_AGENT_VERSION}/opentelemetry-javaagent.jar
+ARG OPENTELEMETRY_JAVA_AGENT_VERSION=1.27.0
+RUN wget --quiet "https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases/download/v${OPENTELEMETRY_JAVA_AGENT_VERSION}/opentelemetry-javaagent.jar"
 
 COPY settings.gradle ./
 COPY config/ config/
@@ -17,12 +16,12 @@ RUN gradle clean build --no-daemon || true
 
 COPY --chown=gradle:gradle . .
 
-RUN gradle :${MODULE_NAME}:build -x test --info && \
-    java -Djarmode=layertools -jar ${MODULE_NAME}/build/libs/*.jar extract --destination ${MODULE_NAME}/
+RUN gradle ":${MODULE_NAME}:build" -x test --info && \
+    java -Djarmode=layertools -jar ${MODULE_NAME}/build/libs/*.jar extract --destination "${MODULE_NAME}/"
 
 FROM build AS test
-ARG MODULE_NAME=query
-RUN gradle :${MODULE_NAME}:test && \
+ENV TZ="UTC"
+RUN gradle ":${MODULE_NAME}:test" && \
     gradle jacocoTestReport
 
 FROM gcr.io/distroless/java17-debian11:nonroot@sha256:61463fa9d1bb9994de4e50e71f3e487d0e61f1676e26306388a743ff96311777
@@ -37,5 +36,5 @@ COPY --from=build /home/gradle/src/${MODULE_NAME}/application/ .
 
 USER 65532:65532
 EXPOSE 8080/tcp 8081/tcp
-ENV SPRING_PROFILES_ACTIVE=prod
+ENV SPRING_PROFILES_ACTIVE="prod"
 ENTRYPOINT ["java", "org.springframework.boot.loader.JarLauncher"]
diff --git a/src/buildSrc/build.gradle b/src/buildSrc/build.gradle
@@ -15,10 +15,10 @@ repositories {
 }
 
 dependencies {
-    implementation 'org.springframework.boot:spring-boot-gradle-plugin:3.0.6'
+    implementation 'org.springframework.boot:spring-boot-gradle-plugin:3.1.1'
     implementation 'io.spring.gradle:dependency-management-plugin:1.1.0'
-    implementation 'com.google.cloud.tools:jib-gradle-plugin:3.3.1'
-    implementation 'com.diffplug.spotless:spotless-plugin-gradle:6.18.0'
+    implementation 'com.google.cloud.tools:jib-gradle-plugin:3.3.2'
+    implementation 'com.diffplug.spotless:spotless-plugin-gradle:6.19.0'
     implementation 'io.freefair.gradle:lombok-plugin:6.6.3'
     implementation 'de.undercouch:gradle-download-task:5.4.0'
 }
diff --git a/src/buildSrc/src/main/groovy/org.miracum.recruit.java-application-conventions.gradle b/src/buildSrc/src/main/groovy/org.miracum.recruit.java-application-conventions.gradle
@@ -37,19 +37,19 @@ dependencies {
     implementation 'org.springframework.boot:spring-boot-starter-jdbc'
     implementation 'org.springframework.boot:spring-boot-starter-data-jdbc'
 
-    implementation 'ca.uhn.hapi.fhir:hapi-fhir-base:6.4.4'
-    implementation 'ca.uhn.hapi.fhir:hapi-fhir-client:6.4.4'
-    implementation 'ca.uhn.hapi.fhir:hapi-fhir-structures-r4:6.4.4'
-    implementation 'ca.uhn.hapi.fhir:hapi-fhir-client-okhttp:6.4.4'
+    implementation 'ca.uhn.hapi.fhir:hapi-fhir-base:6.6.1'
+    implementation 'ca.uhn.hapi.fhir:hapi-fhir-client:6.6.1'
+    implementation 'ca.uhn.hapi.fhir:hapi-fhir-structures-r4:6.6.1'
+    implementation 'ca.uhn.hapi.fhir:hapi-fhir-client-okhttp:6.6.1'
 
-    implementation 'com.squareup.okhttp3:okhttp:4.10.0'
+    implementation 'com.squareup.okhttp3:okhttp:4.11.0'
 
-    implementation 'net.logstash.logback:logstash-logback-encoder:7.3'
+    implementation 'net.logstash.logback:logstash-logback-encoder:7.4'
 
     implementation 'org.postgresql:postgresql:42.6.0'
 
-    implementation 'io.micrometer:micrometer-registry-prometheus:1.10.5'
-    implementation 'io.micrometer:micrometer-core:1.10.5'
+    implementation 'io.micrometer:micrometer-registry-prometheus:1.11.1'
+    implementation 'io.micrometer:micrometer-core:1.11.1'
 
     constraints {
         implementation('org.apache.commons:commons-text:1.10.0')
@@ -89,7 +89,7 @@ bootJar {
 }
 
 jacoco {
-    toolVersion '0.8.9'
+    toolVersion '0.8.10'
 }
 
 jacocoTestReport {
@@ -105,7 +105,7 @@ spotless {
 }
 
 checkstyle {
-    toolVersion '10.9.3'
+    toolVersion '10.12.0'
     configFile = file('../config/checkstyle/checkstyle.xml')
 }
 

diff --git a/src/buildSrc/src/main/groovy/org.miracum.recruit.java-common-conventions.gradle b/src/buildSrc/src/main/groovy/org.miracum.recruit.java-common-conventions.gradle
@@ -24,7 +24,7 @@ testing {
         // Configure the built-in test suite
         test {
             // Use JUnit Jupiter test framework
-            useJUnitJupiter('5.8.2')
+            useJUnitJupiter()
         }
     }
 }
diff --git a/src/gradle/wrapper/gradle-wrapper.properties b/src/gradle/wrapper/gradle-wrapper.properties
@@ -1,6 +1,6 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.0.2-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.1.1-bin.zip
 networkTimeout=10000
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
diff --git a/src/notify/build.gradle b/src/notify/build.gradle
@@ -11,13 +11,10 @@ plugins {
 dependencies {
     implementation 'org.springframework.boot:spring-boot-starter-mail'
     implementation 'org.springframework.boot:spring-boot-starter-thymeleaf'
-    implementation 'org.springframework.boot:spring-boot-starter-aop'
     implementation 'org.springframework.boot:spring-boot-starter-quartz'
 
     implementation 'org.springframework.retry:spring-retry:1.3.4'
 
     // https://mvnrepository.com/artifact/jakarta.mail/jakarta.mail-api
-    implementation 'jakarta.mail:jakarta.mail-api:2.1.1'
-
-    testImplementation 'ognl:ognl:3.3.4'
+    implementation 'jakarta.mail:jakarta.mail-api:2.1.2'
 }
diff --git a/src/query/build.gradle b/src/query/build.gradle
@@ -12,23 +12,23 @@ plugins {
 dependencies {
     implementation 'org.springframework.boot:spring-boot-starter-webflux'
 
-    implementation 'org.apache.camel:camel-sql:4.0.0-M2'
-    implementation 'org.apache.camel:camel-jackson:4.0.0-M2'
-    implementation 'org.apache.camel:camel-jsonpath:4.0.0-M2'
-    implementation 'org.apache.camel:camel-fhir:4.0.0-M2'
-    implementation 'org.apache.camel:camel-http:4.0.0-M2'
-    implementation 'org.apache.camel:camel-cron:4.0.0-M2'
+    implementation 'org.apache.camel:camel-sql:4.0.0-M3'
+    implementation 'org.apache.camel:camel-jackson:4.0.0-M3'
+    implementation 'org.apache.camel:camel-jsonpath:4.0.0-M3'
+    implementation 'org.apache.camel:camel-fhir:4.0.0-M3'
+    implementation 'org.apache.camel:camel-http:4.0.0-M3'
+    implementation 'org.apache.camel:camel-cron:4.0.0-M3'
 
-    implementation 'org.apache.camel.springboot:camel-rest-starter:4.0.0-M2'
-    implementation 'org.apache.camel.springboot:camel-servlet-starter:4.0.0-M2'
-    implementation 'org.apache.camel.springboot:camel-spring-boot-starter:4.0.0-M2'
-    implementation 'org.apache.camel.springboot:camel-micrometer-starter:4.0.0-M2'
+    implementation 'org.apache.camel.springboot:camel-rest-starter:4.0.0-M3'
+    implementation 'org.apache.camel.springboot:camel-servlet-starter:4.0.0-M3'
+    implementation 'org.apache.camel.springboot:camel-spring-boot-starter:4.0.0-M3'
+    implementation 'org.apache.camel.springboot:camel-micrometer-starter:4.0.0-M3'
 
-    implementation 'com.fasterxml.jackson.core:jackson-annotations:2.14.2'
+    implementation 'com.fasterxml.jackson.core:jackson-annotations:2.15.2'
 
-    implementation 'net.minidev:json-smart:2.4.10'
+    implementation 'net.minidev:json-smart:2.4.11'
 
-    implementation 'com.github.slugify:slugify:3.0.2'
+    implementation 'com.github.slugify:slugify:3.0.5'
 
     testImplementation 'com.approvaltests:approvaltests:18.6.0'
     testImplementation 'com.google.code.gson:gson:2.10.1'

diff --git a/src/query/src/main/java/org/miracum/recruit/query/routes/OmopRoute.java b/src/query/src/main/java/org/miracum/recruit/query/routes/OmopRoute.java
@@ -25,6 +25,7 @@ public class OmopRoute extends RouteBuilder {
   private static final Logger logger = LoggerFactory.getLogger(OmopRoute.class);
   private final VisitOccurrenceRepository visitOccurrenceRepository;
   private final VisitDetailRepository visitDetailRepository;
+
   // catch SQL params from application.yml
   @Value("${query.excludePatientParameters.demographics}")
   private boolean excludePatientParams;

diff --git a/...rc/test/java/org/miracum/recruit/query/FhirCohortTransactionBuilderFhirSnapshotTests.java b/...rc/test/java/org/miracum/recruit/query/FhirCohortTransactionBuilderFhirSnapshotTests.java
@@ -27,7 +27,7 @@ public class FhirCohortTransactionBuilderFhirSnapshotTests {
 
   private final CohortDefinition testCohort;
 
-  private final String FHIR_DATETIME_REGEX =
+  private static final String FHIR_DATETIME_REGEX =
       "([0-9]([0-9]([0-9][1-9]|[1-9]0)|[1-9]00)|[1-9]000)(-(0[1-9]|1[0-2])(-(0[1-9]|[1-2][0-9]|3[0-1])(T([01][0-9]|2[0-3]):[0-5][0-9]:([0-5][0-9]|60)(\\.[0-9]{1,9})?)?)?(Z|(\\+|-)((0[0-9]|1[0-3]):[0-5][0-9]|14:00)?)?)?";
 
   @Autowired

diff --git a/src/query/tests/e2e/requirements.in b/src/query/tests/e2e/requirements.in
@@ -1,3 +1,3 @@
 fhirclient==4.1.0
-pytest==7.2.2
+pytest==7.4.0
 retrying==1.3.4
diff --git a/src/query/tests/e2e/requirements.txt b/src/query/tests/e2e/requirements.txt
@@ -4,10 +4,6 @@
 #
 #    pip-compile --generate-hashes requirements.in
 #
-attrs==23.1.0 \
-    --hash=sha256:1f28b4522cdc2fb4256ac1a020c78acf9cba2c6b461ccd2c126f3aa8e8335d04 \
-    --hash=sha256:6279836d581513a26f1bf235f9acd333bc9115683f14f7e8fae46c98fc50e015
-    # via pytest
 certifi==2023.5.7 \
     --hash=sha256:0f0d56dc5a6ad56fd4ba36484d6cc34451e1c6548c61daad8c320169f91eddc7 \
     --hash=sha256:c6c2e98f5c7869efca1f8916fed228dd91539f9f1b444c314c06eef02980c716
@@ -109,13 +105,13 @@ packaging==23.1 \
     --hash=sha256:994793af429502c4ea2ebf6bf664629d07c1a9fe974af92966e4b8d2df7edc61 \
     --hash=sha256:a392980d2b6cffa644431898be54b0045151319d1e7ec34f0cfed48767dd334f
     # via pytest
-pluggy==1.0.0 \
-    --hash=sha256:4224373bacce55f955a878bf9cfa763c1e360858e330072059e10bad68531159 \
-    --hash=sha256:74134bbf457f031a36d68416e1509f34bd5ccc019f0bcc952c7b909d06b37bd3
+pluggy==1.2.0 \
+    --hash=sha256:c2fd55a7d7a3863cba1a013e4e2414658b1d07b6bc57b3919e0c63c9abb99849 \
+    --hash=sha256:d12f0c4b579b15f5e054301bb226ee85eeeba08ffec228092f8defbaa3a4c4b3
     # via pytest
-pytest==7.2.2 \
-    --hash=sha256:130328f552dcfac0b1cec75c12e3f005619dc5f874f0a06e8ff7263f0ee6225e \
-    --hash=sha256:c99ab0c73aceb050f68929bc93af19ab6db0558791c6a0715723abe9d0ade9d4
+pytest==7.4.0 \
+    --hash=sha256:78bf16451a2eb8c7a2ea98e32dc119fd2aa758f1d5d66dbf0a59d69a3969df32 \
+    --hash=sha256:b4bf8c45bd59934ed84001ad51e11b4ee40d40a1229d2c79f9c592b0a3f6bd8a
     # via -r requirements.in
 requests==2.31.0 \
     --hash=sha256:58cd2187c01e70e6e26505bca751777aa9f2ee0b7f4300988b709f44e013003f \
@@ -131,7 +127,7 @@ six==1.16.0 \
     # via
     #   isodate
     #   retrying
-urllib3==2.0.2 \
-    --hash=sha256:61717a1095d7e155cdb737ac7bb2f4324a858a1e2e6466f6d03ff630ca68d3cc \
-    --hash=sha256:d055c2f9d38dc53c808f6fdc8eab7360b6fdbbde02340ed25cfbcd817c62469e
+urllib3==2.0.3 \
+    --hash=sha256:48e7fafa40319d358848e1bc6809b208340fafe2096f1725d05d67443d0483d1 \
+    --hash=sha256:bee28b5e56addb8226c96f7f13ac28cb4c301dd5ea8a6ca179c0b9835e032825
     # via requests
diff --git a/tests/chaos/tester/tester.csproj b/tests/chaos/tester/tester.csproj
@@ -8,8 +8,8 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Hl7.Fhir.R4" Version="5.0.0" />
-    <PackageReference Include="Polly" Version="7.2.3" />
+    <PackageReference Include="Hl7.Fhir.R4" Version="5.2.0" />
+    <PackageReference Include="Polly" Version="7.2.4" />
     <PackageReference Include="System.CommandLine" Version="2.0.0-beta4.22272.1" />
   </ItemGroup>