Migration to Spring Boot 2.7.10 (#1320)

* Initial commit * Fix compile breaks * Fix hibernate config * Fix hibernate config * Fix failing tests * Improve logging * Improve logging * Fix Sonar issues * Remove BusProperties * Add BusProperties bean back in * Fix JPA workaround * Fix CVE-2021-22044 * Fix test failures * Fix PR review findings * Fix CVEs * Remove H2 version downgrade, fix schema migration, enable legacy mode * Downgrade Vaadin back to 8.14.3 * Fix EventPublisherHolder * Fix RemoteTenantAwareEvent * Fixed EventPublisherAutoConfiguration * New version of spring-hateoas requires links to be expanded (Mgmt API) * New version of spring-hateoas requires links to be expanded (Mgmt API) * Fix PR review findings * Fix PR review findings * Fix PR review findings * Update README.md * MariaDB Java Client downgrade to maintain compatibility with AWS Aurora * Temporarily disable RSQL test that depends on DB collation type * Upgrade to boot 2.7.10 * Upgrade snakeyaml to 1.33 * Upgrade Spring Security OAuth2 to version 5.7.7 * Remove obsolete exclusion of junit-vintage-engine * Upgrade jackson-bom to 2.14.2
2023-03-28 07:16:25 +02:00
parent f21925d59b
commit 4a3a79aa6b
71 changed files with 741 additions and 593 deletions
--- a/pom.xml
+++ b/pom.xml
@@ -16,7 +16,7 @@
   <parent>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter-parent</artifactId>
-      <version>2.3.12.RELEASE</version>
+      <version>2.7.10</version>
   </parent>

   <groupId>org.eclipse.hawkbit</groupId>
@@ -130,9 +130,9 @@

      <java.version>11</java.version>

-      <spring.boot.version>2.3.12.RELEASE</spring.boot.version>
-      <spring-framework.version>5.2.22.RELEASE</spring-framework.version>
-      <spring.cloud.version>Hoxton.SR12</spring.cloud.version>
+      <spring.boot.version>2.7.10</spring.boot.version>
+      <spring-framework.version>5.3.26</spring-framework.version>
+      <spring.cloud.version>2021.0.5</spring.cloud.version>
      <spring.plugin.core.version>2.0.0.RELEASE</spring.plugin.core.version>

      <snapshotDependencyAllowed>true</snapshotDependencyAllowed>
@@ -141,17 +141,28 @@
         upgrade) - START -->
      <!-- Newer versions needed than defined in Boot -->
      <!-- Fixed dependencies -->
-      <rabbitmq.http-client.version>3.5.0.RELEASE</rabbitmq.http-client.version>
+      <!-- CVE-2022-25857 -->
+      <snakeyaml.version>1.33</snakeyaml.version>
+      <!-- maintain compatibility with AWS Aurora for production setups -->
+      <mariadb.version>2.7.8</mariadb.version>
+      <!-- CVE-2020-36518, CVE-2022-42003, CVE-2022-42004 -->
+      <jackson-bom.version>2.14.2</jackson-bom.version>
      <!-- Spring boot version overrides - END -->

+      <!-- CVE-2022-31690 -->
+      <spring-security-oauth2-client.version>5.7.7</spring-security-oauth2-client.version>
+
+      <rabbitmq.http-client.version>3.12.1</rabbitmq.http-client.version>
+
      <!-- Vaadin versions - START -->
-      <vaadin.version>8.14.1</vaadin.version>
+      <!-- Vaadin version 8.14.3 is the last version running under an Apache 2.0 license -->
+      <vaadin.version>8.14.3</vaadin.version>
      <vaadin.spring.version>3.2.1</vaadin.spring.version>
      <vaadin.spring.addon.version>2.0.0.RELEASE</vaadin.spring.addon.version>
      <vaadin.plugin.version>${vaadin.version}</vaadin.plugin.version>
      <vaadin.addon.dbar-addon.version>3.0.1</vaadin.addon.dbar-addon.version>
      <vaadin.gwt-api.version>1.3.0</vaadin.gwt-api.version>
-      <vaadin.gwt-user.version>2.8.2</vaadin.gwt-user.version>
+      <vaadin.gwt-user.version>2.9.0</vaadin.gwt-user.version>
      <!-- Vaadin versions - END -->

      <!-- ************************ -->
@@ -171,10 +182,10 @@
      <!-- Misc libraries versions - START -->
      <cron-utils.version>9.1.6</cron-utils.version>
      <jsoup.version>1.15.3</jsoup.version>
-      <allure.version>2.13.6</allure.version>
+      <allure.version>2.13.10</allure.version>
      <eclipselink.version>2.7.11</eclipselink.version>
      <eclipselink.maven.plugin.version>2.7.9.1</eclipselink.maven.plugin.version>
-      <jaxb-api.version>2.3.0</jaxb-api.version>
+      <jaxb-api.version>2.3.1</jaxb-api.version>
      <gwtmockito.version>1.1.8</gwtmockito.version>
      <guava.version>30.1.1-jre</guava.version>
      <javax.el-api.version>2.2.4</javax.el-api.version>
@@ -187,8 +198,6 @@

      <!-- SONATYPE-2021-1175 -->
      <logback.version>1.2.9</logback.version>
-      <!-- CVE-2020-36518, CVE-2022-42003, CVE-2022-42004 -->
-      <jackson-bom.version>2.14.0</jackson-bom.version>
      <!-- Misc libraries versions - END -->

      <!-- Release - START -->
@@ -758,14 +767,6 @@
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <version>${spring.boot.version}</version>
-            <exclusions>
-               <exclusion>
-                  <!--   We don't support JUnit4 anymore  -->
-                  <!-- Can be removed with SpringBoot 2.4 -->
-                  <groupId>org.junit.vintage</groupId>
-                  <artifactId>junit-vintage-engine</artifactId>
-               </exclusion>
-            </exclusions>
         </dependency>
         <dependency>
            <groupId>org.eclipse.persistence</groupId>
@@ -777,6 +778,11 @@
            <artifactId>spring-plugin-core</artifactId>
            <version>${spring.plugin.core.version}</version>
         </dependency>
+         <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-oauth2-client</artifactId>
+            <version>${spring-security-oauth2-client.version}</version>
+         </dependency>

         <!-- Protostuff Io -->
         <dependency>