CCD-5045 : Fix acb entries to fix timeout issue (#282)

* CCD-5045 : Fix acb entries to fix timeout issue * Update acb.tpl.yaml * bumps and suppressions to fix dependencycheck failures * Empty-Commit --------- Co-authored-by: amoghnaik-hmcts <[email protected]> Co-authored-by: Dinesh Patel <[email protected]> Co-authored-by: dinesh1patel <[email protected]>
hmcts · Feb 7, 2024 · 986ca81 · 986ca81
1 parent ff9fb7a
commit 986ca81
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 12 deletions.
diff --git a/acb.tpl.yaml b/acb.tpl.yaml
@@ -3,7 +3,8 @@ steps:
   - id: pull-base-image-amd64
     cmd: docker pull --platform linux/amd64 hmctspublic.azurecr.io/base/java:17-distroless && docker tag hmctspublic.azurecr.io/base/java:17-distroless hmctspublic.azurecr.io/base/java/linux/amd64:17-distroless
     when: ["-"]
-    keep: true
+    retries: 3
+    retryDelay: 5
 
   - id: runtime-amd64
     build: >
@@ -13,13 +14,15 @@ steps:
       .
     when:
       - pull-base-image-amd64
-    keep: true
+    retries: 3
+    retryDelay: 5
 
   - id: pull-base-image-arm64
     cmd: docker pull --platform linux/arm64 hmctspublic.azurecr.io/base/java:17-distroless && docker tag hmctspublic.azurecr.io/base/java:17-distroless hmctspublic.azurecr.io/base/java/linux/arm64:17-distroless
     when:
       - pull-base-image-amd64
-    keep: true
+    retries: 3
+    retryDelay: 5
 
   - id: runtime-arm64
     build: >
@@ -29,7 +32,8 @@ steps:
       .
     when:
       - pull-base-image-arm64
-    keep: true
+    retries: 3
+    retryDelay: 5
 
   - id: push-images
     push:
@@ -38,15 +42,19 @@ steps:
     when:
       - runtime-amd64
       - runtime-arm64
+    retries: 3
+    retryDelay: 5
 
   - id: manifest-create
     cmd: docker manifest create {{.Run.Registry}}/{{CI_IMAGE_TAG}} {{.Run.Registry}}/{{CI_IMAGE_TAG}}-amd64 {{.Run.Registry}}/{{CI_IMAGE_TAG}}-arm64
     when:
       - push-images
-    keep: true
+    retries: 3
+    retryDelay: 5
 
   - id: manifest-push
     cmd: docker manifest push --purge {{.Run.Registry}}/{{CI_IMAGE_TAG}}
     when:
       - manifest-create
-    keep: true
+    retries: 3
+    retryDelay: 5
diff --git a/build.gradle b/build.gradle
@@ -2,7 +2,7 @@ plugins {
   id 'application'
   id 'jacoco'
   id 'io.spring.dependency-management' version '1.0.10.RELEASE'
-  id 'org.springframework.boot' version '2.7.12'
+  id 'org.springframework.boot' version '2.7.18'
   id 'com.github.ben-manes.versions' version '0.20.0'
   id 'org.sonarqube' version '4.4.0.3356'
   id 'uk.gov.hmcts.java' version '0.12.40'
@@ -139,7 +139,7 @@ repositories {
 
 ext {
   groovyVersion = '3.0.7'
-  tomcatVersion = '9.0.75!!'
+  tomcatVersion = '9.0.83'
   jettyVersion = '9.4.53.v20231009'
 }
 
@@ -160,7 +160,7 @@ def versions = [
 
 
 dependencies {
-  implementation group: 'org.springframework.cloud', name: 'spring-cloud-starter-bootstrap', version: '3.1.0'
+  implementation group: 'org.springframework.cloud', name: 'spring-cloud-starter-bootstrap', version: '3.1.4'
 
   implementation group: 'com.google.guava', name: 'guava', version:'32.1.2-jre'
   implementation group: 'org.apache.httpcomponents', name: 'httpclient', version: '4.5.13'
@@ -172,8 +172,8 @@ dependencies {
   // CVE-2021-28170
   implementation group: 'org.glassfish', name: 'jakarta.el', version: '4.0.1'
   // CVE-2021-42550
-  implementation group: 'ch.qos.logback', name: 'logback-classic', version: '1.2.10'
-  implementation group: 'ch.qos.logback', name: 'logback-core', version: '1.2.10'
+  implementation group: 'ch.qos.logback', name: 'logback-classic', version: '1.2.13'
+  implementation group: 'ch.qos.logback', name: 'logback-core', version: '1.2.13'
 
   implementation group: 'org.springframework.boot', name: 'spring-boot-starter-web'
   implementation group: 'org.springframework.boot', name: 'spring-boot-starter-actuator'
@@ -257,6 +257,7 @@ dependencies {
   implementation group: 'net.minidev', name: 'json-smart', version: '2.4.7'
 
   // CCD-3511 CVE-2020-15522
+  // 1.70 is the latest version, but still has vulnerabilities (CVE-2023-33202)
   implementation group: 'org.bouncycastle', name: 'bcpkix-jdk15on', version: '1.70'
 }
 

diff --git a/dependency-check-suppressions.xml b/dependency-check-suppressions.xml
@@ -22,7 +22,10 @@
         CVE-2023-33202 refer [Ticket]
         CVE-2023-34055 refer [Ticket]
         CVE-2023-46589 refer [Ticket]
-        CVE-2023-6378 refer [Ticket]</notes>
+        CVE-2023-6378 refer [Ticket]
+        CVE-2023-33202 refer https://tools.hmcts.net/jira/browse/CCD-5136
+        CVE-2023-34055 refer https://tools.hmcts.net/jira/browse/CCD-5135
+    </notes>
     <cve>CVE-2022-45688</cve>
     <cve>CVE-2023-35116</cve>
     <cve>CVE-2023-34034</cve>