Fix secrel issues (#3847)

## What was the problem? Secrel not signing images for 3 apps (**EE Max CFI, CC,** and **db-init**) resulting in a blockage of deployment specifically for CC at this time. For more info on Aqua gate check vulnerabilities, see this [Secrel run](https://github.com/department-of-veterans-affairs/abd-vro-internal/actions/runs/12234329422). Associated tickets or Slack threads: - #3846 ## How does this fix it? This upgrades versions of all affected packages.
department-of-veterans-affairs · Dec 10, 2024 · 2377904 · 2377904
2 parents f92e00d + 95d68b4
commit 2377904
Show file tree

Hide file tree

Showing 6 changed files with 8 additions and 10 deletions.
diff --git a/domain-cc/cc-app/src/requirements.txt b/domain-cc/cc-app/src/requirements.txt
@@ -3,6 +3,6 @@ httpx==0.24.*
 pika==1.3.*
 pydantic==2.6.1
 pytest==7.3.1
-setuptools>=70.0.0
+setuptools>=75.6.0
 starlette>=0.40.0
 uvicorn[standard]==0.20.*
diff --git a/domain-ee/ee-ep-merge-app/src/requirements.txt b/domain-ee/ee-ep-merge-app/src/requirements.txt
@@ -9,7 +9,7 @@ pytest-cov==5.0.0
 pytest-env==1.0.1
 pytest-mock==3.11.1
 python-statemachine==2.1.*
-setuptools>=70.0.0
+setuptools>=75.6.0
 SQLAlchemy==2.0.*
 starlette>=0.40.0
 uvicorn[standard]==0.20.*
diff --git a/domain-ee/ee-max-cfi-app/pyproject.toml b/domain-ee/ee-max-cfi-app/pyproject.toml
@@ -1,4 +1,4 @@
-requires = ["setuptools >= 70.0.0"]
+requires = ["setuptools >= 75.6.0"]
 # pyproject.toml
 [tool.pytest.ini_options]
 minversion = "6.0"

diff --git a/gradle-plugins/src/main/groovy/shared.java.vro-dep-constraints.gradle b/gradle-plugins/src/main/groovy/shared.java.vro-dep-constraints.gradle
@@ -48,12 +48,12 @@ dependencies {
         implementation 'ca.uhn.hapi.fhir:org.hl7.fhir.r4b:5.6.92'
         implementation 'ca.uhn.hapi.fhir:org.hl7.fhir.convertors:5.6.92'
 
-        implementation 'io.netty:netty-handler:4.1.105.Final'
+        implementation 'io.netty:netty-handler:4.1.115.Final'
 
         // For Kafka svc-bie-kafka service override
         implementation('org.xerial.snappy:snappy-java:1.1.10.4')
 
-        implementation('com.google.guava:guava:33.0.0-jre')
+        implementation('com.google.guava:guava:33.3.1-jre')
         implementation 'org.bouncycastle:bcpkix-jdk18on:1.74'
         implementation 'org.webjars:swagger-ui:4.1.3'
         implementation 'org.springframework.kafka:spring-kafka:2.9.11'

diff --git a/shared/lib-hoppy/pyproject.toml b/shared/lib-hoppy/pyproject.toml
@@ -1,5 +1,5 @@
 [build-system]
-requires = ["setuptools >= 70.0.0"]
+requires = ["setuptools >= 75.6.0"]
 build-backend = "setuptools.build_meta"
 
 [project]

diff --git a/shared/lib-metrics/src/test/java/gov/va/vro/metricslogging/MetricLoggerServiceTest.java b/shared/lib-metrics/src/test/java/gov/va/vro/metricslogging/MetricLoggerServiceTest.java
@@ -136,10 +136,8 @@ void testGetTimestamp() {
   }
 
   // TODO: This test is commented out because it is flaky and causing CI pipeline failures.
-  // It intermittently fails due to depracated gradle version as well as due to a mismatch in the
-  // test assertions,
-  // likely caused by unexpected values in the generated DistributionPointsPayload.
-  // The gradle version has been upgraded at this time and this test requires further investigation.
+  // It intermittently fails due to deprecated gradle version as well as due to a mismatch
+  // in the test assertions. This test requires further investigation.
 
   // @Test
   // void testCreateDistributionPointsPayload() {