Merge pull request #51 from patientsknowbest/feature/phr-6511-externa…

…l-id-refactor Reduce dependency footprint of spring data kotlin helper
patientsknowbest · Apr 22, 2021 · 3c80f61 · 3c80f61
2 parents f088320 + 1442509
commit 3c80f61
Show file tree

Hide file tree

Showing 4 changed files with 39 additions and 20 deletions.
diff --git a/config/src/main/java/com/pkb/common/config/AbstractBaseConfigStorage.java b/config/src/main/java/com/pkb/common/config/AbstractBaseConfigStorage.java
@@ -1,18 +1,22 @@
 package com.pkb.common.config;
 
+import io.vavr.control.Either;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.util.Optional;
+import java.util.function.Function;
+
 import static io.vavr.API.$;
 import static io.vavr.API.Case;
 import static io.vavr.API.Match;
 import static io.vavr.Predicates.instanceOf;
 import static java.util.function.Function.identity;
 
-import java.util.Optional;
-import java.util.function.Function;
-
-import io.vavr.control.Either;
-
 abstract class AbstractBaseConfigStorage implements ConfigStorage {
 
+    protected static final Logger LOGGER = LoggerFactory.getLogger(java.lang.invoke.MethodHandles.lookup().lookupClass());
+
     protected interface Parser<P> {
         Optional<P> parse(String rawValue);
     }
@@ -36,6 +40,7 @@ private <N extends Number> AbstractBaseConfigStorage.Parser<N> createNumberParse
             try {
                 return Optional.of(wrappedParser.apply(str));
             } catch (NumberFormatException e) {
+                LOGGER.error("Bad config property value [{}] was supposed to be  a number but wasn't parseable", str, e);
                 return Optional.empty();
             }
         };

diff --git a/pom.xml b/pom.xml
@@ -66,7 +66,7 @@
         <maven.source.plugin.version>3.2.1</maven.source.plugin.version>
         <maven.flatten.plugin.version>1.2.1</maven.flatten.plugin.version>
         <maven.surefire.plugin.version>3.0.0-M4</maven.surefire.plugin.version>
-        <owasp-dependency-check.version>5.3.2</owasp-dependency-check.version>
+        <owasp-dependency-check.version>6.1.5</owasp-dependency-check.version>
         <pitest.version>1.5.0</pitest.version>
 
         <revision>0.0.0</revision>
@@ -354,6 +354,8 @@
                         <exclude>org.springframework</exclude>
                     </excludes>
                     <suppressionFile>suppression.xml</suppressionFile>
+                    <cveUrlModified>https://freedumbytes.gitlab.io/setup/nist-nvd-mirror/nvdcve-1.1-modified.json.gz</cveUrlModified>
+                    <cveUrlBase>https://freedumbytes.gitlab.io/setup/nist-nvd-mirror/nvdcve-1.1-%d.json.gz</cveUrlBase>
                 </configuration>
             </plugin>
             <plugin>

diff --git a/spring-boot-kotlin-infrastructure/pom.xml b/spring-boot-kotlin-infrastructure/pom.xml
@@ -23,7 +23,7 @@
     <dependencies>
         <dependency>
             <groupId>org.jetbrains.kotlin</groupId>
-            <artifactId>kotlin-stdlib-jdk8</artifactId>
+            <artifactId>kotlin-stdlib</artifactId>
             <version>${kotlin.version}</version>
             <scope>provided</scope>
         </dependency>
@@ -34,10 +34,18 @@
             <scope>test</scope>
         </dependency>
         <dependency>
-            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-data-jpa</artifactId>
+            <groupId>org.springframework.data</groupId>
+            <artifactId>spring-data-jpa</artifactId>
             <version>2.3.5.RELEASE</version>
+            <scope>provided</scope>
         </dependency>
+        <dependency>
+            <groupId>javax.persistence</groupId>
+            <artifactId>javax.persistence-api</artifactId>
+            <version>2.2</version>
+            <scope>provided</scope>
+        </dependency>
+
     </dependencies>
 
     <build>
@@ -65,7 +73,7 @@
                     </execution>
                 </executions>
                 <configuration>
-                    <jvmTarget>1.8</jvmTarget>
+                    <jvmTarget>11</jvmTarget>
                 </configuration>
             </plugin>
         </plugins>

diff --git a/suppression.xml b/suppression.xml
@@ -7,7 +7,7 @@
             CVE-2019-14540|CVE-2019-14892|CVE-2019-14893|CVE-2019-16335|CVE-2019-16942|CVE-2019-16942|CVE-2019-16943|CVE-2019-17267|CVE-2019-17531|CVE-2019-20330|CVE-2020-10672|CVE-2020-10673|CVE-2020-10968|CVE-2020-10969|CVE-2020-11111|CVE-2020-11112|CVE-2020-11113|CVE-2020-11619|CVE-2020-11620|CVE-2020-8840|CVE-2020-9546|CVE-2020-9547|CVE-2020-9548|CVE-2020-14060|CVE-2020-14061|CVE-2020-14062|CVE-2020-14195|CVE-2020-24616|CVE-2020-24750|CVE-2020-25649
         </vulnerabilityName>
     </suppress>
-    <suppress until="2021-03-01Z">
+    <suppress until="2021-10-01Z">
         <notes>Http client</notes>
         <packageUrl regex="true">^pkg:maven/org.apache.httpcomponents/httpclient.*$</packageUrl>
         <vulnerabilityName>CVE-2020-13956</vulnerabilityName>
@@ -19,12 +19,12 @@
       ]]></notes>
         <vulnerabilityName regex="true">CVE-2019-14900|CVE-2020-25638</vulnerabilityName>
     </suppress>
-    <suppress until="2021-03-01Z">
+    <suppress until="2021-10-01Z">
         <notes><![CDATA[
    file name: spring-security-crypto-5.3.3.RELEASE.jar
    ]]></notes>
         <packageUrl regex="true">^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$</packageUrl>
-        <cve>CVE-2018-1258</cve>
+        <vulnerabilityName regex="true">CVE-2018-1258|CVE-2021-22112</vulnerabilityName>
     </suppress>
     <suppress>
         <notes><![CDATA[
@@ -33,29 +33,33 @@
         <packageUrl regex="true">^pkg:maven/com\.google\.guava.*$</packageUrl>
         <cve>CVE-2020-8908</cve>
     </suppress>
-    <suppress until="2021-03-01Z">
+    <suppress until="2021-10-01Z">
         <notes><![CDATA[
    file name: google-http-client-1.36.0.jar
    ]]></notes>
         <packageUrl regex="true">^pkg:maven/com\.google\.http\-client/google\-http\-client@.*$</packageUrl>
         <cve>CVE-2020-13956</cve>
     </suppress>
-    <suppress until="2021-03-01Z">
+    <suppress until="2021-10-01Z">
         <notes><![CDATA[
    file name: groovy-2.5.6.jar
    ]]></notes>
         <packageUrl regex="true">^pkg:maven/org\.codehaus\.groovy/groovy.*$</packageUrl>
         <vulnerabilityName regex="true">CVE-2020-17521</vulnerabilityName>
     </suppress>
-    <suppress until="2021-03-01Z">
-        <notes><![CDATA[tagsoup-1.2.1.jar]]></notes>
-        <vulnerabilityName regex="true">CVE-2020-29243|CVE-2020-29242|CVE-2020-29245|CVE-2020-29244</vulnerabilityName>
-    </suppress>
-    <suppress until="2021-03-01Z">
+    <suppress until="2021-10-01Z">
         <notes><![CDATA[
    file name: proto-google-iam-v1-0.13.0.jar
    ]]></notes>
         <packageUrl regex="true">^pkg:maven/com\.google\.api\.grpc/proto\-google\-iam\-v1@.*$</packageUrl>
         <vulnerabilityName regex="true">CVE-2017-7860|CVE-2017-7861|CVE-2017-8359|CVE-2017-9431|CVE-2020-7768|</vulnerabilityName>
     </suppress>
+    <suppress until="2021-10-01Z">
+        <notes><![CDATA[ grpc-netty-shaded-1.30.2.jar/]]></notes>
+        <vulnerabilityName regex="true">CVE-2021-21290|CVE-2021-21295|CVE-2021-21409</vulnerabilityName>
+    </suppress>
+    <suppress until="2021-10-01Z">
+        <notes><![CDATA[  kotlin-stdlib-1.4.20.jar/]]></notes>
+        <vulnerabilityName regex="true">CVE-2020-29582</vulnerabilityName>
+    </suppress>
 </suppressions>