Merge remote-tracking branch 'origin/master' into feature/11778-remov…

…e-namespace-setting

date-time/src/main/java/com/pkb/common/datetime/AutoAdvanceFakeDateTimeService.java

@@ -1,6 +1,8 @@
 package com.pkb.common.datetime;
 
 import java.time.Clock;
+import java.time.Instant;
+import java.time.ZoneId;
 import java.time.temporal.TemporalAmount;
 
 /**
@@ -16,10 +18,22 @@ public class AutoAdvanceFakeDateTimeService extends FakeDateTimeService {
 
     @Override
     public Clock clock() {
-        if (this.currentFixedClock != null && autoAdvanceDuration != null) {
-            moveTime(autoAdvanceDuration);
+        return new AutoAdvanceClockShim(getCurrentZoneId());
+    }
+
+    private class AutoAdvanceClockShim extends ClockShim {
+
+        AutoAdvanceClockShim(ZoneId zone) {
+            super(zone);
+        }
+
+        @Override
+        public Instant instant() {
+            if (currentFixedTime != null && autoAdvanceDuration != null) {
+                moveTime(autoAdvanceDuration);
+            }
+            return super.instant();
         }
-        return super.clock();
     }
 
     public void setAutoAdvanceDuration(TemporalAmount autoAdvanceDuration) {

date-time/src/main/java/com/pkb/common/datetime/FakeDateTimeService.java

@@ -6,16 +6,17 @@
 import java.lang.invoke.MethodHandles;
 import java.time.Clock;
 import java.time.Instant;
+import java.time.ZoneId;
 import java.time.ZonedDateTime;
 import java.time.temporal.TemporalAmount;
 import java.time.temporal.TemporalUnit;
+import java.util.Optional;
 import java.util.concurrent.TimeUnit;
 
 public class FakeDateTimeService implements DateTimeService {
     private static final Logger LOGGER = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
 
-    protected volatile ZonedDateTime currentFixedTime;
-    protected volatile Clock currentFixedClock;
+    volatile ZonedDateTime currentFixedTime;
 
     private final DateTimeService fallbackService;
 
@@ -29,10 +30,11 @@ public FakeDateTimeService(DateTimeService fallbackService) {
 
     @Override
     public Clock clock() {
-        if (currentFixedClock == null) {
-            return fallbackService.clock();
-        }
-        return currentFixedClock;
+        return new ClockShim(getCurrentZoneId());
+    }
+
+    ZoneId getCurrentZoneId() {
+        return Optional.ofNullable(currentFixedTime).map(ZonedDateTime::getZone).orElseGet(fallbackService.clock()::getZone);
     }
 
     @Override
@@ -58,13 +60,37 @@ public long nowNanoTime() {
 
     @Override
     public void forgetFixedCurrentTimeForTesting() {
-        this.currentFixedClock = null;
+        this.currentFixedTime = null;
         LOGGER.info("Cleared fixed fake date time.");
     }
 
     private void fixTime(ZonedDateTime zdt) {
         currentFixedTime = zdt;
-        currentFixedClock = Clock.fixed(zdt.toInstant(), zdt.getZone());
-        LOGGER.info("Set fixed fake date time to: {}", currentFixedClock);
+        LOGGER.info("Set fixed fake date time to: {}", currentFixedTime);
+    }
+
+
+    class ClockShim extends Clock {
+
+        private final ZoneId zone;
+
+        ClockShim(ZoneId zone) {
+            this.zone = zone;
+        }
+
+        @Override
+        public ZoneId getZone() {
+            return zone;
+        }
+
+        @Override
+        public Clock withZone(ZoneId zone) {
+            return new ClockShim(zone);
+        }
+
+        @Override
+        public Instant instant() {
+            return Optional.ofNullable(currentFixedTime).map(ZonedDateTime::toInstant).orElseGet(fallbackService.clock()::instant);
+        }
     }
 }

pom.xml

@@ -47,7 +47,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 
         <apache.commons.text.version>1.10.0</apache.commons.text.version>
-        <approvalcrest.version>0.61.1</approvalcrest.version>
+        <approvalcrest.version>0.61.2</approvalcrest.version>
         <hamcrest.version>2.2</hamcrest.version>
         <vavr.version>0.10.2</vavr.version>
 
@@ -57,7 +57,7 @@
         <version.apache-commons-io>2.6</version.apache-commons-io>
         <javax.javaee-api.version>8.0</javax.javaee-api.version>
         <avro.version>1.11.0</avro.version>
-        <camel.version>3.19.0</camel.version>
+        <camel.version>3.20.2</camel.version>
 
         <maven.compiler.plugin.version>3.8.1</maven.compiler.plugin.version>
         <maven.source.plugin.version>3.2.1</maven.source.plugin.version>
@@ -75,17 +75,17 @@
 
         <commons.testing.version>54-8e2e575-247593</commons.testing.version>
         <spring-cloud.version>2021.0.5</spring-cloud.version>
-        <spring.boot.version>2.7.5</spring.boot.version>
+        <spring.boot.version>2.7.10</spring.boot.version>
         <immutables.version>2.9.0</immutables.version>
-        <checker-qual.version>3.25.0</checker-qual.version>
+        <checker-qual.version>3.32.0</checker-qual.version>
         <kotlin.version>1.6.21</kotlin.version>
-        <errorprone.version>2.16</errorprone.version>
+        <errorprone.version>2.18.0</errorprone.version>
         <groovy.version>2.5.17</groovy.version>
         <retrofit.version>2.9.0</retrofit.version>
         <okhttp.version>4.10.0</okhttp.version>
         <jakarta.persistence-api.version>2.2.3</jakarta.persistence-api.version>
         <jakarta.xml.bind-api.version>2.3.3</jakarta.xml.bind-api.version>
-        <hibernate-core.version>5.6.9.Final</hibernate-core.version> <!-- Please ensure that this remains consistent with the version specified in the spring boot bom -->
+        <hibernate-core.version>5.6.15.Final</hibernate-core.version> <!-- Please ensure that this remains consistent with the version specified in the spring boot bom -->
         <jakarta.inject-api.version>1.0</jakarta.inject-api.version>
         <jaxb-impl.version>2.3.6</jaxb-impl.version>
         <jakarta.activation-api.version>2.0.1</jakarta.activation-api.version>
@@ -94,13 +94,11 @@
         <assertj-version>3.23.1</assertj-version>
 
         <!-- Required to force google components like pub-sub to more recent versions than camel bom will pull in. Keep in line with PHR -->
-        <spring-cloud-gcp.version>3.4.0</spring-cloud-gcp.version>
+        <spring-cloud-gcp.version>3.4.7</spring-cloud-gcp.version>
 
-        <!-- Only needed because of a security issue, remove when spring-cloud-dependencies uses at least spring security version 5.7.5 -->
-        <spring.security.version>5.7.5</spring.security.version>
 
-        <!--Required until approvalcrest is compatible with latest gson again -->
-        <google.gson.version>2.9.0</google.gson.version>
+        <jackson-bom.version>2.14.2</jackson-bom.version>
+        <google.gson.version>2.10.1</google.gson.version>
     </properties>
 
     <modules>
@@ -119,21 +117,20 @@
 
     <dependencyManagement>
         <dependencies>
-            <!-- Only needed because of a security issue, remove when spring-cloud-dependencies uses at least spring security version 5.7.5 -->
-            <dependency>
-                <groupId>org.springframework.security</groupId>
-                <artifactId>spring-security-bom</artifactId>
-                <version>${spring.security.version}</version>
-                <type>pom</type>
-                <scope>import</scope>
-            </dependency>
             <dependency>
                 <groupId>com.google.cloud</groupId>
                 <artifactId>spring-cloud-gcp-dependencies</artifactId>
                 <version>${spring-cloud-gcp.version}</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>
+            <dependency>
+                <groupId>com.fasterxml.jackson</groupId>
+                <artifactId>jackson-bom</artifactId>
+                <version>${jackson-bom.version}</version>
+                <scope>import</scope>
+                <type>pom</type>
+            </dependency>
             <dependency>
                 <groupId>org.springframework.boot</groupId>
                 <artifactId>spring-boot-dependencies</artifactId>
@@ -311,6 +308,13 @@
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>
+            <dependency>
+                <groupId>org.apache.camel</groupId>
+                <artifactId>camel-core</artifactId>
+                <type>test-jar</type>
+                <scope>test</scope>
+                <version>${camel.version}</version>
+            </dependency>
             <dependency>
                 <groupId>org.apache.camel</groupId>
                 <artifactId>camel-xml-jaxb</artifactId>
@@ -398,7 +402,6 @@
             <dependency>
                 <groupId>com.google.code.gson</groupId>
                 <artifactId>gson</artifactId>
-                <!-- latest version is 2.9.0 but it is non-backwards-compatible with karsaig's approval crest -->
                 <version>${google.gson.version}</version>
             </dependency>
         </dependencies>
@@ -452,11 +455,7 @@
                                     to pick the highest version. Otherwise we may end up unexpectedly swapping to an older
                                     version if the 'nearest' definition changes, or end up unexpectedly using a different version
                                     to what we've specified via a parent bom -->
-                                    <requireUpperBoundDeps>
-                                        <excludes>
-                                            <exclude>com.google.code.gson:gson</exclude>
-                                        </excludes>
-                                    </requireUpperBoundDeps>
+                                    <requireUpperBoundDeps/>
                                     <banCircularDependencies/>
                                     <banDuplicateClasses/>
                                     <bannedDependencies>

spring-boot-infrastructure/pom.xml

@@ -19,7 +19,6 @@
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter</artifactId>
-            <version>${spring.boot.version}</version>
             <scope>test</scope>
         </dependency>
         <dependency>

spring-infrastructure/pom.xml

@@ -17,10 +17,6 @@
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-lang3</artifactId>
         </dependency>
-        <dependency>
-            <groupId>org.checkerframework</groupId>
-            <artifactId>checker-qual</artifactId>
-        </dependency>
         <dependency>
             <groupId>com.google.guava</groupId>
             <artifactId>guava</artifactId>

suppression.xml

@@ -1,15 +1,15 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
 
-    <suppress until="2023-03-01Z">
+    <suppress until="2024-01-01Z">
         <!-- This seems to be a false positive because the report refers the com.google.code.gson library -->
         <notes><![CDATA[
    file name: google-http-client-gson-*.jar
    ]]></notes>
         <packageUrl regex="true">^pkg:maven/com\.google\.http\-client/google\-http\-client\-gson@.*$</packageUrl>
         <cve>CVE-2022-25647</cve>
     </suppress>
-    <suppress until="2022-12-06Z">
+    <suppress until="2024-01-01Z">
         <!-- This is a false positive. The CVE is for much lower version of springs security than this one. But
         according to the CVE website the vulnerability is being "reassessed" so we should check back in 2 months and
         see if there's any update -->
@@ -19,5 +19,14 @@
         <packageUrl regex="true">^pkg:maven/org\.springframework\.security/spring\-security\-.*$</packageUrl>
         <vulnerabilityName>CVE-2020-5408</vulnerabilityName>
     </suppress>
+    <suppress until="2023-06-01Z">
+        <!-- Refer to https://github.com/google/guava/issues/4011 -->
+        <!-- Hopefully Google will either remove or update the deprecated method that is affected by this CVE; until then we suppress it -->
+        <notes><![CDATA[
+   file name: guava-31.1-jre.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/com\.google\.guava/guava@.*$</packageUrl>
+        <cve>CVE-2020-8908</cve>
+    </suppress>
 
 </suppressions>