Bumped dependencies (with Spring Boot 3.2)

.github/workflows/build.yml

@@ -1,6 +1,3 @@
-# This workflow will build a Java project with Gradle
-# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-gradle
-
 name: Build
 
 on:
@@ -17,25 +14,14 @@ jobs:
 
     steps:
     - uses: actions/checkout@v3
-    - name: Set up JDK 1.17
+
+    - name: Set up JDK 17
       uses: actions/setup-java@v3
       with:
         distribution: 'temurin'
         java-version: '17'
-    - name: Cache Gradle packages
-      uses: actions/cache@v3
-      with:
-        path: |
-          ~/.gradle/caches
-          ~/.gradle/wrapper
-        key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
-        restore-keys: |
-          ${{ runner.os }}-gradle-
+
     - name: Build with Gradle
-      run: ./gradlew build jacocoTestReport jacocoTestCoverageVerification
-    - name: Cleanup Gradle Cache
-      # Remove some files from the Gradle cache, so they aren't cached by GitHub Actions.
-      # Restoring these files from a GitHub Actions cache might cause problems for future builds.
-      run: |
-        rm -f ~/.gradle/caches/modules-2/modules-2.lock
-        rm -f ~/.gradle/caches/modules-2/gc.properties
+      uses: gradle/gradle-build-action@v2
+      with:
+        arguments: build jacocoTestReport jacocoTestCoverageVerification

.github/workflows/release.yml

@@ -1,6 +1,3 @@
-# Release any branch to Maven Central.
-# This workflow currently assumes that the target branch is ready to be release (i.e. version is correct)
-
 name: Release
 
 on:
@@ -15,34 +12,25 @@ jobs:
 
     steps:
     - uses: actions/checkout@v3
+
     - name: Set up JDK 17
       uses: actions/setup-java@v3
       with:
         distribution: 'temurin'
         java-version: '17'
-    - name: Cache Gradle packages
-      uses: actions/cache@v3
-      with:
-        path: |
-          ~/.gradle/caches
-          ~/.gradle/wrapper
-        key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
-        restore-keys: |
-          ${{ runner.os }}-gradle-
-    - name: Build with Gradle
+
+    - name: Prepare key
       run: |
         mkdir -p ~/.gnupg/
         printf "$GPG_KEY_BASE64" | base64 --decode > ~/.gnupg/secring.gpg
-        ./gradlew -PmavenRepoUsername=$MAVEN_USERNAME -PmavenRepoPassword=$MAVEN_PASSWORD -Psigning.keyId=$GPG_KEY_ID -Psigning.secretKeyRingFile=$HOME/.gnupg/secring.gpg -Psigning.password=$GPG_KEY_PASSPHRASE publishToSonatype closeAndReleaseStagingRepository
+
+    - name: Build with Gradle
+      uses: gradle/gradle-build-action@v2
       env:
         GPG_KEY_BASE64: ${{ secrets.GPG_KEY_BASE64 }}
         MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }}
         MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }}
         GPG_KEY_ID: ${{ secrets.GPG_KEY_ID }}
         GPG_KEY_PASSPHRASE: ${{ secrets.GPG_KEY_PASSPHRASE }}
-    - name: Cleanup Gradle Cache
-      # Remove some files from the Gradle cache, so they aren't cached by GitHub Actions.
-      # Restoring these files from a GitHub Actions cache might cause problems for future builds.
-      run: |
-        rm -f ~/.gradle/caches/modules-2/modules-2.lock
-        rm -f ~/.gradle/caches/modules-2/gc.properties
+      with:
+        arguments: -PmavenRepoUsername=$MAVEN_USERNAME -PmavenRepoPassword=$MAVEN_PASSWORD -Psigning.keyId=$GPG_KEY_ID -Psigning.secretKeyRingFile=$HOME/.gnupg/secring.gpg -Psigning.password=$GPG_KEY_PASSPHRASE publishToSonatype closeAndReleaseStagingRepository

allow-list.xml

@@ -2,77 +2,24 @@
 <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
     <suppress>
         <notes><![CDATA[
-        No fix available
-        ]]></notes>
-        <gav>org.yaml:snakeyaml:1.30</gav>
-        <cve>CVE-2022-25857</cve>
-        <cve>CVE-2022-38751</cve>
-        <cve>CVE-2022-38749</cve>
-        <cve>CVE-2022-38752</cve>
-        <cve>CVE-2022-41854</cve>
-        <cve>CVE-2022-38750</cve>
-        <cve>CVE-2022-1471</cve>
-    </suppress>
-    <suppress>
-        <notes><![CDATA[
-        No fix available
-        ]]></notes>
-        <gav>org.yaml:snakeyaml:1.31</gav>
-        <cve>CVE-2022-38751</cve>
-        <cve>CVE-2022-38752</cve>
-        <cve>CVE-2022-41854</cve>
-        <cve>CVE-2022-1471</cve>
-    </suppress>
-    <suppress>
-        <notes><![CDATA[
-        No fix available
-        ]]></notes>
-        <gav>org.yaml:snakeyaml:1.33</gav>
-        <cve>CVE-2022-1471</cve>
-    </suppress>
-    <suppress>
-        <notes><![CDATA[
-        Testing false positives by suppressing a CVE
-        https://github.com/jeremylong/DependencyCheck/issues/4528 (Do not use deprecated method)
-        ]]></notes>
-        <gav>org.springframework.security:spring-security-crypto:5.7.8</gav>
-        <cve>CVE-2020-5408</cve>
-    </suppress>
-    <suppress>
-        <notes><![CDATA[
-        Testing false positives by suppressing a CVE
-        https://github.com/spring-projects/spring-framework/issues/24434 (Do not expose HttpInvoker)
-        ]]></notes>
-        <gav>org.springframework:spring-web:5.3.27</gav>
-        <cve>CVE-2016-1000027</cve>
-    </suppress>
-    <suppress base="true">
-        <notes><![CDATA[
-       FP per issue #5121 - fix for commons
-       ]]></notes>
-      <packageUrl regex="true">^(?!pkg:maven/commons-net/commons-net).*$</packageUrl>
-      <cpe>cpe:/a:apache:commons_net</cpe>
-    </suppress>
-    <suppress>
-      <notes><![CDATA[
-          No fix available
+          Example project: bdk-multi-instances-example: hazelcast: no fix available
           ]]></notes>
-      <gav>org.json:json:20231013</gav>
-      <cve>CVE-2022-45688</cve>
-      <cve>CVE-2023-5072</cve>
+        <packageUrl regex="true">^pkg:maven/org\.json/json@.*$</packageUrl>
+        <cve>CVE-2022-45688</cve>
+        <cve>CVE-2023-5072</cve>
     </suppress>
     <suppress>
         <notes><![CDATA[
           No fix available
           ]]></notes>
-        <gav>net.minidev:json-smart:2.4.8</gav>
-        <cve>CVE-2023-1370</cve>
+        <gav>ch.qos.logback:logback-core:1.4.11</gav>
+        <cve>CVE-2023-6378</cve>
     </suppress>
     <suppress>
         <notes><![CDATA[
           No fix available
           ]]></notes>
-        <gav>io.netty:netty-bom:4.1.101.Final</gav>
-        <cve>CVE-2023-4586</cve>
+        <gav>ch.qos.logback:logback-classic:1.4.11</gav>
+        <cve>CVE-2023-6378</cve>
     </suppress>
 </suppressions>

buildSrc/src/main/groovy/bdk.java-common-conventions.gradle

@@ -13,6 +13,7 @@ sourceCompatibility = JavaVersion.VERSION_17
 
 tasks.withType(JavaCompile) {
     options.encoding = 'UTF-8'
+    options.compilerArgs << '-parameters'
 }
 
 javadoc {

gradle/wrapper/gradle-wrapper.properties

@@ -1,6 +1,6 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-7.6-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.5-bin.zip
 networkTimeout=10000
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists

settings.gradle

@@ -23,7 +23,6 @@ include(':symphony-bdk-spring:symphony-bdk-app-spring-boot-starter')
 // examples
 include(':symphony-bdk-examples:bdk-core-examples')
 include(':symphony-bdk-examples:bdk-spring-boot-example')
-include(':symphony-bdk-examples:bdk-template-examples')
 include(':symphony-bdk-examples:bdk-app-spring-boot-example')
 include(':symphony-bdk-examples:bdk-multi-instances-example')
 include(':symphony-bdk-examples:bdk-group-example')
@@ -34,4 +33,3 @@ include(':symphony-bdk-extensions:symphony-group-extension')
 // test framework
 include(':symphony-bdk-test:symphony-bdk-test-spring-boot')
 include(':symphony-bdk-test:symphony-bdk-test-jupiter')
-

symphony-bdk-bom/build.gradle

@@ -16,13 +16,13 @@ repositories {
 
 dependencies {
     // import Spring Boot's BOM
-    api platform('org.springframework.boot:spring-boot-dependencies:3.0.13')
+    api platform('org.springframework.boot:spring-boot-dependencies:3.2.0')
     // import Jackson's BOM
-    api platform('com.fasterxml.jackson:jackson-bom:2.15.3')
+    api platform('com.fasterxml.jackson:jackson-bom:2.16.0')
     // import Jersey's BOM
-    api platform('org.glassfish.jersey:jersey-bom:3.1.2')
+    api platform('org.glassfish.jersey:jersey-bom:3.1.5')
     // import Log4j's BOM
-    api platform('org.apache.logging.log4j:log4j-bom:2.20.0')
+    api platform('org.apache.logging.log4j:log4j-bom:2.22.0')
 
     // define all our dependencies versions
     constraints {
@@ -42,46 +42,41 @@ dependencies {
         api "org.finos.symphony.bdk.ext:symphony-group-extension:$project.version"
 
         // External dependencies
-        api 'org.projectlombok:lombok:1.18.26'
 
         api 'org.apiguardian:apiguardian-api:1.1.2'
 
-        api 'org.slf4j:slf4j-api:2.0.7'
-        api 'org.slf4j:slf4j-log4j12:2.0.7'
+        api 'org.slf4j:slf4j-api:2.0.9'
+        api 'org.slf4j:slf4j-log4j12:2.0.9'
 
-        // Logback is used by default for Spring based projects, force the version for LOGBACK-1591
-        api 'ch.qos.logback:logback-classic:1.4.7'
-        api 'ch.qos.logback:logback-core:1.4.7'
-
-        api 'commons-io:commons-io:2.11.0'
-        api 'commons-codec:commons-codec:1.15'
+        api 'commons-io:commons-io:2.15.1'
+        api 'commons-codec:commons-codec:1.16.0'
         api 'commons-beanutils:commons-beanutils:1.9.4'
-        api 'org.apache.commons:commons-lang3:3.12.0'
-        api 'org.apache.commons:commons-text:1.10.0'
-        api 'commons-logging:commons-logging:1.2'
+        api 'org.apache.commons:commons-lang3:3.14.0'
+        api 'org.apache.commons:commons-text:1.11.0'
+        api 'commons-logging:commons-logging:1.3.0'
         api 'com.brsanthu:migbase64:2.2'
-        api 'io.jsonwebtoken:jjwt:0.9.1'
-        api 'org.bouncycastle:bcpkix-jdk18on:1.74'
+        api 'io.jsonwebtoken:jjwt:0.12.3'
+        api 'org.bouncycastle:bcpkix-jdk18on:1.77'
         api 'com.google.code.findbugs:jsr305:3.0.2'
 
-        api 'io.github.resilience4j:resilience4j-retry:2.1.0'
+        api 'io.github.resilience4j:resilience4j-retry:2.2.0'
 
-        api 'io.swagger:swagger-annotations:1.6.0'
-        api 'org.openapitools:jackson-databind-nullable:0.2.2'
+        api 'io.swagger:swagger-annotations:1.6.12'
+        api 'org.openapitools:jackson-databind-nullable:0.2.6'
 
         api 'org.projectreactor:reactor-spring:1.0.1.RELEASE'
 
         api 'org.freemarker:freemarker:2.3.32'
         api 'com.github.jknack:handlebars:4.3.1'
-        api 'org.reflections:reflections:0.9.12'
+        api 'org.reflections:reflections:0.10.2'
 
-        api 'org.junit.jupiter:junit-jupiter:5.9.2'
-        api 'org.junit.jupiter:junit-jupiter-api:5.9.2'
-        api 'org.junit.jupiter:junit-jupiter-engine:5.9.2'
-        api 'com.tngtech.archunit:archunit-junit5:0.22.0'
+        api 'org.junit.jupiter:junit-jupiter:5.10.1'
+        api 'org.junit.jupiter:junit-jupiter-api:5.10.1'
+        api 'org.junit.jupiter:junit-jupiter-engine:5.10.1'
+        api 'com.tngtech.archunit:archunit-junit5:1.2.1'
         api 'org.mock-server:mockserver-netty:5.15.0'
-        api 'org.mockito:mockito-core:4.11.0'
-        api 'org.mockito:mockito-junit-jupiter:4.11.0'
+        api 'org.mockito:mockito-core:5.8.0'
+        api 'org.mockito:mockito-junit-jupiter:5.8.0'
         api 'org.assertj:assertj-core:3.24.2'
 
         api 'jakarta.ws.rs:jakarta.ws.rs-api:3.1.0'

symphony-bdk-config/src/main/java/com/symphony/bdk/core/config/BdkConfigLoader.java

@@ -1,8 +1,6 @@
 package com.symphony.bdk.core.config;
 
 import com.symphony.bdk.core.config.exception.BdkConfigException;
-import com.symphony.bdk.core.config.legacy.LegacyConfigMapper;
-import com.symphony.bdk.core.config.legacy.model.LegacySymConfig;
 import com.symphony.bdk.core.config.model.BdkConfig;
 
 import com.fasterxml.jackson.databind.DeserializationFeature;
@@ -60,16 +58,7 @@ public static BdkConfig loadFromFile(String configPath) throws BdkConfigExceptio
    */
   public static BdkConfig loadFromInputStream(InputStream inputStream) throws BdkConfigException {
     BdkConfigParser parser = new BdkConfigParser();
-    return parseConfig(parser.parse(inputStream));
-  }
-
-  private static BdkConfig parseConfig(JsonNode jsonNode) {
-    if (jsonNode.at("/botUsername").isMissingNode()) {
-      return JSON_MAPPER.convertValue(jsonNode, BdkConfig.class);
-    } else {
-      LegacySymConfig legacySymConfig = JSON_MAPPER.convertValue(jsonNode, LegacySymConfig.class);
-      return LegacyConfigMapper.map(legacySymConfig);
-    }
+    return JSON_MAPPER.convertValue(parser.parse(inputStream), BdkConfig.class);
   }
 
   /**
@@ -118,9 +107,9 @@ public static BdkConfig loadFromClasspath(String configPath) throws BdkConfigExc
    * @param properties {@link Properties} with BDK properties
    * @return Symphony Bot Configuration
    */
+  @SuppressWarnings("unchecked")
   public static BdkConfig loadFromProperties(Properties properties) throws IOException {
-    final Map<String, String> propertyMap = (Map) properties;
-    return loadFromPropertyMap(propertyMap);
+    return loadFromPropertyMap((Map<String, String>) (Map<?, ?>) properties);
   }
 
   /**
@@ -132,5 +121,4 @@ public static BdkConfig loadFromProperties(Properties properties) throws IOExcep
   public static BdkConfig loadFromPropertyMap(Map<String, String> properties) throws IOException {
     return PROPS_MAPPER.readMapAs(properties, BdkConfig.class);
   }
-
 }