From e0225eebdf145e7b07d438c152cbbe43230d027f Mon Sep 17 00:00:00 2001
From: shawn-sher <5396793+shawn-sher@users.noreply.github.com>
Date: Thu, 27 Apr 2023 08:23:55 -0700
Subject: [PATCH] Fix/update library version (#1145)

* Some library updates and factoring

* More updates

---------

Co-authored-by: Shawn Sherwood <shawn-sher@users.noreply.github.com>
---
 build.gradle                              | 76 +++++++++++++++--------
 cerberus-audit-logger-athena/build.gradle |  1 +
 cerberus-core/build.gradle                | 17 ++---
 cerberus-domain/build.gradle              | 12 ++--
 cerberus-web/build.gradle                 | 18 +++---
 5 files changed, 76 insertions(+), 48 deletions(-)

diff --git a/build.gradle b/build.gradle
index 6e79ce86..d47f663e 100644
--- a/build.gradle
+++ b/build.gradle
@@ -19,25 +19,51 @@ import com.github.spotbugs.snom.SpotBugsReport
 buildscript {
   ext {
     versions = [
-      ant: '1.10.+',
-      awsSdkVersion: '1.12.+',
-      commonsIo: '2.11.0',
-      groovy: '4.0.8',
-      guava: '31.1-jre',
-      jakartaXmlBindApi: '3.0.1',
-      jaxbRuntime: '4.0.1',
-      jjwt: '0.11.5',
-      kork: '7.160.2',
-      lang3: '3.12.0',
-      logback: '1.2.11',
-      lombok: '1.18.26',
-      mybatisSpring: '2.1.0',
-      okta: '8.2.3',
-      oktaAuthnSdk: '2.0.10',
-      oktaJwtVerifier: '0.5.7',
-      resilience4j: '1.7.1',  // 2 requires java 17
-      restAssured: '5.3.0',
-      springBoot: '2.7.8',
+      ant: '1.10.13',                   // org.apache.ant:ant-junit
+      awsSdkVersion: '1.12.454',        // com.amazonaws:aws-java-sdk-core
+      awsEncryptionSdk: '2.4.0',        // com.amazonaws:aws-encryption-sdk-java
+      backstopper: '0.15.0',            // com.nike.backstopper:backstopper-spring-web-mvc
+      c3p0: '0.9.5.5',                  // com.mchange:c3p0
+      caffeine: '3.1.6',                // com.github.ben-manes.caffeine:caffeine
+      commonsIo: '2.11.0',              // commons-io:commons-io
+      commonsText: '1.10.0',            // org.apache.commons:commons-text
+      dependencyCheckGradle: '8.2.1',   // org.owasp:dependency-check-gradle
+      findbugsAnnotations: '3.0.1u2',   // com.google.code.findbugs:annotations
+      findSecBugs: '1.12.0',            // com.h3xstream.findsecbugs:findsecbugs-plugin
+      flyway: '5.2.4',                  // org.flywaydb:flyway-core
+      groovy: '4.0.11',                 // org.apache.groovy:groovy-all
+      gson: '2.10.1',                   // com.google.code.gson:gson
+      guava: '31.1-jre',                // com.google.guava:guava
+      hibernationValidation: '7.0.5.Final',       // org.hibernate:hibernate-validator     // TODO
+      jacksonAnnotations: '2.14.1',     // com.fasterxml.jackson.core:jackson-annotations
+      jakartaValidationApi: '2.0.2',    // jakarta.validation:jakarta.validation-api
+      jakartaXmlBindApi: '4.0.0',       // jakarta.xml.bind:jakarta.xml.bind-api
+      javaxEl: '3.0.0',                 // org.glassfish:javax.el
+      jaxbRuntime: '4.0.2',             // org.glassfish.jaxb:jaxb-runtime
+      jjwt: '0.11.5',                   // io.jsonwebtoken:jjwt-api
+      jupiterApi: '5.9.2',              // org.junit.jupiter:junit-jupiter-api
+      kork: '7.172.0',                  // io.spinnaker.kork:kork-secrets
+      kotlinStdlib: '1.8.20',           // org.jetbrains.kotlin:kotlin-stdlib-common
+      lang3: '3.12.0',                  // org.apache.commons:commons-lang3
+      logback: '1.4.7',                 // ch.qos.logback:logback-core
+      lombok: '1.18.26',                // org.projectlombok:lombok
+      metricsCore: '4.2.18',            // io.dropwizard.metrics:metrics-core
+      mockitoAll: '1.10.19',            // org.mockito:mockito-all
+      mybatis: '3.5.13',                // org.mybatis:mybatis
+      mybatisSpring: '2.1.0',           // org.mybatis:mybatis-spring
+      mysqlConnector: '8.0.33',         // com.mysql:mysql-connector-j
+      okhttp: '4.11.0',                 // com.squareup.okhttp3:okhttp
+      okta: '8.2.3',                    // com.okta.sdk:okta-sdk-api
+      oktaAuthnSdk: '2.0.10',           // com.okta.authn.sdk:okta-authn-sdk-api
+      oktaJwtVerifier: '0.5.7',         // com.okta.jwt:okta-jwt-verifier
+      openPojo: '0.9.1',                // com.openpojo:openpojo
+      resilience4j: '1.7.1',            // 2 requires java 17  // io.github.resilience4j:resilience4j-all
+      restAssured: '5.3.0',             // io.rest-assured:rest-assured-all
+      slf4j: '2.0.7',                   // org.slf4j:slf4j-api
+      spockCore: '2.3-groovy-4.0',      // org.spockframework:spock-core
+      springBoot: '2.7.11',             // org.springframework.boot:spring-boot-dependencies
+      tikaCore: '2.7.0',                // org.apache.tika:tika-core
+      wingtipsSpringBoot: '0.24.2',     // com.nike.wingtips:wingtips-spring-boot
     ]
   }
 
@@ -52,7 +78,7 @@ buildscript {
   }
 
   dependencies {
-    classpath "org.owasp:dependency-check-gradle:8.0.2"
+    classpath "org.owasp:dependency-check-gradle:${versions.dependencyCheckGradle}"
   }
 }
 
@@ -80,7 +106,7 @@ allprojects {
   }
 
   dependencies {
-    spotbugsPlugins 'com.h3xstream.findsecbugs:findsecbugs-plugin:1.12.0'
+    spotbugsPlugins "com.h3xstream.findsecbugs:findsecbugs-plugin:${versions.findSecBugs}"
   }
 
   spotbugs {
@@ -175,10 +201,10 @@ subprojects {
 
     // common test deps
     testImplementation "org.apache.groovy:groovy-all:${versions.groovy}"
-    testImplementation 'org.spockframework:spock-core:2.3-groovy-4.0'
-    testImplementation 'org.junit.jupiter:junit-jupiter-api:5.9.2'
-    testImplementation 'org.mockito:mockito-all:1.10.19'
-    testImplementation 'com.openpojo:openpojo:0.9.1'
+    testImplementation "org.spockframework:spock-core:${versions.spockCore}"
+    testImplementation "org.junit.jupiter:junit-jupiter-api:${versions.jupiterApi}"
+    testImplementation "org.mockito:mockito-all:${versions.mockitoAll}"
+    testImplementation "com.openpojo:openpojo:${versions.openPojo}"
   }
 
   test {
diff --git a/cerberus-audit-logger-athena/build.gradle b/cerberus-audit-logger-athena/build.gradle
index 1b3580c5..d058fa5f 100644
--- a/cerberus-audit-logger-athena/build.gradle
+++ b/cerberus-audit-logger-athena/build.gradle
@@ -26,4 +26,5 @@ dependencies {
 
     implementation "ch.qos.logback:logback-classic:${versions.logback}"
     implementation "ch.qos.logback:logback-core:${versions.logback}"
+    implementation "org.slf4j:slf4j-api:${versions.slf4j}"
 }
diff --git a/cerberus-core/build.gradle b/cerberus-core/build.gradle
index 4568f9e1..bf1d4f02 100644
--- a/cerberus-core/build.gradle
+++ b/cerberus-core/build.gradle
@@ -20,29 +20,30 @@ dependencies {
   api "org.springframework.boot:spring-boot-starter-security:${versions.springBoot}"
 
   // Error management
-  api 'com.nike.backstopper:backstopper-spring-web-mvc:0.15.0'
+  api "com.nike.backstopper:backstopper-spring-web-mvc:${versions.backstopper}"
 
   // Metrics
-  api 'io.dropwizard.metrics:metrics-core:4.2.12'
+  api "io.dropwizard.metrics:metrics-core:${versions.metricsCore}"
 
   // Misc
   api "io.github.resilience4j:resilience4j-all:${versions.resilience4j}"
-  api "com.squareup.okhttp3:okhttp:4.10.0"
-  api 'com.github.ben-manes.caffeine:caffeine:3.1.1'
+
+  api "com.squareup.okhttp3:okhttp:${versions.okhttp}"
+  api "com.github.ben-manes.caffeine:caffeine:${versions.caffeine}"
 
   // TODO jav 8 -> java 11 error, verify and document why this is required
   api "jakarta.xml.bind:jakarta.xml.bind-api:${versions.jakartaXmlBindApi}"
   api "org.glassfish.jaxb:jaxb-runtime:${versions.jaxbRuntime}"
 
-  // Find bugs annotations
-  api 'com.google.code.findbugs:annotations:3.0.1u2'
 
+  // Find bugs annotations
+  api "com.google.code.findbugs:annotations:${versions.findbugsAnnotations}"
   api "com.google.guava:guava:${versions.guava}"
 }
 
 configurations.all {
   resolutionStrategy {
-    force "org.jetbrains.kotlin:kotlin-stdlib-common:1.7.20"
-    force "org.jetbrains.kotlin:kotlin-stdlib:1.7.20"
+    force "org.jetbrains.kotlin:kotlin-stdlib-common:${versions.kotlinStdlib}"
+    force "org.jetbrains.kotlin:kotlin-stdlib:${versions.kotlinStdlib}"
   }
 }
diff --git a/cerberus-domain/build.gradle b/cerberus-domain/build.gradle
index 01fa14bd..f6e510d8 100644
--- a/cerberus-domain/build.gradle
+++ b/cerberus-domain/build.gradle
@@ -19,15 +19,15 @@ repositories {
 }
 
 dependencies {
-  api group: 'jakarta.validation', name: 'jakarta.validation-api', version: '2.0.2'
+  api "jakarta.validation:jakarta.validation-api:${versions.jakartaValidationApi}"
 
-  api group: 'org.hibernate', name: 'hibernate-validator', version: '7.0.5.Final'
-  api group: 'com.fasterxml.jackson.core', name: 'jackson-annotations', version: '2.11.1'
+  api "org.hibernate:hibernate-validator:${versions.hibernationValidation}"
+  api "com.fasterxml.jackson.core:jackson-annotations:${versions.jacksonAnnotations}"
 
-  api group: 'org.apache.commons', name: 'commons-lang3', version: versions.lang3
-  api group: 'org.apache.commons', name: 'commons-text', version: '1.10.0'
+  api "org.apache.commons:commons-lang3:${versions.lang3}"
+  api "org.apache.commons:commons-text:${versions.commonsText}"
 
   integrationTestCompile "org.apache.groovy:groovy-all:${versions.groovy}"
-  testImplementation group: 'org.glassfish', name: 'javax.el', version: '3.0.0'
+  testImplementation "org.glassfish:javax.el:${versions.javaxEl}"
 
 }
diff --git a/cerberus-web/build.gradle b/cerberus-web/build.gradle
index 149c7f6d..22cfd6e4 100644
--- a/cerberus-web/build.gradle
+++ b/cerberus-web/build.gradle
@@ -46,20 +46,20 @@ dependencies {
   // DB: Mybatis, Flyway, C3p0
   implementation "org.mybatis.spring.boot:mybatis-spring-boot-starter:${versions.mybatisSpring}"
   implementation "org.mybatis:mybatis-spring:${versions.mybatisSpring}"
-  implementation 'org.mybatis:mybatis:3.5.11'
-  implementation 'com.mchange:c3p0:0.9.5.5'
-  implementation 'mysql:mysql-connector-java:8.0.32'
-  implementation 'org.flywaydb:flyway-core:5.2.4' // Can't upgrade this past this version until Aurora is upgraded to 5.7
+  implementation "org.mybatis:mybatis:${versions.mybatis}"
+  implementation "com.mchange:c3p0:${versions.c3p0}"
+  implementation "com.mysql:mysql-connector-j:${versions.mysqlConnector}"
+  implementation "org.flywaydb:flyway-core:${versions.flyway}" // Can't upgrade this past this version until Aurora is upgraded to 5.7
 
   // First secrets
   implementation "io.spinnaker.kork:kork-secrets:${versions.kork}"
 
   // Misc
   implementation "com.google.guava:guava:${versions.guava}"  // todo, pretty sure with Java 11, we can get ride of this, we mostly use this for the collection builders.
-  implementation 'com.google.code.gson:gson:2.9.1' // todo delete, should use jackson. see cipher text utils
+  implementation "com.google.code.gson:gson:${versions.gson}" // todo delete, should use jackson. see cipher text utils
 
   // Secure File Mime Type
-  implementation "org.apache.tika:tika-core:1.28.5"
+  implementation "org.apache.tika:tika-core:${versions.tikaCore}"
 
   // AWS
   implementation "com.amazonaws:aws-java-sdk-core:${versions.awsSdkVersion}"
@@ -67,7 +67,7 @@ dependencies {
   implementation "com.amazonaws:aws-java-sdk-sts:${versions.awsSdkVersion}"
   implementation "com.amazonaws:aws-java-sdk-s3:${versions.awsSdkVersion}"
   implementation "com.amazonaws:aws-java-sdk-secretsmanager:${versions.awsSdkVersion}"
-  implementation 'com.amazonaws:aws-encryption-sdk-java:2.4.0'
+  implementation "com.amazonaws:aws-encryption-sdk-java:${versions.awsEncryptionSdk}"
 
 
   // JWT
@@ -81,12 +81,12 @@ dependencies {
 
 
   //dist tracing
-  implementation 'com.nike.wingtips:wingtips-spring-boot:0.24.2'
+  implementation "com.nike.wingtips:wingtips-spring-boot:${versions.wingtipsSpringBoot}"
 
   // test deps
   testImplementation("org.springframework.boot:spring-boot-starter-test:${versions.springBoot}")
   testImplementation "commons-io:commons-io:${versions.commonsIo}"
-  testImplementation "com.nike.backstopper:backstopper-reusable-tests:0.15.0"
+  testImplementation "com.nike.backstopper:backstopper-reusable-tests:${versions.backstopper}"
 
   // Integration Test Deps
   integrationTestImplementation sourceSets.main.output