Merge pull request #2892 from bcgov/feature/FLA-1586-vulnerability

TayGov · web-flow · commit 362644b564be · 2025-04-01T06:46:36.000-07:00
Feature/fla 1586 vulnerability
diff --git a/src/backend/Dockerfile.efiling-api b/src/backend/Dockerfile.efiling-api
@@ -41,6 +41,8 @@ RUN mvn -B clean install \
 #############################################################################################
 FROM eclipse-temurin:17-jre-alpine
 
+RUN apk update && apk add --upgrade --no-cache libexpat # fix CVE-2024-8176
+
 # ARG MVN_PROFILES
 ARG SERVICE_NAME=efiling-api
 
diff --git a/src/backend/efiling-api/pom.xml b/src/backend/efiling-api/pom.xml
@@ -10,7 +10,7 @@
     </parent>
     <groupId>ca.bc.gov.open.jag</groupId>
     <artifactId>efiling-api</artifactId>
-    <version>2.0.6</version>
+    <version>2.0.7-SNAPSHOT</version>
     <name>efiling-api</name>
     <description>Demo project for Spring Boot</description>
 
@@ -65,7 +65,7 @@
         <dependency>
             <groupId>ca.bc.gov.open.jag</groupId>
             <artifactId>efiling-commons</artifactId>
-            <version>2.0.6</version>
+            <version>2.0.7-SNAPSHOT</version>
         </dependency>
 
         <dependency>
@@ -208,6 +208,7 @@
         <dependency>
             <groupId>org.apache.tomcat.embed</groupId>
             <artifactId>tomcat-embed-core</artifactId>
+            <version>10.1.39</version>
         </dependency>
         <dependency>
             <groupId>org.json</groupId>
@@ -243,14 +244,19 @@
             <artifactId>cxf-core</artifactId>
             <version>4.0.6</version>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-crypto</artifactId>
+            <version>6.3.8</version>
+        </dependency>
     </dependencies>
 
     <dependencyManagement>
         <dependencies>
             <dependency>
                 <groupId>ca.bc.gov.open.jag</groupId>
                 <artifactId>efiling-bom</artifactId>
-                <version>2.0.6</version>
+                <version>2.0.7-SNAPSHOT</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>
@@ -273,19 +279,19 @@
                 <dependency>
                     <groupId>ca.bc.gov.open.jag</groupId>
                     <artifactId>efiling-cso-starter</artifactId>
-                    <version>2.0.6</version>
+                    <version>2.0.7-SNAPSHOT</version>
                 </dependency>
 
                 <dependency>
                     <groupId>ca.bc.gov.open.jag</groupId>
                     <artifactId>efiling-bambora-api-client</artifactId>
-                    <version>2.0.6</version>
+                    <version>2.0.7-SNAPSHOT</version>
                 </dependency>
 
                 <dependency>
                     <groupId>ca.bc.gov.open.jag</groupId>
                     <artifactId>efiling-ceis-api-client</artifactId>
-                    <version>2.0.6</version>
+                    <version>2.0.7-SNAPSHOT</version>
                 </dependency>
                 
                 <!-- https://mvnrepository.com/artifact/com.github.java-json-tools/jackson-coreutils -->
@@ -327,7 +333,7 @@
                 <dependency>
                     <groupId>ca.bc.gov.open.jag</groupId>
                     <artifactId>efiling-demo-starter</artifactId>
-                    <version>2.0.6</version>
+                    <version>2.0.7-SNAPSHOT</version>
                 </dependency>
             </dependencies>
         </profile>
diff --git a/src/backend/libs/efiling-bambora-api-client/pom.xml b/src/backend/libs/efiling-bambora-api-client/pom.xml
@@ -4,7 +4,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>ca.bc.gov.open.jag</groupId>
 	<artifactId>efiling-bambora-api-client</artifactId>
-	<version>2.0.6</version>
+	<version>2.0.7-SNAPSHOT</version>
 	<name>efiling-bambora-api-client</name>
 	<description>Client for Bambora</description>
 
@@ -111,7 +111,7 @@
         <dependency>
             <groupId>ca.bc.gov.open.jag</groupId>
             <artifactId>efiling-commons</artifactId>
-            <version>2.0.6</version>
+            <version>2.0.7-SNAPSHOT</version>
             <scope>compile</scope>
         </dependency>
     </dependencies>
@@ -128,7 +128,7 @@
 			<dependency>
 				<groupId>ca.bc.gov.open.jag</groupId>
 				<artifactId>efiling-bom</artifactId>
-				<version>2.0.6</version>
+				<version>2.0.7-SNAPSHOT</version>
 				<type>pom</type>
 				<scope>import</scope>
 			</dependency>
diff --git a/src/backend/libs/efiling-bom/pom.xml b/src/backend/libs/efiling-bom/pom.xml
@@ -5,7 +5,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>ca.bc.gov.open.jag</groupId>
     <artifactId>efiling-bom</artifactId>
-    <version>2.0.6</version>
+    <version>2.0.7-SNAPSHOT</version>
 
     <properties>
         <log4j2.version>2.17.1</log4j2.version>
diff --git a/src/backend/libs/efiling-ceis-api-client/pom.xml b/src/backend/libs/efiling-ceis-api-client/pom.xml
@@ -4,7 +4,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>ca.bc.gov.open.jag</groupId>
 	<artifactId>efiling-ceis-api-client</artifactId>
-	<version>2.0.6</version>
+	<version>2.0.7-SNAPSHOT</version>
 	<name>efiling-ceis-api-client</name>
 	<description>Client for CEIS ORDS</description>
 
@@ -123,7 +123,7 @@
         <dependency>
             <groupId>ca.bc.gov.open.jag</groupId>
             <artifactId>efiling-commons</artifactId>
-            <version>2.0.6</version>
+            <version>2.0.7-SNAPSHOT</version>
             <scope>compile</scope>
         </dependency>
     </dependencies>
@@ -140,7 +140,7 @@
 			<dependency>
 				<groupId>ca.bc.gov.open.jag</groupId>
 				<artifactId>efiling-bom</artifactId>
-				<version>2.0.6</version>
+				<version>2.0.7-SNAPSHOT</version>
 				<type>pom</type>
 				<scope>import</scope>
 			</dependency>
diff --git a/src/backend/libs/efiling-commons/pom.xml b/src/backend/libs/efiling-commons/pom.xml
@@ -4,7 +4,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>ca.bc.gov.open.jag</groupId>
     <artifactId>efiling-commons</artifactId>
-    <version>2.0.6</version>
+    <version>2.0.7-SNAPSHOT</version>
     <name>efiling-commons</name>
     <description>Contains common functionality to efiling</description>
 
@@ -71,7 +71,7 @@
             <dependency>
                 <groupId>ca.bc.gov.open.jag</groupId>
                 <artifactId>efiling-bom</artifactId>
-                <version>2.0.6</version>
+                <version>2.0.7-SNAPSHOT</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>
diff --git a/src/backend/libs/efiling-cso-client/pom.xml b/src/backend/libs/efiling-cso-client/pom.xml
@@ -5,7 +5,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>ca.bc.gov.open.jag</groupId>
     <artifactId>efiling-cso-client</artifactId>
-    <version>2.0.6</version>
+    <version>2.0.7-SNAPSHOT</version>
 
     <properties>
         <java.version>17</java.version>
@@ -59,7 +59,7 @@
         <dependency>
             <groupId>ca.bc.gov.open.jag</groupId>
             <artifactId>efiling-commons</artifactId>
-            <version>2.0.6</version>
+            <version>2.0.7-SNAPSHOT</version>
         </dependency>
 
         <dependency>
@@ -90,7 +90,7 @@
             <dependency>
                 <groupId>ca.bc.gov.open.jag</groupId>
                 <artifactId>efiling-bom</artifactId>
-                <version>2.0.6</version>
+                <version>2.0.7-SNAPSHOT</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>
diff --git a/src/backend/libs/efiling-cso-starter/pom.xml b/src/backend/libs/efiling-cso-starter/pom.xml
@@ -13,7 +13,7 @@
 
     <groupId>ca.bc.gov.open.jag</groupId>
     <artifactId>efiling-cso-starter</artifactId>
-    <version>2.0.6</version>
+    <version>2.0.7-SNAPSHOT</version>
 
     <properties>
         <java.version>17</java.version>
@@ -79,13 +79,13 @@
         <dependency>
             <groupId>ca.bc.gov.open.jag</groupId>
             <artifactId>efiling-commons</artifactId>
-            <version>2.0.6</version>
+            <version>2.0.7-SNAPSHOT</version>
         </dependency>
 
         <dependency>
             <groupId>ca.bc.gov.open.jag</groupId>
             <artifactId>efiling-cso-client</artifactId>
-            <version>2.0.6</version>
+            <version>2.0.7-SNAPSHOT</version>
         </dependency>
 
     </dependencies>
@@ -95,7 +95,7 @@
             <dependency>
                 <groupId>ca.bc.gov.open.jag</groupId>
                 <artifactId>efiling-bom</artifactId>
-                <version>2.0.6</version>
+                <version>2.0.7-SNAPSHOT</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>
diff --git a/src/backend/libs/efiling-demo-starter/pom.xml b/src/backend/libs/efiling-demo-starter/pom.xml
@@ -6,7 +6,7 @@
 
     <groupId>ca.bc.gov.open.jag</groupId>
     <artifactId>efiling-demo-starter</artifactId>
-    <version>2.0.6</version>
+    <version>2.0.7-SNAPSHOT</version>
 
     <properties>
         <java.version>17</java.version>
@@ -60,7 +60,7 @@
         <dependency>
             <groupId>ca.bc.gov.open.jag</groupId>
             <artifactId>efiling-commons</artifactId>
-            <version>2.0.6</version>
+            <version>2.0.7-SNAPSHOT</version>
         </dependency>
 
         <dependency>
@@ -82,7 +82,7 @@
             <dependency>
                 <groupId>ca.bc.gov.open.jag</groupId>
                 <artifactId>efiling-bom</artifactId>
-                <version>2.0.6</version>
+                <version>2.0.7-SNAPSHOT</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>
diff --git a/src/backend/pom.xml b/src/backend/pom.xml
@@ -6,7 +6,7 @@
 
 	<groupId>ca.bc.gov.open</groupId>
 	<artifactId>jag-efiling-backend</artifactId>
-	<version>2.0.6</version>
+	<version>2.0.7-SNAPSHOT</version>
 
 	<description>EfilingHub Backend services</description>
 
diff --git a/src/frontend/efiling-demo/Dockerfile b/src/frontend/efiling-demo/Dockerfile
@@ -18,6 +18,8 @@ RUN yarn build --production=true
 #############################################################################################
 FROM nginx:1.27.4-alpine
 
+RUN apk update && apk add --upgrade --no-cache libexpat libxml2 libxslt
+
 RUN rm -rf /usr/share/nginx/html/
 COPY --from=build /app/build /usr/share/nginx/html
 WORKDIR /usr/share/nginx/html
diff --git a/src/frontend/efiling-demo/package.json b/src/frontend/efiling-demo/package.json
@@ -7,7 +7,7 @@
     "@babel/preset-react": "^7.13.13",
     "@bcgov/bootstrap-theme": "github:bcgov/bootstrap-theme",
     "@csstools/normalize.css": "csstools/normalize.css",
-    "axios": "^0.25.0",
+    "axios": "^0.30.0",
     "babel-plugin-transform-export-extensions": "^6.22.0",
     "bootstrap": "^4.5.3",
     "browserslist": "^4.19.1",
diff --git a/src/frontend/efiling-frontend/Dockerfile b/src/frontend/efiling-frontend/Dockerfile
@@ -19,6 +19,8 @@ RUN yarn build
 #############################################################################################
 FROM nginx:1.27.4-alpine
 
+RUN apk update && apk add --upgrade --no-cache libexpat libxml2 libxslt
+
 RUN rm -rf /usr/share/nginx/html/
 COPY --from=build /app/build /etc/nginx/html/efilinghub
 
diff --git a/src/frontend/efiling-frontend/package.json b/src/frontend/efiling-frontend/package.json
@@ -8,7 +8,7 @@
     "@babel/preset-react": "^7.18.6",
     "@bcgov/bootstrap-theme": "github:bcgov/bootstrap-theme",
     "assert": "^2.0.0",
-    "axios": "^0.25.0",
+    "axios": "^0.30.0",
     "axios-auth-refresh": "^2.2.8",
     "babel-plugin-transform-export-extensions": "^6.22.0",
     "bootstrap": "^4.5.3",
