Merge pull request #304 from hmcts/CCD-1276-master

CCD-1276 CVE-2021-22118 in AAC Manage Case Assignment

Author: MSancaktutar

build.gradle

@@ -1,15 +1,16 @@
 plugins {
   id 'application'
   id 'jacoco'
-  id 'io.spring.dependency-management' version '1.0.9.RELEASE'
-  id 'org.springframework.boot' version '2.3.4.RELEASE'
+  id 'io.spring.dependency-management' version '1.0.10.RELEASE'
+  id 'org.springframework.boot' version '2.4.4'
   id 'uk.gov.hmcts.java' version '0.12.0'
   id 'com.github.ben-manes.versions' version '0.28.0'
   id 'com.github.spacialcircumstances.gradle-cucumber-reporting' version '0.1.23'
   id 'org.sonarqube' version '2.8'
 }
 
-ext['spring-security.version'] = '5.3.8.RELEASE'
+ext['spring-security.version'] = '5.4.5'
+ext['spring-framework.version'] = '5.3.7'
 
 group = 'uk.gov.hmcts.reform'
 version = '0.0.1'
@@ -165,6 +166,9 @@ dependencyCheck {
 }
 
 dependencyManagement {
+  imports {
+    mavenBom "org.springframework.cloud:spring-cloud-dependencies:2020.0.1"
+  }
   dependencies {
     dependency group: 'org.bouncycastle', name: 'bcpkix-jdk15on', version: '1.61'
     // CVE-2018-10237 - Unbounded memory allocation
@@ -239,8 +243,11 @@ configurations.all {
 }
 
 dependencies {
+  compile group: 'org.springframework.cloud', name: 'spring-cloud-starter-openfeign', version: '2.2.7.RELEASE'
+
   implementation group: 'org.apache.commons', name: 'commons-lang3', version: '3.7'
   implementation group: 'commons-io', name: 'commons-io', version: '2.8.0'
+  implementation group: 'org.springframework.cloud', name: 'spring-cloud-starter-bootstrap', version: '3.0.1'
 
   implementation group: 'org.springframework.boot', name: 'spring-boot-starter-web'
   implementation group: 'org.springframework.boot', name: 'spring-boot-starter-validation'
@@ -266,17 +273,17 @@ dependencies {
   implementation group: 'uk.gov.hmcts.reform', name: 'idam-client', version: '1.5.5'
   implementation group: 'org.springframework.cloud', name: 'spring-cloud-starter-netflix-zuul', version: '2.2.3.RELEASE'
 
-  implementation "org.springframework.security:spring-security-web:5.3.8.RELEASE"
-  implementation "org.springframework.security:spring-security-config:5.3.8.RELEASE"
-  implementation "org.springframework.boot:spring-boot-starter-oauth2-client:2.3.8.RELEASE"
-  implementation "org.springframework.boot:spring-boot-starter-oauth2-resource-server:2.3.8.RELEASE"
-  implementation "com.nimbusds:nimbus-jose-jwt:7.9"
-  implementation "net.minidev:json-smart:2.3"
+  implementation "org.springframework.security:spring-security-web:5.4.5"
+  implementation "org.springframework.security:spring-security-config:5.4.5"
+  implementation "org.springframework.boot:spring-boot-starter-oauth2-client:2.4.5"
+  implementation "org.springframework.boot:spring-boot-starter-oauth2-resource-server:2.4.5"
   implementation "io.github.openfeign:feign-httpclient:11.0"
+  testCompile 'io.github.openfeign:feign-jackson:10.7.0'
+  testCompile group: 'io.github.openfeign.form', name: 'feign-form', version: '3.8.0'
+  compile group: 'io.github.openfeign.form', name: 'feign-form-spring', version: '3.8.0'
   implementation "com.github.ben-manes.caffeine:caffeine:2.7.0"
   implementation "org.apache.httpcomponents:httpclient:4.5.13"
 
-
   implementation group: 'javax.inject', name: 'javax.inject', version: '1'
   implementation group: 'org.modelmapper', name: 'modelmapper', version: '2.3.7'
   implementation 'uk.gov.service.notify:notifications-java-client:3.15.1-RELEASE'

src/test/java/uk/gov/hmcts/reform/managecase/api/controller/NoticeOfChangeControllerTest.java

@@ -147,7 +147,7 @@ static class BaseMvcTest {
     @Nested
     @DisplayName("GET /noc/noc-questions")
     @SuppressWarnings({"PMD.AvoidDuplicateLiterals", "PMD.JUnitTestsShouldIncludeAssert", "PMD.ExcessiveImports"})
-    class GetNoticeOfChangeQuestions extends BaseMvcTest {
+    class GetNoticeOfChangeQuestions {
 
         @Nested
         @DisplayName("GET /noc/noc-questions")