search

finos / traderX

https://demo.traderx.finos.org/
Apache License 2.0
54 stars 60 forks source link

Upgrade to spring boot 3.3 and fix CVEs breaking the CVE scan #216

Closed DovOps closed 2 months ago

DovOps commented 2 months ago

THIS SOFTWARE IS CONTRIBUTED SUBJECT TO THE TERMS OF THE FINOS Corporate Contributor License Agreement.

THIS SOFTWARE IS LICENSED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OF NON-INFRINGEMENT, ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. THIS SOFTWARE MAY BE REDISTRIBUTED TO OTHERS ONLY BY EFFECTIVELY USING THIS OR ANOTHER EQUIVALENT DISCLAIMER IN ADDITION TO ANY OTHER REQUIRED LICENSE TERMS.

Fixed JS CVE by suppressing bootstrap, and migrated to spring boot 3.3 to address CVEs on the Spring side Credit to @TeamModerne on the spring side as changes were made using OpenRewrite recipes for Spring boot upgrade (but the LST was outdated, so these were manually applied)

netlify[bot] commented 2 months ago

Deploy Preview for lucky-concha-f3599f canceled.

Name Link
Latest commit c367c748cdd88ba67cb070d169a196bec0074f0d
Latest deploy log https://app.netlify.com/sites/lucky-concha-f3599f/deploys/66d7f91ed946f900088ee670