From c0e61aea9e154f37c068b1bbd1edac7ebb8b4fe7 Mon Sep 17 00:00:00 2001
From: Rahul Ramesh <rahul.ramesh@thoughtworks.com>
Date: Tue, 10 Sep 2024 11:45:23 +0530
Subject: [PATCH] [Rahul] | BAH-3927 | Fix. Known Security Vulnerabilites In
 SMS Service

---
 .gitignore                |  1 +
 build.gradle              | 21 ++++++++++++++++-----
 package/docker/Dockerfile |  2 +-
 3 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/.gitignore b/.gitignore
index 873c41f6..81f7af2d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,3 +6,4 @@ build/
 *.aar
 *.war
 !gradle-wrapper.jar
+.idea/
diff --git a/build.gradle b/build.gradle
index 5f78036b..fabc921f 100644
--- a/build.gradle
+++ b/build.gradle
@@ -1,5 +1,5 @@
 plugins {
-    id 'org.springframework.boot' version '2.7.5'
+    id 'org.springframework.boot' version '2.7.18'
     id 'io.spring.dependency-management' version '1.1.0'
     id 'java'
 }
@@ -30,14 +30,25 @@ dependencies {
     implementation group: 'io.springfox', name: 'springfox-boot-starter', version: '3.0.0'
     implementation 'org.springframework.boot:spring-boot-starter-security'
     implementation 'org.springframework.boot:spring-boot-starter-web'
+    implementation 'org.springframework.boot:spring-boot-starter-webflux'
+    implementation 'org.springframework.boot:spring-boot-starter-validation'
+    implementation 'org.springframework:spring-expression:5.3.39'
+    implementation 'org.springframework:spring-web:5.3.39'
+    implementation 'org.springframework.security:spring-security-core:5.7.12'
     implementation 'io.jsonwebtoken:jjwt-api:0.11.2'
     runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.11.2'
     runtimeOnly 'io.jsonwebtoken:jjwt-jackson:0.11.2'
-    implementation 'org.springframework.boot:spring-boot-starter-webflux'
-    implementation 'com.google.guava:guava:29.0-jre'
-    implementation 'org.springframework.boot:spring-boot-starter-validation'
+    implementation 'com.google.guava:guava:32.0.0-android'
     implementation 'org.apache.httpcomponents:httpclient:4.5.12'
-    implementation 'org.json:json:20211205'
+    implementation 'org.json:json:20231013'
+    implementation 'org.apache.httpcomponents:httpclient:4.5.13'
+    implementation 'io.netty:netty-codec-http:4.1.108.Final'
+    implementation 'ch.qos.logback:logback-core:1.2.13'
+    implementation 'org.yaml:snakeyaml:2.0'
+    implementation 'org.apache.tomcat.embed:tomcat-embed-websocket:9.0.90'
+    implementation 'org.apache.tomcat.embed:tomcat-embed-core:9.0.90'
+    implementation 'ch.qos.logback:logback-classic:1.2.13'
+    implementation 'io.github.classgraph:classgraph:4.8.112'
     compileOnly 'org.projectlombok:lombok'
     annotationProcessor 'org.projectlombok:lombok'
     testImplementation('org.springframework.boot:spring-boot-starter-test') {
diff --git a/package/docker/Dockerfile b/package/docker/Dockerfile
index ca789c32..737f6d36 100644
--- a/package/docker/Dockerfile
+++ b/package/docker/Dockerfile
@@ -1,4 +1,4 @@
-FROM amazoncorretto:11.0.18
+FROM amazoncorretto:11
 RUN yum install openssl -y
 COPY package/docker/generate_token.sh /home/
 COPY package/docker/sms-startup.sh /