issue_863: Updated gradle plugins version, fixed more vulnerabilities…

…, now figuring what to do with the remaining vulnerabilities.

HIRS_AttestationCA/build.gradle

@@ -1,5 +1,5 @@
 plugins {
-    id 'io.spring.dependency-management' version '1.1.2'
+    id 'io.spring.dependency-management' version '1.1.7'
     id 'com.google.protobuf' version '0.9.4'
 }
 
@@ -13,7 +13,6 @@ dependencies {
     implementation project(':HIRS_Utils')
     implementation project(':HIRS_Structs')
 
-
     implementation libs.bouncycastle
     implementation libs.commons.codec
     implementation libs.commons.io
@@ -27,19 +26,15 @@ dependencies {
     implementation libs.minimal.json
 
     // pull the pci dependency and ...
-    implementation(libs.pci) {
-        // explicitly exclude the default apache http client transitive dependency
-        exclude group: 'org.apache.httpcomponents', module: 'httpclient'
-    }
+    implementation libs.pci
     // and explicitly include the patched version of the apache http client dependency
     implementation libs.apacheHttpClient
 
     implementation libs.protobuf.java
     implementation libs.spring.boot.starter.data.jpa
     implementation libs.spring.retry
-
-    // pull the spring-boot-starter-web dependency and ...
-    implementation(libs.spring.boot.starter.web)
+    implementation libs.spring.boot.starter.web
+    implementation libs.spring.framework.webmvc
 
     compileOnly libs.lombok
     annotationProcessor libs.lombok

HIRS_AttestationCAPortal/build.gradle

@@ -1,9 +1,9 @@
 plugins {
     id 'application'
     id 'war'
-    id 'com.netflix.nebula.ospackage' version '11.8.0'
-    id 'org.springframework.boot' version '3.0.8'
-    id 'io.spring.dependency-management' version '1.1.2'
+    id 'com.netflix.nebula.ospackage' version '11.10.0'
+    id 'org.springframework.boot' version '3.0.13'
+    id 'io.spring.dependency-management' version '1.1.7'
 }
 
 // Get version from main project gradle
@@ -37,18 +37,13 @@ dependencies {
     implementation libs.jakarta.xml
 
     // pull the pci dependency and ...
-    implementation(libs.pci) {
-        // explicitly exclude the default apache http client transitive dependency
-        exclude group: 'org.apache.httpcomponents', module: 'httpclient'
-    }
+    implementation libs.pci
     // and explicitly include the patched version of the apache http client dependency
     implementation libs.apacheHttpClient
 
     implementation libs.mariadb.java.client
-
-    // pull the spring-boot-starter-web dependency and ...
-    implementation(libs.spring.boot.starter.web)
-
+    implementation libs.spring.boot.starter.web
+    //implementation libs.spring.framework.webmvc
     implementation libs.spring.boot.starter.validation
     implementation libs.spring.boot.starter.data.jpa
     implementation libs.spring.boot.starter.log4j2
@@ -64,7 +59,6 @@ dependencies {
 
     testCompileOnly libs.lombok
     testAnnotationProcessor libs.lombok
-
 }
 
 test {

HIRS_Utils/build.gradle

@@ -25,10 +25,7 @@ dependencies {
     implementation libs.minimal.json
 
     // pull the pci dependency and ...
-    implementation(libs.pci) {
-        // explicitly exclude the default apache http client transitive dependency
-        exclude group: 'org.apache.httpcomponents', module: 'httpclient'
-    }
+    implementation libs.pci
     // and explicitly include the patched version of the apache http client dependency
     implementation libs.apacheHttpClient
 

build.gradle

@@ -6,7 +6,7 @@ plugins {
     // Apply the application plugin to add support for building a CLI application in Java.
     id 'application'
     id 'checkstyle'
-    id 'com.github.spotbugs' version '6.0.4' apply false
+    id 'com.github.spotbugs' version '6.0.13' apply false
     id 'java'
 }
 

gradle/versions.toml

@@ -20,8 +20,8 @@ ospackageVersion = "11.2.0"
 pciVersion = "0.3"
 protobufJavaVersion = "4.28.3"
 springBootVersion = "3.4.0"
-springRetryVersion = "2.0.10"
 springCoreVersion = "6.2.1"
+springRetryVersion = "2.0.10"
 testngVersion = "7.10.2"
 tomcatVersion = "10.1.33"
 
@@ -58,8 +58,7 @@ spring-boot-starter-log4j2 = { module = "org.springframework.boot:spring-boot-st
 spring-boot-starter-tomcat = { module = "org.springframework.boot:spring-boot-starter-tomcat", version.ref = "springBootVersion" }
 spring-boot-starter-validation = { module = "org.springframework.boot:spring-boot-starter-validation", version.ref = "springBootVersion" }
 spring-boot-starter-web = { module = "org.springframework.boot:spring-boot-starter-web", version.ref = "springBootVersion" }
-#spring-framework-webmvc = { module = "org.springframework:spring-webmvc", version.ref = "springCoreVersion" }
-#spring-framework-web = { module = "org.springframework:spring-web", version.ref = "springCoreVersion" }
+spring-framework-webmvc = { module = "org.springframework:spring-webmvc", version.ref = "springCoreVersion" }
 spring-retry = { module = "org.springframework.retry:spring-retry", version.ref = "springRetryVersion" }
 tomcat-embed-jasper = { module = "org.apache.tomcat.embed:tomcat-embed-jasper", version.ref = "tomcatVersion" }
 testng = { module = "org.testng:testng", version.ref = "testngVersion" }

tools/tcg_rim_tool/build.gradle

@@ -1,6 +1,6 @@
 plugins {
-    id 'com.netflix.nebula.ospackage' version '11.4.0'
-    id 'com.intershop.gradle.jaxb' version '5.1.0'
+    id 'com.netflix.nebula.ospackage' version '11.10.0'
+    id 'com.intershop.gradle.jaxb' version '7.0.1'
 }
 
 // Get version from main project gradle
@@ -10,7 +10,6 @@ def jarVersion = properties.get("jarVersion");
 dependencies {
     implementation project(':HIRS_Utils')
 
-
     implementation libs.bouncycastle
     implementation libs.commons.codec
     implementation libs.glassfish.jakarta.json