Skip to content

Commit 1e20957

Browse files
Add userMetadata (#874)
* Add userMetadata * update dependecies * Fix OWASP dependency check rate-limiting and H2 corruption in CI/CD * Revert "Fix OWASP dependency check rate-limiting and H2 corruption in CI/CD" This reverts commit f9100f0. * test
1 parent edff083 commit 1e20957

5 files changed

Lines changed: 17 additions & 2 deletions

File tree

.github/workflows/cve-scanning-gradle.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,4 +31,6 @@ jobs:
3131
- name: CVEs
3232
# Using --no-daemon is a good practice in CI environments
3333
# It prevents potential conflicts or statefulness between job runs.
34+
env:
35+
NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
3436
run: ./gradlew dependencyCheckAggregate --no-daemon -PdependencyCheck.nvd.apiKey=${{ secrets.NVD_API_KEY }}

build.gradle

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -61,4 +61,11 @@ repositories {
6161
dependencyCheck {
6262
failBuildOnCVSS=5
6363
suppressionFile="./allow-list.xml"
64+
data {
65+
directory = "${buildDir}/dependency-check-data"
66+
}
67+
nvd {
68+
apiKey = System.getenv("NVD_API_KEY") ?: (project.findProperty("dependencyCheck.nvd.apiKey") ?: "")
69+
delay = apiKey ? 2000 : 16000
70+
}
6471
}

symphony-bdk-bom/build.gradle

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@ dependencies {
2424
// import Log4j's BOM
2525
api platform('org.apache.logging.log4j:log4j-bom:2.26.0')
2626
// override Netty (Spring Boot 3.5.14 ships 4.1.132 which is still vulnerable to CVE-2026-41417)
27-
api platform('io.netty:netty-bom:4.1.133.Final')
27+
api platform('io.netty:netty-bom:4.1.134.Final')
2828

2929
// define all our dependencies versions
3030
constraints {
@@ -45,6 +45,11 @@ dependencies {
4545

4646
// External dependencies
4747

48+
// override Tomcat (Spring Boot 3.5.14 ships 10.1.54 which is vulnerable to multiple CVEs)
49+
api 'org.apache.tomcat.embed:tomcat-embed-core:10.1.55'
50+
api 'org.apache.tomcat.embed:tomcat-embed-el:10.1.55'
51+
api 'org.apache.tomcat.embed:tomcat-embed-websocket:10.1.55'
52+
4853
api 'org.apiguardian:apiguardian-api:1.1.2'
4954

5055
api 'org.slf4j:slf4j-api:2.0.9'

symphony-bdk-core/build.gradle

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -78,7 +78,7 @@ dependencies {
7878
}
7979

8080
// OpenAPI code generation
81-
def apiBaseUrl = "https://raw.githubusercontent.com/finos/symphony-api-spec/332b01730c016a26277d89c6525398df20b17613"
81+
def apiBaseUrl = "https://raw.githubusercontent.com/finos/symphony-api-spec/d369d95254d6df3451d053340b1b25478b95e57b"
8282
def generatedFolder = "$buildDir/generated/openapi"
8383
def apisToGenerate = [
8484
Agent: 'agent/agent-api-public-deprecated.yaml',

symphony-bdk-core/src/main/java/com/symphony/bdk/core/service/user/mapper/UserDetailMapper.java

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,5 +22,6 @@ public interface UserDetailMapper {
2222
@Mapping(target = "userAttributes.instrument", ignore = true)
2323
@Mapping(target = "userAttributes.currentKey", ignore = true)
2424
@Mapping(target = "userAttributes.previousKey", ignore = true)
25+
@Mapping(target = "userAttributes.userMetadata", ignore = true)
2526
V2UserDetail userDetailToV2UserDetail(UserDetail userDetail);
2627
}

0 commit comments

Comments
 (0)