File tree Expand file tree Collapse file tree
src/main/java/com/symphony/bdk/core/service/user/mapper Expand file tree Collapse file tree Original file line number Diff line number Diff line change 3131 - name : CVEs
3232 # Using --no-daemon is a good practice in CI environments
3333 # It prevents potential conflicts or statefulness between job runs.
34+ env :
35+ NVD_API_KEY : ${{ secrets.NVD_API_KEY }}
3436 run : ./gradlew dependencyCheckAggregate --no-daemon -PdependencyCheck.nvd.apiKey=${{ secrets.NVD_API_KEY }}
Original file line number Diff line number Diff line change @@ -61,4 +61,11 @@ repositories {
6161dependencyCheck {
6262 failBuildOnCVSS= 5
6363 suppressionFile= " ./allow-list.xml"
64+ data {
65+ directory = " ${ buildDir} /dependency-check-data"
66+ }
67+ nvd {
68+ apiKey = System . getenv(" NVD_API_KEY" ) ?: (project. findProperty(" dependencyCheck.nvd.apiKey" ) ?: " " )
69+ delay = apiKey ? 2000 : 16000
70+ }
6471}
Original file line number Diff line number Diff line change @@ -24,7 +24,7 @@ dependencies {
2424 // import Log4j's BOM
2525 api platform(' org.apache.logging.log4j:log4j-bom:2.26.0' )
2626 // override Netty (Spring Boot 3.5.14 ships 4.1.132 which is still vulnerable to CVE-2026-41417)
27- api platform(' io.netty:netty-bom:4.1.133 .Final' )
27+ api platform(' io.netty:netty-bom:4.1.134 .Final' )
2828
2929 // define all our dependencies versions
3030 constraints {
@@ -45,6 +45,11 @@ dependencies {
4545
4646 // External dependencies
4747
48+ // override Tomcat (Spring Boot 3.5.14 ships 10.1.54 which is vulnerable to multiple CVEs)
49+ api ' org.apache.tomcat.embed:tomcat-embed-core:10.1.55'
50+ api ' org.apache.tomcat.embed:tomcat-embed-el:10.1.55'
51+ api ' org.apache.tomcat.embed:tomcat-embed-websocket:10.1.55'
52+
4853 api ' org.apiguardian:apiguardian-api:1.1.2'
4954
5055 api ' org.slf4j:slf4j-api:2.0.9'
Original file line number Diff line number Diff line change @@ -78,7 +78,7 @@ dependencies {
7878}
7979
8080// OpenAPI code generation
81- def apiBaseUrl = " https://raw.githubusercontent.com/finos/symphony-api-spec/332b01730c016a26277d89c6525398df20b17613 "
81+ def apiBaseUrl = " https://raw.githubusercontent.com/finos/symphony-api-spec/d369d95254d6df3451d053340b1b25478b95e57b "
8282def generatedFolder = " $buildDir /generated/openapi"
8383def apisToGenerate = [
8484 Agent : ' agent/agent-api-public-deprecated.yaml' ,
Original file line number Diff line number Diff line change @@ -22,5 +22,6 @@ public interface UserDetailMapper {
2222 @ Mapping (target = "userAttributes.instrument" , ignore = true )
2323 @ Mapping (target = "userAttributes.currentKey" , ignore = true )
2424 @ Mapping (target = "userAttributes.previousKey" , ignore = true )
25+ @ Mapping (target = "userAttributes.userMetadata" , ignore = true )
2526 V2UserDetail userDetailToV2UserDetail (UserDetail userDetail );
2627}
You can’t perform that action at this time.
0 commit comments