CDPS-1054: Dependencies updated to resolve security vulnerabilities. (#5)

Author: mtac50

.github/workflows/security_owasp.yml

@@ -8,5 +8,5 @@ jobs:
     name: Kotlin security OWASP dependency check
     uses: ministryofjustice/hmpps-github-actions/.github/workflows/security_owasp.yml@v0.7 # WORKFLOW_VERSION
     with:
-      channel_id: C04JFG3QJE6
+      channel_id: ${{ vars.SECURITY_ALERTS_SLACK_CHANNEL_ID || 'NO_SLACK' }}
     secrets: inherit

.github/workflows/security_trivy.yml

@@ -8,5 +8,5 @@ jobs:
     name: Project security trivy dependency check
     uses: ministryofjustice/hmpps-github-actions/.github/workflows/security_trivy.yml@v0.7 # WORKFLOW_VERSION
     with:
-      channel_id: C04JFG3QJE6
+      channel_id: ${{ vars.SECURITY_ALERTS_SLACK_CHANNEL_ID || 'NO_SLACK' }}
     secrets: inherit

.github/workflows/security_veracode_pipeline_scan.yml

@@ -8,5 +8,5 @@ jobs:
     name: Project security veracode pipeline scan
     uses: ministryofjustice/hmpps-github-actions/.github/workflows/security_veracode_pipeline_scan.yml@v0.7 # WORKFLOW_VERSION
     with:
-      channel_id: C04JFG3QJE6
+      channel_id: ${{ vars.SECURITY_ALERTS_SLACK_CHANNEL_ID || 'NO_SLACK' }}
     secrets: inherit

.github/workflows/security_veracode_policy_scan.yml

@@ -8,5 +8,5 @@ jobs:
     name: Project security veracode policy scan
     uses: ministryofjustice/hmpps-github-actions/.github/workflows/security_veracode_policy_scan.yml@v0.7 # WORKFLOW_VERSION
     with:
-      channel_id: C04JFG3QJE6
+      channel_id: ${{ vars.SECURITY_ALERTS_SLACK_CHANNEL_ID || 'NO_SLACK' }}
     secrets: inherit

build.gradle.kts

@@ -1,20 +1,20 @@
 plugins {
-  id("uk.gov.justice.hmpps.gradle-spring-boot") version "6.0.6"
-  kotlin("plugin.spring") version "2.0.20"
+  id("uk.gov.justice.hmpps.gradle-spring-boot") version "6.0.9"
+  kotlin("plugin.spring") version "2.0.21"
 }
 
 configurations {
   testImplementation { exclude(group = "org.junit.vintage") }
 }
 
 dependencies {
-  implementation("uk.gov.justice.service.hmpps:hmpps-kotlin-spring-boot-starter:1.0.7")
+  implementation("uk.gov.justice.service.hmpps:hmpps-kotlin-spring-boot-starter:1.0.8")
   implementation("org.springframework.boot:spring-boot-starter-webflux")
   implementation("org.springdoc:springdoc-openapi-starter-webmvc-ui:2.6.0")
 
-  testImplementation("uk.gov.justice.service.hmpps:hmpps-kotlin-spring-boot-starter-test:1.0.7")
+  testImplementation("uk.gov.justice.service.hmpps:hmpps-kotlin-spring-boot-starter-test:1.0.8")
   testImplementation("org.wiremock:wiremock-standalone:3.9.1")
-  testImplementation("io.swagger.parser.v3:swagger-parser:2.1.22") {
+  testImplementation("io.swagger.parser.v3:swagger-parser:2.1.24") {
     exclude(group = "io.swagger.core.v3")
   }
 }

helm_deploy/hmpps-person-integration-api/Chart.yaml

@@ -5,8 +5,8 @@ name: hmpps-person-integration-api
 version: 0.2.0
 dependencies:
   - name: generic-service
-    version: "3.6"
+    version: "3.7"
     repository: https://ministryofjustice.github.io/hmpps-helm-charts
   - name: generic-prometheus-alerts
-    version: "1.10"
+    version: "1.11"
     repository: https://ministryofjustice.github.io/hmpps-helm-charts