update dependencies (#29)

build.gradle

@@ -3,14 +3,14 @@ import com.github.benmanes.gradle.versions.updates.DependencyUpdatesTask
 plugins {
     id 'org.springframework.boot' version "${springBootVersion}"
     id 'java'
-    id "org.cyclonedx.bom" version "1.7.4"
-    id "org.owasp.dependencycheck" version "8.4.0"
-    id "com.github.ben-manes.versions" version "0.49.0"
+    id "org.cyclonedx.bom" version "1.10.0"
+    id "org.owasp.dependencycheck" version "11.1.0"
+    id "com.github.ben-manes.versions" version "0.51.0"
 }
 apply plugin: 'io.spring.dependency-management'
 
 group 'de.novatec'
-version '2.2'
+version '2.3'
 
 java {
     sourceCompatibility = '17'
@@ -28,31 +28,23 @@ test {
 // current version due to existing CVEs.
 // According to https://github.com/spring-projects/spring-boot/issues/34405
 // this is a safe
-ext['snakeyaml.version'] = '2.0'
+ext['snakeyaml.version'] = '2.3'
 
 dependencies {
-    annotationProcessor(
-            "org.projectlombok:lombok"
-    )
-
-    compileOnly(
-            "org.projectlombok:lombok"
-    )
+    annotationProcessor("org.projectlombok:lombok:${lombokVersion}")
+    compileOnly("org.projectlombok:lombok:${lombokVersion}")
 
     implementation(
             "org.springframework.boot:spring-boot-starter-web",
             "org.springframework.boot:spring-boot-starter-actuator",
             "org.hibernate.validator:hibernate-validator",
-            "org.apache.commons:commons-math3:3.6.1",
-            "org.apache.commons:commons-text:1.10.0",
+            "org.apache.commons:commons-math3:${commonsMath3Version}",
+            "org.apache.commons:commons-text:${commonsTextVersion}",
 
-            // If indluxdb-java is updated, check new version of the transitive dependency okio-jvm
-            // If there is a higher new version, remove the dependency override of okio-jvm
             "org.influxdb:influxdb-java:${influxdbJavaVersion}",
-            // Override transitive dependency with newer version, due to security concerns
-            "com.squareup.okio:okio-jvm:${okioJvmVersion}"
     )
     testImplementation(
+            "org.springframework.boot:spring-boot-starter-test",
             "org.junit.jupiter:junit-jupiter",
             "org.assertj:assertj-core"
     )
@@ -66,6 +58,10 @@ dependencyCheck {
             enabled = true
         }
     }
+    nvd {
+        apiKey = System.getenv("NVD_API_TOKEN")
+        delay = 10000
+    }
 }
 
 def isNonStable = { String candidate ->

gradle.properties

@@ -1,7 +1,9 @@
 # Spring Boot
-springBootVersion=3.1.4
+springBootVersion=3.3.5
 
-# If indluxdb-java is updated, check new version of the transitive dependency okio-jvm
-# If there is a higher new version, remove the dependency override of okio-jvm
-influxdbJavaVersion=2.23
-okioJvmVersion=3.5.0
+influxdbJavaVersion=2.24
+
+commonsMath3Version=3.6.1
+commonsTextVersion=1.12.0
+
+lombokVersion=1.18.36

gradle/wrapper/gradle-wrapper.properties

@@ -1,6 +1,6 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.4-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.11-bin.zip
 networkTimeout=10000
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists

src/test/java/de/novatec/baselining/ApplicationTest.java

@@ -0,0 +1,13 @@
+package de.novatec.baselining;
+
+import org.junit.jupiter.api.Test;
+import org.springframework.boot.test.context.SpringBootTest;
+
+@SpringBootTest
+public class ApplicationTest {
+
+    @Test
+    void contextLoads() {
+        System.out.println("Spring context loads");
+    }
+}