From 1cdeba08b6706b1388c25ae1b4602ae61b073856 Mon Sep 17 00:00:00 2001
From: binduak <tbindu@thoughtworks.com>
Date: Tue, 5 Dec 2023 14:17:36 +0530
Subject: [PATCH 1/3] Bindu |Fix Critical and High security vulnerabilities
 with the spring boot version

---
 pom.xml | 46 +++++++++++++++++++++++++++++-----------------
 1 file changed, 29 insertions(+), 17 deletions(-)

diff --git a/pom.xml b/pom.xml
index b8c96ab..922a57b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -5,7 +5,7 @@
 	<parent>
 		<groupId>org.springframework.boot</groupId>
 		<artifactId>spring-boot-starter-parent</artifactId>
-		<version>2.7.13</version>
+		<version>2.7.18</version>
 		<relativePath/> <!-- lookup parent from repository -->
 	</parent>
 	<groupId>org.bahmni</groupId>
@@ -15,7 +15,10 @@
 	<description>event-router-service</description>
 	<properties>
 		<java.version>17</java.version>
-		<camel-spring-boot.version>3.20.6</camel-spring-boot.version>
+		<camel-spring-boot.version>3.21.2</camel-spring-boot.version>
+		<grpc.protobuf.version>1.53.0</grpc.protobuf.version>
+		<log4j.slf4j.version>2.17.1</log4j.slf4j.version>
+
 	</properties>
 	<dependencies>
 
@@ -28,10 +31,21 @@
 					<groupId>org.yaml</groupId>
 					<artifactId>snakeyaml</artifactId>
 				</exclusion>
+				<exclusion>
+					<groupId>org.apache.logging.log4j</groupId>
+					<artifactId>log4j-to-slf4j</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>ch.qos.logback</groupId>
+					<artifactId>logback-classic</artifactId>
+				</exclusion>
 			</exclusions>
 		</dependency>
-
-		<!-- Lombok dependency -->
+		<dependency>
+			<groupId>org.apache.logging.log4j</groupId>
+			<artifactId>log4j-slf4j-impl</artifactId>
+			<version>${log4j.slf4j.version}</version>
+		</dependency>
 		<dependency>
 			<groupId>org.projectlombok</groupId>
 			<artifactId>lombok</artifactId>
@@ -67,6 +81,17 @@
 		<dependency>
 			<groupId>org.apache.camel.springboot</groupId>
 			<artifactId>camel-google-pubsub-starter</artifactId>
+			<exclusions>
+				<exclusion>
+					<groupId>io.grpc</groupId>
+					<artifactId>grpc-protobuf</artifactId>
+				</exclusion>
+			</exclusions>
+		</dependency>
+		<dependency>
+			<groupId>io.grpc</groupId>
+			<artifactId>grpc-protobuf</artifactId>
+			<version>${grpc.protobuf.version}</version>
 		</dependency>
 
 		<dependency>
@@ -117,19 +142,6 @@
 				<version>${camel-spring-boot.version}</version>
 				<type>pom</type>
 				<scope>import</scope>
-				<exclusions>
-					<exclusion>
-						<groupId>org.apache.activemq</groupId>
-						<artifactId>activemq-openwire-legacy</artifactId>
-					</exclusion>
-				</exclusions>
-			</dependency>
-			<dependency>
-				<groupId>org.apache.activemq</groupId>
-				<artifactId>activemq-openwire-legacy</artifactId>
-				<version>5.16.7</version>
-				<type>pom</type>
-				<scope>import</scope>
 			</dependency>
 		</dependencies>
 	</dependencyManagement>

From ce13934cc372fbdd2f830233a548d8cff7f44c4c Mon Sep 17 00:00:00 2001
From: binduak <tbindu@thoughtworks.com>
Date: Tue, 5 Dec 2023 14:30:32 +0530
Subject: [PATCH 2/3] Bindu | Update the trivyignore with medium
 vulnerabilities

---
 .trivyignore | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.trivyignore b/.trivyignore
index be8035e..01cb156 100644
--- a/.trivyignore
+++ b/.trivyignore
@@ -1 +1,4 @@
-CVE-2023-39017
\ No newline at end of file
+# Ignoring the below vulnerabilities, to be reviewed later
+CVE-2023-39017
+CVE-2023-2976 Medium
+CVE-2023-33201 Medium

From 742883a8352ff502a63b387897d562cd77606131 Mon Sep 17 00:00:00 2001
From: Umair Fayaz <59157924+umair-fayaz@users.noreply.github.com>
Date: Tue, 5 Dec 2023 14:33:08 +0530
Subject: [PATCH 3/3] Apply suggestions from code review

---
 .trivyignore | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.trivyignore b/.trivyignore
index 01cb156..6e51a5c 100644
--- a/.trivyignore
+++ b/.trivyignore
@@ -1,4 +1,4 @@
 # Ignoring the below vulnerabilities, to be reviewed later
 CVE-2023-39017
-CVE-2023-2976 Medium
-CVE-2023-33201 Medium
+CVE-2023-2976 #Medium
+CVE-2023-33201 #Medium