Upgrade to spring boot 3.4 (#11318)

* upgrade to spring boot 3.4

* fix critical and high vulnerabilities

* fix vulnerability with commons-io

* fix mysql connector vulnerability

* fix security integration tests

* add back test scopes

* remove conflicting dependencies

---------

Co-authored-by: Bryan Lai <[email protected]>

Author: gblaih

pom.xml

@@ -7,7 +7,7 @@
 	<parent>
 		<groupId>org.springframework.boot</groupId>
 		<artifactId>spring-boot-starter-parent</artifactId>
-		<version>3.1.4</version>
+		<version>3.4.1</version>
 	</parent>
 
 	<groupId>org.cbioportal</groupId>
@@ -38,6 +38,7 @@
 
 		<jackson.version>2.12.5</jackson.version>
 		<mysql-connector.version>8.0.28</mysql-connector.version>
+        <mysql.version>8.2.0</mysql.version>
 		<springfox.version>3.0.0</springfox.version>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 		<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
@@ -72,14 +73,14 @@
 
 		<!-- Unknown -->
 		<io.swagger.version>1.6.3</io.swagger.version>
-		<mybatis.starter.version>3.0.2</mybatis.starter.version>
+		<mybatis.starter.version>3.0.4</mybatis.starter.version>
 		<testcontainers.version>1.19.4</testcontainers.version>
 		<mockserver.version>5.15.0</mockserver.version>
 		<opensaml.version>4.1.1</opensaml.version>
 
 
 		<!-- Third Party -->
-		<redisson.version>3.13.2</redisson.version>
+		<redisson.version>3.22.0</redisson.version>
 		<commons-math3.version>3.6.1</commons-math3.version>
 		<springdoc.version>2.2.0</springdoc.version>
 		<apache-commons-collections.version>4.4</apache-commons-collections.version>
@@ -93,13 +94,12 @@
 		<json_simple.version>1.1.1</json_simple.version>
 		<mongo_java_driver.version>3.12.14</mongo_java_driver.version>
 		<datumbox.version>0.8.2</datumbox.version>
-		<mysql_driver.version>8.0.33</mysql_driver.version>
 		<dasniko-testcontainer-keycloak.version>3.2.0</dasniko-testcontainer-keycloak.version>
 		<selenium_chrome_driver.version>3.14.0</selenium_chrome_driver.version>
         <selenium.version>4.17.0</selenium.version>
 		<sentry.version>7.1.0</sentry.version>
-        <apache_httpclient.version>5.2.1</apache_httpclient.version>
         <clickhouse_testcontainer.version>1.19.7</clickhouse_testcontainer.version>
+        <bouncy_castle.version>1.78</bouncy_castle.version>
 
 
 		<!-- No sure what these are for -->
@@ -211,6 +211,12 @@
 			<groupId>com.github.romain-warnan</groupId>
 			<artifactId>simple-java-bitly</artifactId>
 			<version>${simple_java_bitly.version}</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.apache.httpcomponents</groupId>
+                    <artifactId>httpclient</artifactId>
+                </exclusion>
+            </exclusions>
 		</dependency>
 		<dependency>
 			<groupId>org.ehcache</groupId>
@@ -249,11 +255,11 @@
             <artifactId>jwks-rsa</artifactId>
             <version>0.22.1</version>
         </dependency>
-		<dependency>
-			<groupId>mysql</groupId>
-			<artifactId>mysql-connector-java</artifactId>
-			<version>${mysql_driver.version}</version>
-		</dependency>
+        <dependency>
+            <groupId>com.mysql</groupId>
+            <artifactId>mysql-connector-j</artifactId>
+            <version>${mysql.version}</version>
+        </dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-thymeleaf</artifactId>
@@ -351,7 +357,6 @@
         <dependency>
             <groupId>org.apache.httpcomponents.client5</groupId>
             <artifactId>httpclient5</artifactId>
-            <version>${apache_httpclient.version}</version>
             <scope>test</scope>
         </dependency>
 

src/main/resources/org/cbioportal/persistence/mybatis/ClinicalEventMapper.xml

@@ -228,9 +228,9 @@
                         clinical_event.EVENT_TYPE = #{element.eventType}
                     </if>
                     <if test="element.attributes != null and !element.attributes.isEmpty()">
-                        (clinical_event.EVENT_TYPE, clinical_event_data.KEY, clinical_event_data.VALUE) IN
+                        (CONCAT(clinical_event.EVENT_TYPE, '_', clinical_event_data.KEY, '_', clinical_event_data.VALUE)) IN
                         <foreach item="attribute" collection="element.attributes" open="(" separator="," close=")">
-                            (#{element.eventType}, #{attribute.key}, #{attribute.value})
+                            CONCAT(#{element.eventType}, '_', #{attribute.key}, '_', #{attribute.value})
                         </foreach>
                     </if>
                 </foreach>
@@ -291,9 +291,9 @@
                         clinical_event.EVENT_TYPE = #{element.eventType}
                     </if>
                     <if test="element.attributes != null and !element.attributes.isEmpty()">
-                        (clinical_event.EVENT_TYPE, clinical_event_data.KEY) IN
+                        (CONCAT(clinical_event.EVENT_TYPE, '_', clinical_event_data.KEY)) IN
                         <foreach item="attribute" collection="element.attributes" open="(" separator="," close=")">
-                            (#{element.eventType}, #{attribute.key})
+                            CONCAT(#{element.eventType}, '_', #{attribute.key})
                         </foreach>
                     </if>
                 </foreach>

src/test/java/org/cbioportal/persistence/mybatis/CopyNumberSegmentMyBatisRepositoryTest.java

@@ -181,16 +181,16 @@ public void fetchCopyNumberSegments() throws Exception {
             studyIds, sampleIds, "3", "SUMMARY");
 
         Assert.assertEquals(3, result0.size());
-        Assert.assertEquals("TCGA-A1-B0SO-01", result0.get(0).getSampleStableId());
+        Assert.assertEquals("TCGA-A1-A0SB-01", result0.get(0).getSampleStableId());
         Assert.assertEquals("TCGA-A1-A0SB-01", result0.get(1).getSampleStableId());
-        Assert.assertEquals("TCGA-A1-A0SB-01", result0.get(2).getSampleStableId());
+        Assert.assertEquals("TCGA-A1-B0SO-01", result0.get(2).getSampleStableId());
 
         Assert.assertEquals(1, result1.size());
         Assert.assertEquals("TCGA-A1-A0SB-01", result1.get(0).getSampleStableId());
 
         Assert.assertEquals(2, result2.size());
-        Assert.assertEquals("TCGA-A1-B0SO-01", result2.get(0).getSampleStableId());
-        Assert.assertEquals("TCGA-A1-A0SB-01", result2.get(1).getSampleStableId());
+        Assert.assertEquals("TCGA-A1-A0SB-01", result2.get(0).getSampleStableId());
+        Assert.assertEquals("TCGA-A1-B0SO-01", result2.get(1).getSampleStableId());
 
         Assert.assertEquals(0, result3.size());
     }

src/test/java/org/cbioportal/persistence/util/fakeclient/MockInMemoryRedissonClient.java

@@ -4,6 +4,7 @@
 import org.redisson.api.redisnode.BaseRedisNodes;
 import org.redisson.api.redisnode.RedisNodes;
 import org.redisson.client.codec.Codec;
+import org.redisson.codec.JsonCodec;
 import org.redisson.config.Config;
 
 import java.util.concurrent.ConcurrentHashMap;
@@ -32,12 +33,12 @@ public RKeys getKeys() {
     }
 
     @Override
-    public <V> RTimeSeries<V> getTimeSeries(String s) {
+    public <V, L> RTimeSeries<V, L> getTimeSeries(String s) {
         throw new UnsupportedOperationException(); 
     }
 
     @Override
-    public <V> RTimeSeries<V> getTimeSeries(String s, Codec codec) {
+    public <V, L> RTimeSeries<V, L> getTimeSeries(String s, Codec codec) {
         throw new UnsupportedOperationException(); 
     }
 
@@ -51,6 +52,16 @@ public <K, V> RStream<K, V> getStream(String s, Codec codec) {
         throw new UnsupportedOperationException(); 
     }
 
+    @Override
+    public RSearch getSearch() {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public RSearch getSearch(Codec codec) {
+        throw new UnsupportedOperationException();
+    }
+
     @Override
     public RRateLimiter getRateLimiter(String s) {
         throw new UnsupportedOperationException(); 
@@ -116,6 +127,11 @@ public RBuckets getBuckets(Codec codec) {
         throw new UnsupportedOperationException(); 
     }
 
+    @Override
+    public <V> RJsonBucket<V> getJsonBucket(String name, JsonCodec<V> codec) {
+        throw new UnsupportedOperationException();
+    }
+
     @Override
     public <V> RHyperLogLog<V> getHyperLogLog(String s) {
         throw new UnsupportedOperationException(); 
@@ -221,6 +237,21 @@ public RLock getLock(String s) {
         throw new UnsupportedOperationException(); 
     }
 
+    @Override
+    public RLock getSpinLock(String s) {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public RLock getSpinLock(String s, LockOptions.BackOff backOff) {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public RFencedLock getFencedLock(String s) {
+        throw new UnsupportedOperationException();
+    }
+
     @Override
     public RLock getMultiLock(RLock... rLocks) {
         throw new UnsupportedOperationException(); 
@@ -281,6 +312,16 @@ public RLexSortedSet getLexSortedSet(String s) {
         throw new UnsupportedOperationException(); 
     }
 
+    @Override
+    public RShardedTopic getShardedTopic(String s) {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public RShardedTopic getShardedTopic(String s, Codec codec) {
+        throw new UnsupportedOperationException();
+    }
+
     @Override
     public RTopic getTopic(String s) {
         throw new UnsupportedOperationException(); 
@@ -291,6 +332,16 @@ public RTopic getTopic(String s, Codec codec) {
         throw new UnsupportedOperationException(); 
     }
 
+    @Override
+    public RReliableTopic getReliableTopic(String s) {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public RReliableTopic getReliableTopic(String s, Codec codec) {
+        throw new UnsupportedOperationException();
+    }
+
     @Override
     public RPatternTopic getPatternTopic(String s) {
         throw new UnsupportedOperationException(); 
@@ -456,6 +507,21 @@ public <V> RBloomFilter<V> getBloomFilter(String s, Codec codec) {
         throw new UnsupportedOperationException(); 
     }
 
+    @Override
+    public RIdGenerator getIdGenerator(String s) {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public RFunction getFunction() {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public RFunction getFunction(Codec codec) {
+        throw new UnsupportedOperationException();
+    }
+
     @Override
     public RScript getScript() {
         throw new UnsupportedOperationException(); 
@@ -526,6 +592,16 @@ public RLiveObjectService getLiveObjectService() {
         throw new UnsupportedOperationException(); 
     }
 
+    @Override
+    public RedissonRxClient rxJava() {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public RedissonReactiveClient reactive() {
+        throw new UnsupportedOperationException();
+    }
+
     @Override
     public void shutdown() {