40cc2f62e3
## Description > [!TIP] > _Add a TL;DR when the description is longer than 500 words or extremely technical (helps the content, marketing, and DevRel team)._ > > _Please also include relevant motivation and context. List any dependencies that are required for this change. Add links to Notion, Figma or any other documents that might be relevant to the PR._ Fixes CVE-2025-48734 ## Automation /ok-to-test tags="@tag.Sanity" ### 🔍 Cypress test results <!-- This is an auto-generated comment: Cypress test results --> > [!TIP] > 🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉 > Workflow run: <https://github.com/appsmithorg/appsmith/actions/runs/17723760561> > Commit: d71d66e99980b66d47ed0f29311a62f915b00caf > <a href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=17723760561&attempt=4" target="_blank">Cypress dashboard</a>. > Tags: `@tag.Sanity` > Spec: > <hr>Mon, 15 Sep 2025 08:40:18 UTC <!-- end of auto-generated comment: Cypress test results --> ## Communication Should the DevRel and Marketing teams inform users about this change? - [ ] Yes - [ ] No <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Chores** * Upgraded the underlying input validation library to a newer version across server components to incorporate upstream fixes and improvements. * Improves overall stability and security with no expected changes to user-facing behavior. * Ensures continued compatibility with modern environments and reduces maintenance risks. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
476 lines
17 KiB
XML
476 lines
17 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
|
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
|
|
<modelVersion>4.0.0</modelVersion>
|
|
<parent>
|
|
<groupId>com.appsmith</groupId>
|
|
<artifactId>integrated</artifactId>
|
|
<version>1.0-SNAPSHOT</version>
|
|
</parent>
|
|
|
|
<artifactId>server</artifactId>
|
|
<version>1.0-SNAPSHOT</version>
|
|
<packaging>jar</packaging>
|
|
|
|
<name>server</name>
|
|
<description>This is the API server for the Appsmith project</description>
|
|
|
|
<properties>
|
|
<jmh.version>1.35</jmh.version>
|
|
<org.modelmapper.version>2.4.4</org.modelmapper.version>
|
|
</properties>
|
|
|
|
<dependencyManagement>
|
|
<dependencies>
|
|
<dependency>
|
|
<groupId>io.mongock</groupId>
|
|
<artifactId>mongock-bom</artifactId>
|
|
<version>5.1.7</version>
|
|
<type>pom</type>
|
|
<scope>import</scope>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>io.opentelemetry</groupId>
|
|
<artifactId>opentelemetry-bom</artifactId>
|
|
<version>1.43.0</version>
|
|
<type>pom</type>
|
|
<scope>import</scope>
|
|
</dependency>
|
|
</dependencies>
|
|
</dependencyManagement>
|
|
|
|
<dependencies>
|
|
<!--
|
|
Ideally this dependency should have been added in the pom.xml file of GraphQLPlugin module, but it is
|
|
causing 'java.lang.NoClassDefFoundError' error. Hence, adding it here after many attempts of fixing it the right
|
|
way. Somehow adding it here makes it work. GraphQLPlugin module's pom.xml file also has this dependency
|
|
defined with 'provided' scope
|
|
-->
|
|
<dependency>
|
|
<groupId>com.graphql-java</groupId>
|
|
<artifactId>graphql-java</artifactId>
|
|
<version>21.5</version>
|
|
<exclusions>
|
|
<exclusion>
|
|
<groupId>org.slf4j</groupId>
|
|
<artifactId>slf4j-api</artifactId>
|
|
</exclusion>
|
|
<exclusion>
|
|
<groupId>io.projectreactor</groupId>
|
|
<artifactId>reactor-core</artifactId>
|
|
</exclusion>
|
|
<exclusion>
|
|
<groupId>org.springframework</groupId>
|
|
<artifactId>spring-core</artifactId>
|
|
</exclusion>
|
|
<exclusion>
|
|
<groupId>org.springframework</groupId>
|
|
<artifactId>spring-web</artifactId>
|
|
</exclusion>
|
|
<exclusion>
|
|
<groupId>org.reactivestreams</groupId>
|
|
<artifactId>reactive-streams</artifactId>
|
|
</exclusion>
|
|
<exclusion>
|
|
<groupId>com.fasterxml.jackson.core</groupId>
|
|
<artifactId>*</artifactId>
|
|
</exclusion>
|
|
</exclusions>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.springframework.boot</groupId>
|
|
<artifactId>spring-boot-starter-cache</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.springframework.boot</groupId>
|
|
<artifactId>spring-boot-starter-security</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.springframework.security</groupId>
|
|
<artifactId>spring-security-oauth2-client</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.springframework.security</groupId>
|
|
<artifactId>spring-security-oauth2-jose</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.springframework.security</groupId>
|
|
<artifactId>spring-security-config</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.springframework.boot</groupId>
|
|
<artifactId>spring-boot-starter-webflux</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>io.projectreactor</groupId>
|
|
<artifactId>reactor-core-micrometer</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.springframework.boot</groupId>
|
|
<artifactId>spring-boot-starter-mail</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.springframework.boot</groupId>
|
|
<artifactId>spring-boot-starter-data-mongodb-reactive</artifactId>
|
|
</dependency>
|
|
<!-- need the non-reactive mongodb library also to support mongock: https://www.mongock.io/reactive -->
|
|
<dependency>
|
|
<groupId>org.springframework.boot</groupId>
|
|
<artifactId>spring-boot-starter-data-mongodb</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>io.mongock</groupId>
|
|
<artifactId>mongock-springboot-v3</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<!-- remove after mongock-springboot-v3 brings v32.0.1-jre at least -->
|
|
<groupId>com.google.guava</groupId>
|
|
<artifactId>guava</artifactId>
|
|
<version>32.0.1-jre</version>
|
|
</dependency>
|
|
|
|
<dependency>
|
|
<groupId>io.mongock</groupId>
|
|
<artifactId>mongodb-reactive-driver</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.springframework.boot</groupId>
|
|
<artifactId>spring-boot-starter-data-redis-reactive</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.springframework.session</groupId>
|
|
<artifactId>spring-session-data-redis</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.springframework.boot</groupId>
|
|
<artifactId>spring-boot-starter-aop</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>com.bucket4j</groupId>
|
|
<artifactId>bucket4j-redis</artifactId>
|
|
<version>8.3.0</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.hibernate.validator</groupId>
|
|
<artifactId>hibernate-validator</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.glassfish</groupId>
|
|
<artifactId>jakarta.el</artifactId>
|
|
<version>4.0.2</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.projectlombok</groupId>
|
|
<artifactId>lombok</artifactId>
|
|
<optional>true</optional>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>com.github.spullara.mustache.java</groupId>
|
|
<artifactId>compiler</artifactId>
|
|
<version>0.9.6</version>
|
|
</dependency>
|
|
|
|
<dependency>
|
|
<groupId>de.flapdoodle.embed</groupId>
|
|
<artifactId>de.flapdoodle.embed.mongo</artifactId>
|
|
<version>4.12.0</version>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>de.flapdoodle.embed</groupId>
|
|
<artifactId>de.flapdoodle.embed.mongo.spring30x</artifactId>
|
|
<version>4.11.0</version>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>commons-validator</groupId>
|
|
<artifactId>commons-validator</artifactId>
|
|
<version>1.10.0</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.springframework.boot</groupId>
|
|
<artifactId>spring-boot-starter-actuator</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>io.micrometer</groupId>
|
|
<artifactId>micrometer-registry-prometheus</artifactId>
|
|
</dependency>
|
|
<!-- https://mvnrepository.com/artifact/io.micrometer/micrometer-tracing-bridge-otel -->
|
|
<dependency>
|
|
<groupId>io.micrometer</groupId>
|
|
<artifactId>micrometer-tracing-bridge-otel</artifactId>
|
|
<version>1.3.5</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>io.opentelemetry</groupId>
|
|
<artifactId>opentelemetry-exporter-otlp</artifactId>
|
|
<version>1.43.0</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.junit.jupiter</groupId>
|
|
<artifactId>junit-jupiter-engine</artifactId>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.awaitility</groupId>
|
|
<artifactId>awaitility</artifactId>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
|
|
<!-- Needed for establishing pooled connections to ElastiCache Redis with cluster mode enabled. -->
|
|
<dependency>
|
|
<groupId>org.apache.commons</groupId>
|
|
<artifactId>commons-pool2</artifactId>
|
|
<version>2.11.1</version>
|
|
<scope>runtime</scope>
|
|
</dependency>
|
|
|
|
<dependency>
|
|
<groupId>org.junit.platform</groupId>
|
|
<artifactId>junit-platform-suite-engine</artifactId>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
|
|
<!-- For junit5 parameterised test support -->
|
|
<dependency>
|
|
<groupId>org.junit.jupiter</groupId>
|
|
<artifactId>junit-jupiter-params</artifactId>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
|
|
<dependency>
|
|
<groupId>org.bouncycastle</groupId>
|
|
<artifactId>bcprov-jdk18on</artifactId>
|
|
<version>1.78</version>
|
|
</dependency>
|
|
<!-- Only required to run junit5 test from IDE -->
|
|
<dependency>
|
|
<groupId>org.junit.platform</groupId>
|
|
<artifactId>junit-platform-launcher</artifactId>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
|
|
<!-- Plugin dependencies -->
|
|
<!-- This has to be declared BEFORE the com.appsmith:interfaces dependency. -->
|
|
<dependency>
|
|
<groupId>org.pf4j</groupId>
|
|
<artifactId>pf4j-spring</artifactId>
|
|
<version>0.8.0</version>
|
|
<exclusions>
|
|
<exclusion>
|
|
<groupId>commons-lang</groupId>
|
|
<artifactId>commons-lang</artifactId>
|
|
</exclusion>
|
|
</exclusions>
|
|
</dependency>
|
|
|
|
<dependency>
|
|
<groupId>org.pf4j</groupId>
|
|
<artifactId>pf4j</artifactId>
|
|
<version>${org.pf4j.version}</version>
|
|
<exclusions>
|
|
<exclusion>
|
|
<groupId>commons-lang</groupId>
|
|
<artifactId>commons-lang</artifactId>
|
|
</exclusion>
|
|
</exclusions>
|
|
</dependency>
|
|
|
|
<dependency>
|
|
<groupId>com.appsmith</groupId>
|
|
<artifactId>appsmith-git</artifactId>
|
|
<version>1.0-SNAPSHOT</version>
|
|
</dependency>
|
|
|
|
<!-- Appsmith dependencies -->
|
|
<dependency>
|
|
<groupId>com.appsmith</groupId>
|
|
<artifactId>interfaces</artifactId>
|
|
<version>1.0-SNAPSHOT</version>
|
|
</dependency>
|
|
|
|
<dependency>
|
|
<groupId>org.modelmapper</groupId>
|
|
<artifactId>modelmapper</artifactId>
|
|
<version>${org.modelmapper.version}</version>
|
|
</dependency>
|
|
|
|
<!-- API documentation dependency -->
|
|
<dependency>
|
|
<groupId>org.springdoc</groupId>
|
|
<artifactId>springdoc-openapi-starter-webflux-ui</artifactId>
|
|
<version>2.6.0</version>
|
|
</dependency>
|
|
|
|
<dependency>
|
|
<groupId>org.springframework.boot</groupId>
|
|
<artifactId>spring-boot-starter-test</artifactId>
|
|
<scope>test</scope>
|
|
<exclusions>
|
|
<!-- Exclude JUnit 4 -->
|
|
<exclusion>
|
|
<groupId>junit</groupId>
|
|
<artifactId>junit</artifactId>
|
|
</exclusion>
|
|
</exclusions>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.springframework.security</groupId>
|
|
<artifactId>spring-security-test</artifactId>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>io.projectreactor</groupId>
|
|
<artifactId>reactor-test</artifactId>
|
|
<version>${reactor-test.version}</version>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>com.segment.analytics.java</groupId>
|
|
<artifactId>analytics</artifactId>
|
|
<version>3.3.1</version>
|
|
<exclusions>
|
|
<exclusion>
|
|
<groupId>com.squareup.okhttp3</groupId>
|
|
<artifactId>okhttp</artifactId>
|
|
</exclusion>
|
|
</exclusions>
|
|
</dependency>
|
|
<!-- https://mvnrepository.com/artifact/com.squareup.okio/okio-jvm -->
|
|
<dependency>
|
|
<groupId>com.squareup.okhttp3</groupId>
|
|
<artifactId>okhttp</artifactId>
|
|
<scope>provided</scope>
|
|
</dependency>
|
|
|
|
<dependency>
|
|
<groupId>io.sentry</groupId>
|
|
<artifactId>sentry-spring-boot-starter-jakarta</artifactId>
|
|
<version>6.23.0</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.mockito</groupId>
|
|
<artifactId>mockito-inline</artifactId>
|
|
<version>${mockito.version}</version>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.jgrapht</groupId>
|
|
<artifactId>jgrapht-core</artifactId>
|
|
<version>1.5.0</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.apache.httpcomponents.client5</groupId>
|
|
<artifactId>httpclient5</artifactId>
|
|
</dependency>
|
|
|
|
<dependency>
|
|
<groupId>org.apache.commons</groupId>
|
|
<artifactId>commons-text</artifactId>
|
|
<version>1.10.0</version>
|
|
</dependency>
|
|
|
|
<dependency>
|
|
<groupId>commons-codec</groupId>
|
|
<artifactId>commons-codec</artifactId>
|
|
<version>1.17.1</version>
|
|
</dependency>
|
|
|
|
<dependency>
|
|
<groupId>com.appsmith</groupId>
|
|
<artifactId>reactiveCaching</artifactId>
|
|
<version>1.0-SNAPSHOT</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.openjdk.jmh</groupId>
|
|
<artifactId>jmh-core</artifactId>
|
|
<version>${jmh.version}</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.openjdk.jmh</groupId>
|
|
<artifactId>jmh-generator-annprocess</artifactId>
|
|
<version>${jmh.version}</version>
|
|
<scope>provided</scope>
|
|
</dependency>
|
|
<!-- https://mvnrepository.com/artifact/com.squareup.okhttp3/mockwebserver3 -->
|
|
<dependency>
|
|
<groupId>com.squareup.okhttp3</groupId>
|
|
<artifactId>mockwebserver3</artifactId>
|
|
<version>${mockwebserver.version}</version>
|
|
<scope>test</scope>
|
|
<exclusions>
|
|
<exclusion>
|
|
<groupId>com.squareup.okhttp3</groupId>
|
|
<artifactId>okhttp</artifactId>
|
|
</exclusion>
|
|
</exclusions>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.testcontainers</groupId>
|
|
<artifactId>junit-jupiter</artifactId>
|
|
<version>${testcontainers.version}</version>
|
|
<scope>test</scope>
|
|
<exclusions>
|
|
<exclusion>
|
|
<groupId>junit</groupId>
|
|
<artifactId>junit</artifactId>
|
|
</exclusion>
|
|
</exclusions>
|
|
</dependency>
|
|
<!-- We need this dependency only to ensure TestContainers work with JUnit5 -->
|
|
<dependency>
|
|
<groupId>io.quarkus</groupId>
|
|
<artifactId>quarkus-junit4-mock</artifactId>
|
|
<version>2.14.2.Final</version>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>com.fasterxml.jackson.datatype</groupId>
|
|
<artifactId>jackson-datatype-jsr310</artifactId>
|
|
<version>2.17.0</version>
|
|
</dependency>
|
|
</dependencies>
|
|
|
|
<repositories>
|
|
<repository>
|
|
<snapshots>
|
|
<enabled>false</enabled>
|
|
</snapshots>
|
|
<id>spring-milestones</id>
|
|
<name>Spring Milestones</name>
|
|
<url>https://repo.spring.io/milestone</url>
|
|
</repository>
|
|
<repository>
|
|
<snapshots>
|
|
<enabled>false</enabled>
|
|
</snapshots>
|
|
<id>jboss-maven2-release-repository</id>
|
|
<name>JBoss Spring Repository</name>
|
|
<url>https://repository.jboss.org/nexus/content/repositories/public/</url>
|
|
</repository>
|
|
</repositories>
|
|
|
|
<build>
|
|
<plugins>
|
|
<plugin>
|
|
<groupId>org.springframework.boot</groupId>
|
|
<artifactId>spring-boot-maven-plugin</artifactId>
|
|
</plugin>
|
|
|
|
<plugin>
|
|
<groupId>org.apache.maven.plugins</groupId>
|
|
<artifactId>maven-compiler-plugin</artifactId>
|
|
<version>3.10.1</version>
|
|
<configuration>
|
|
<compilerArgs>
|
|
<arg>-parameters</arg>
|
|
</compilerArgs>
|
|
<source>17</source>
|
|
<target>17</target>
|
|
</configuration>
|
|
</plugin>
|
|
</plugins>
|
|
</build>
|
|
|
|
</project>
|