From daef57f09de5b868b19a84e74003bea1dcdd1ed0 Mon Sep 17 00:00:00 2001
From: Harshit Kumar <harshit.kumar@traceable.ai>
Date: Mon, 5 Aug 2024 16:43:39 +0530
Subject: [PATCH 1/5] updated framework dep

---
 platform-http-service-framework/build.gradle.kts     | 12 ++++++------
 .../serviceframework/http/HttpHandlerDefinition.java |  4 ++--
 .../http/jetty/JettyHttpServerBuilder.java           |  4 ++--
 platform-metrics/build.gradle.kts                    | 12 ++++++------
 platform-service-framework/build.gradle.kts          |  8 +++-----
 .../core/serviceframework/PlatformService.java       |  6 +++---
 .../service/servlets/HealthCheckServlet.java         |  6 +++---
 .../service/servlets/JVMDiagnosticServlet.java       |  8 ++++----
 8 files changed, 29 insertions(+), 31 deletions(-)

diff --git a/platform-http-service-framework/build.gradle.kts b/platform-http-service-framework/build.gradle.kts
index 6de765c..b9ac362 100644
--- a/platform-http-service-framework/build.gradle.kts
+++ b/platform-http-service-framework/build.gradle.kts
@@ -7,17 +7,17 @@ dependencies {
   api(project(":platform-service-framework"))
   api("org.hypertrace.core.grpcutils:grpc-client-utils:0.13.4")
   api("com.typesafe:config:1.4.2")
-  api("javax.servlet:javax.servlet-api:4.0.1")
-  api("com.google.inject:guice:5.1.0")
+  api("jakarta.servlet:jakarta.servlet-api:6.0.0")
+  api("com.google.inject:guice:7.0.0")
   api(project(":service-framework-spi"))
 
   implementation(project(":platform-metrics"))
   implementation("org.slf4j:slf4j-api:1.7.36")
-  implementation("com.google.inject.extensions:guice-servlet:5.1.0")
+  implementation("com.google.inject.extensions:guice-servlet:7.0.0")
   implementation("com.google.guava:guava:31.1-jre")
-  implementation("org.eclipse.jetty:jetty-servlet:9.4.53.v20231009")
-  implementation("org.eclipse.jetty:jetty-server:9.4.53.v20231009")
-  implementation("org.eclipse.jetty:jetty-servlets:9.4.53.v20231009")
+  implementation("org.eclipse.jetty:jetty-servlet:11.0.0")
+  implementation("org.eclipse.jetty:jetty-server:11.0.0")
+  implementation("org.eclipse.jetty:jetty-servlets:11.0.0")
 
   annotationProcessor("org.projectlombok:lombok:1.18.24")
   compileOnly("org.projectlombok:lombok:1.18.24")
diff --git a/platform-http-service-framework/src/main/java/org/hypertrace/core/serviceframework/http/HttpHandlerDefinition.java b/platform-http-service-framework/src/main/java/org/hypertrace/core/serviceframework/http/HttpHandlerDefinition.java
index 732decb..cb20ad8 100644
--- a/platform-http-service-framework/src/main/java/org/hypertrace/core/serviceframework/http/HttpHandlerDefinition.java
+++ b/platform-http-service-framework/src/main/java/org/hypertrace/core/serviceframework/http/HttpHandlerDefinition.java
@@ -1,10 +1,10 @@
 package org.hypertrace.core.serviceframework.http;
 
 import com.google.inject.Injector;
+import jakarta.servlet.MultipartConfigElement;
+import jakarta.servlet.Servlet;
 import java.util.List;
 import java.util.Map;
-import javax.servlet.MultipartConfigElement;
-import javax.servlet.Servlet;
 import lombok.Builder;
 import lombok.Singular;
 import lombok.Value;
diff --git a/platform-http-service-framework/src/main/java/org/hypertrace/core/serviceframework/http/jetty/JettyHttpServerBuilder.java b/platform-http-service-framework/src/main/java/org/hypertrace/core/serviceframework/http/jetty/JettyHttpServerBuilder.java
index b153498..9bc4293 100644
--- a/platform-http-service-framework/src/main/java/org/hypertrace/core/serviceframework/http/jetty/JettyHttpServerBuilder.java
+++ b/platform-http-service-framework/src/main/java/org/hypertrace/core/serviceframework/http/jetty/JettyHttpServerBuilder.java
@@ -6,6 +6,8 @@
 
 import com.google.inject.Injector;
 import com.google.inject.servlet.GuiceFilter;
+import jakarta.servlet.DispatcherType;
+import jakarta.servlet.ServletContextListener;
 import java.nio.file.Path;
 import java.util.EnumSet;
 import java.util.LinkedList;
@@ -15,8 +17,6 @@
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.Executors;
 import javax.annotation.Nullable;
-import javax.servlet.DispatcherType;
-import javax.servlet.ServletContextListener;
 import org.eclipse.jetty.server.Connector;
 import org.eclipse.jetty.server.Handler;
 import org.eclipse.jetty.server.HttpConfiguration;
diff --git a/platform-metrics/build.gradle.kts b/platform-metrics/build.gradle.kts
index dd20c7c..d07e9f9 100644
--- a/platform-metrics/build.gradle.kts
+++ b/platform-metrics/build.gradle.kts
@@ -11,19 +11,19 @@ tasks.test {
 
 dependencies {
   api("com.typesafe:config:1.4.2")
-  api("io.dropwizard.metrics:metrics-core:4.2.16")
+  api("io.dropwizard.metrics:metrics-jakarta-servlet:4.2.25")
   api("io.micrometer:micrometer-core:1.10.2")
-  api("javax.servlet:javax.servlet-api:3.1.0")
+  api("jakarta.servlet:jakarta.servlet-api:6.0.0")
 
   implementation("io.micrometer:micrometer-registry-prometheus:1.10.2")
 
   implementation("io.github.mweirauch:micrometer-jvm-extras:0.2.2")
   implementation("org.slf4j:slf4j-api:1.7.36")
   implementation("io.dropwizard.metrics:metrics-jvm:4.2.16")
-  implementation("io.prometheus:simpleclient_dropwizard:0.12.0")
-  implementation("io.prometheus:simpleclient_servlet:0.12.0")
-  implementation("io.prometheus:simpleclient_pushgateway:0.12.0")
-  implementation("org.eclipse.jetty:jetty-servlet:9.4.53.v20231009")
+  implementation("io.prometheus:simpleclient_dropwizard:0.16.0")
+  implementation("io.prometheus:simpleclient_servlet_jakarta:0.16.0")
+  implementation("io.prometheus:simpleclient_pushgateway:0.16.0")
+  implementation("org.eclipse.jetty:jetty-servlet:11.0.0")
   implementation("com.google.guava:guava:32.0.1-jre")
 
   compileOnly("com.github.ben-manes.caffeine:caffeine:3.1.8")
diff --git a/platform-service-framework/build.gradle.kts b/platform-service-framework/build.gradle.kts
index ca663f3..c565120 100644
--- a/platform-service-framework/build.gradle.kts
+++ b/platform-service-framework/build.gradle.kts
@@ -18,11 +18,11 @@ dependencies {
   api("com.typesafe:config:1.4.2")
 
   // Use for thread dump servlet
-  implementation("io.dropwizard.metrics:metrics-servlets:4.2.16")
-  implementation("org.eclipse.jetty:jetty-servlet:9.4.53.v20231009")
+  implementation("io.dropwizard.metrics:metrics-jakarta-servlets:4.2.25")
+  implementation("org.eclipse.jetty:jetty-servlet:11.0.0")
 
   // Use for metrics servlet
-  implementation("io.prometheus:simpleclient_servlet:0.12.0")
+  implementation("io.prometheus:simpleclient_servlet_jakarta:0.16.0")
 
   // http client
   implementation("org.apache.httpcomponents:httpclient:4.5.13")
@@ -36,6 +36,4 @@ dependencies {
   testImplementation("org.apache.logging.log4j:log4j-slf4j-impl:2.19.0")
   testImplementation("org.junit.jupiter:junit-jupiter:5.9.0")
   testImplementation("org.mockito:mockito-core:4.8.0")
-  testImplementation("org.eclipse.jetty:jetty-servlet:9.4.53.v20231009:tests")
-  testImplementation("org.eclipse.jetty:jetty-http:9.4.53.v20231009:tests")
 }
diff --git a/platform-service-framework/src/main/java/org/hypertrace/core/serviceframework/PlatformService.java b/platform-service-framework/src/main/java/org/hypertrace/core/serviceframework/PlatformService.java
index c14356b..c5ef331 100644
--- a/platform-service-framework/src/main/java/org/hypertrace/core/serviceframework/PlatformService.java
+++ b/platform-service-framework/src/main/java/org/hypertrace/core/serviceframework/PlatformService.java
@@ -1,10 +1,10 @@
 package org.hypertrace.core.serviceframework;
 
-import com.codahale.metrics.servlets.CpuProfileServlet;
-import com.codahale.metrics.servlets.ThreadDumpServlet;
 import com.typesafe.config.Config;
 import com.typesafe.config.ConfigFactory;
-import io.prometheus.client.exporter.MetricsServlet;
+import io.dropwizard.metrics.servlets.CpuProfileServlet;
+import io.dropwizard.metrics.servlets.ThreadDumpServlet;
+import io.prometheus.client.servlet.jakarta.exporter.MetricsServlet;
 import java.net.InetAddress;
 import java.net.ServerSocket;
 import java.net.UnknownHostException;
diff --git a/platform-service-framework/src/main/java/org/hypertrace/core/serviceframework/service/servlets/HealthCheckServlet.java b/platform-service-framework/src/main/java/org/hypertrace/core/serviceframework/service/servlets/HealthCheckServlet.java
index dd89551..1ef918d 100644
--- a/platform-service-framework/src/main/java/org/hypertrace/core/serviceframework/service/servlets/HealthCheckServlet.java
+++ b/platform-service-framework/src/main/java/org/hypertrace/core/serviceframework/service/servlets/HealthCheckServlet.java
@@ -1,9 +1,9 @@
 package org.hypertrace.core.serviceframework.service.servlets;
 
+import jakarta.servlet.http.HttpServlet;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 import java.io.IOException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
 import org.hypertrace.core.serviceframework.PlatformService;
 
 public class HealthCheckServlet extends HttpServlet {
diff --git a/platform-service-framework/src/main/java/org/hypertrace/core/serviceframework/service/servlets/JVMDiagnosticServlet.java b/platform-service-framework/src/main/java/org/hypertrace/core/serviceframework/service/servlets/JVMDiagnosticServlet.java
index fbf1043..8d8bcf5 100644
--- a/platform-service-framework/src/main/java/org/hypertrace/core/serviceframework/service/servlets/JVMDiagnosticServlet.java
+++ b/platform-service-framework/src/main/java/org/hypertrace/core/serviceframework/service/servlets/JVMDiagnosticServlet.java
@@ -1,15 +1,15 @@
 package org.hypertrace.core.serviceframework.service.servlets;
 
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServlet;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.io.PrintWriter;
 import java.lang.management.ManagementFactory;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.Map.Entry;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
 import org.hypertrace.core.serviceframework.jvm.JVMDiagnosticCommand;
 import org.hypertrace.core.serviceframework.jvm.JVMDiagnosticCommand.Op;
 

From 87ecd6036494058dade0bb4f57dcd77d30f12ab3 Mon Sep 17 00:00:00 2001
From: Harshit Kumar <harshit.kumar@traceable.ai>
Date: Fri, 22 Nov 2024 15:21:56 +0530
Subject: [PATCH 2/5] bump version

---
 platform-http-service-framework/build.gradle.kts | 6 +++---
 platform-metrics/build.gradle.kts                | 2 +-
 platform-service-framework/build.gradle.kts      | 4 +---
 3 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/platform-http-service-framework/build.gradle.kts b/platform-http-service-framework/build.gradle.kts
index cd0dd1d..a5ecb94 100644
--- a/platform-http-service-framework/build.gradle.kts
+++ b/platform-http-service-framework/build.gradle.kts
@@ -15,9 +15,9 @@ dependencies {
   implementation("org.slf4j:slf4j-api:1.7.36")
   implementation("com.google.inject.extensions:guice-servlet:7.0.0")
   implementation("com.google.guava:guava:31.1-jre")
-  implementation("org.eclipse.jetty:jetty-servlet:11.0.0")
-  implementation("org.eclipse.jetty:jetty-server:11.0.0")
-  implementation("org.eclipse.jetty:jetty-servlets:11.0.0")
+  implementation("org.eclipse.jetty:jetty-servlet:11.0.20")
+  implementation("org.eclipse.jetty:jetty-server:11.0.20")
+  implementation("org.eclipse.jetty:jetty-servlets:11.0.20")
   annotationProcessor("org.projectlombok:lombok:1.18.24")
   compileOnly("org.projectlombok:lombok:1.18.24")
 }
diff --git a/platform-metrics/build.gradle.kts b/platform-metrics/build.gradle.kts
index d07e9f9..dcb56fa 100644
--- a/platform-metrics/build.gradle.kts
+++ b/platform-metrics/build.gradle.kts
@@ -23,7 +23,7 @@ dependencies {
   implementation("io.prometheus:simpleclient_dropwizard:0.16.0")
   implementation("io.prometheus:simpleclient_servlet_jakarta:0.16.0")
   implementation("io.prometheus:simpleclient_pushgateway:0.16.0")
-  implementation("org.eclipse.jetty:jetty-servlet:11.0.0")
+  implementation("org.eclipse.jetty:jetty-servlet:11.0.20")
   implementation("com.google.guava:guava:32.0.1-jre")
 
   compileOnly("com.github.ben-manes.caffeine:caffeine:3.1.8")
diff --git a/platform-service-framework/build.gradle.kts b/platform-service-framework/build.gradle.kts
index 9cbab9f..e0acc68 100644
--- a/platform-service-framework/build.gradle.kts
+++ b/platform-service-framework/build.gradle.kts
@@ -19,7 +19,7 @@ dependencies {
 
   // Use for thread dump servlet
   implementation("io.dropwizard.metrics:metrics-jakarta-servlets:4.2.25")
-  implementation("org.eclipse.jetty:jetty-servlet:11.0.0")
+  implementation("org.eclipse.jetty:jetty-servlet:11.0.20")
 
   // Use for metrics servlet
   implementation("io.prometheus:simpleclient_servlet_jakarta:0.16.0")
@@ -36,6 +36,4 @@ dependencies {
   testImplementation("org.apache.logging.log4j:log4j-slf4j-impl:2.19.0")
   testImplementation("org.junit.jupiter:junit-jupiter:5.9.0")
   testImplementation("org.mockito:mockito-core:4.8.0")
-  testImplementation("org.eclipse.jetty:jetty-servlet:9.4.56.v20240826:tests")
-  testImplementation("org.eclipse.jetty:jetty-http:9.4.56.v20240826:tests")
 }

From 82d930e020edf577f2ebde0cf9cc270c0d93a9c6 Mon Sep 17 00:00:00 2001
From: Harshit Kumar <harshit.kumar@traceable.ai>
Date: Sun, 22 Dec 2024 12:42:28 +0530
Subject: [PATCH 3/5] test suppression

---
 owasp-suppressions.xml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/owasp-suppressions.xml b/owasp-suppressions.xml
index 3c51e4c..daa2535 100644
--- a/owasp-suppressions.xml
+++ b/owasp-suppressions.xml
@@ -1,3 +1,9 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+  <suppress until="2025-01-31Z">
+    <packageUrl regex="true">^pkg:maven/org\.eclipse\.jetty/jetty\-servlets@11.0.20$
+    </packageUrl>
+    <vulnerabilityName>CVE-2024-6763</vulnerabilityName>
+    <vulnerabilityName>CVE-2024-8184</vulnerabilityName>
+  </suppress>
 </suppressions> 

From 365448a111a519d9790575555a7bf26527f20c7c Mon Sep 17 00:00:00 2001
From: Harshit Kumar <harshit.kumar@traceable.ai>
Date: Sun, 22 Dec 2024 12:58:49 +0530
Subject: [PATCH 4/5] revert suppression test

---
 owasp-suppressions.xml | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/owasp-suppressions.xml b/owasp-suppressions.xml
index daa2535..3c51e4c 100644
--- a/owasp-suppressions.xml
+++ b/owasp-suppressions.xml
@@ -1,9 +1,3 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
-  <suppress until="2025-01-31Z">
-    <packageUrl regex="true">^pkg:maven/org\.eclipse\.jetty/jetty\-servlets@11.0.20$
-    </packageUrl>
-    <vulnerabilityName>CVE-2024-6763</vulnerabilityName>
-    <vulnerabilityName>CVE-2024-8184</vulnerabilityName>
-  </suppress>
 </suppressions> 

From e577182f75c164be8b0ba3a90a81709d9ff0fab9 Mon Sep 17 00:00:00 2001
From: Harshit Kumar <harshit.kumar@traceable.ai>
Date: Sun, 22 Dec 2024 13:50:06 +0530
Subject: [PATCH 5/5] test suppression

---
 owasp-suppressions.xml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/owasp-suppressions.xml b/owasp-suppressions.xml
index 3c51e4c..a931e5c 100644
--- a/owasp-suppressions.xml
+++ b/owasp-suppressions.xml
@@ -1,3 +1,11 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+  <suppress>
+    <notes><![CDATA[
+   file name: jetty-http-11.0.20.jar
+   ]]></notes>
+    <packageUrl regex="true">^pkg:maven/org\.eclipse\.jetty/jetty\-.*@.*$</packageUrl>
+    <cve>CVE-2024-8184</cve>
+    <cve>CVE-2024-6763</cve>
+  </suppress>
 </suppressions>