diff --git a/etp-backend/deps.edn b/etp-backend/deps.edn
index b27aff076..ee1d950fc 100644
--- a/etp-backend/deps.edn
+++ b/etp-backend/deps.edn
@@ -1,107 +1,108 @@
-{:paths ["src/main/clj"
- "src/main/sql"
- "src/main/resources"]
+{:paths ["src/main/clj"
+ "src/main/sql"
+ "src/main/resources"]
:mvn/repos {"shibboleth" {:url "https://build.shibboleth.net/maven/releases/"}}
- :deps {org.clojure/clojure {:mvn/version "1.10.1"}
- ch.qos.logback/logback-classic {:mvn/version "1.4.11"}
- org.slf4j/log4j-over-slf4j {:mvn/version "1.7.36"}
- flathead/flathead {:mvn/version "0.0.6"}
- integrant/integrant {:mvn/version "0.8.1"}
- hikari-cp/hikari-cp {:mvn/version "2.14.0"}
- org.postgresql/postgresql {:mvn/version "42.6.0"}
- org.clojure/java.jdbc {:mvn/version "0.7.12"}
- org.clojure/data.csv {:mvn/version "1.0.1"}
- http-kit/http-kit {:mvn/version "2.7.0"}
- ring/ring-core {:mvn/version "1.10.0"}
- javax.servlet/servlet-api {:mvn/version "2.5"}
- org.clojure/tools.logging {:mvn/version "1.2.4"}
- prismatic/schema {:mvn/version "1.4.1"}
- metosin/reitit-ring {:mvn/version "0.6.0"}
- metosin/reitit-swagger {:mvn/version "0.6.0"}
- metosin/reitit-swagger-ui {:mvn/version "0.6.0"}
- metosin/reitit-middleware {:mvn/version "0.6.0"}
- metosin/reitit-dev {:mvn/version "0.6.0"}
- metosin/reitit-schema {:mvn/version "0.6.0"}
- metosin/muuntaja {:mvn/version "0.6.8"}
- metosin/jsonista {:mvn/version "0.3.7"}
- metosin/schema-tools {:mvn/version "0.13.1"}
- ;; TODO Spec-tools can be removed when the issue below has been fixed:
- ;; https://github.com/metosin/reitit/issues/355
- metosin/spec-tools {:mvn/version "0.10.6"}
- webjure/jeesql {:mvn/version "0.4.7"}
- clj-http/clj-http {:mvn/version "3.12.3"}
- buddy/buddy-core {:mvn/version "1.11.423"}
- buddy/buddy-sign {:mvn/version "3.5.351"}
- buddy/buddy-hashers {:mvn/version "2.0.167"}
- org.apache.poi/poi {:mvn/version "5.2.3"}
- org.apache.poi/poi-ooxml {:mvn/version "5.2.3"}
- org.apache.pdfbox/pdfbox {:mvn/version "2.0.29"}
- puumerkki/puumerkki {:mvn/version "0.9.2"
- :exclusions [ring/ring
- ring/ring-core
- ring/ring-defaults
- hiccup/hiccup
- clj-http/clj-http
- ring/ring-jetty-adapter
- org.clojure/data.json]}
- org.clojure/core.match {:mvn/version "1.0.1"}
- com.cognitect.aws/api {:mvn/version "0.8.686"}
- com.cognitect.aws/endpoints {:mvn/version "1.1.12.504"}
- com.cognitect.aws/s3 {:mvn/version "848.2.1413.0"}
- de.ubercode.clostache/clostache {:mvn/version "1.4.0"}
- commonmark-hiccup/commonmark-hiccup {:mvn/version "0.3.0"}
+ :deps {org.clojure/clojure {:mvn/version "1.10.1"}
+ ch.qos.logback/logback-classic {:mvn/version "1.4.11"}
+ org.slf4j/log4j-over-slf4j {:mvn/version "1.7.36"}
+ flathead/flathead {:mvn/version "0.0.6"}
+ integrant/integrant {:mvn/version "0.8.1"}
+ hikari-cp/hikari-cp {:mvn/version "2.14.0"}
+ org.postgresql/postgresql {:mvn/version "42.6.0"}
+ org.clojure/java.jdbc {:mvn/version "0.7.12"}
+ org.clojure/data.csv {:mvn/version "1.0.1"}
+ http-kit/http-kit {:mvn/version "2.7.0"}
+ ring/ring-core {:mvn/version "1.10.0"}
+ javax.servlet/servlet-api {:mvn/version "2.5"}
+ org.clojure/tools.logging {:mvn/version "1.2.4"}
+ prismatic/schema {:mvn/version "1.4.1"}
+ metosin/reitit-ring {:mvn/version "0.6.0"}
+ metosin/reitit-swagger {:mvn/version "0.6.0"}
+ metosin/reitit-swagger-ui {:mvn/version "0.6.0"}
+ metosin/reitit-middleware {:mvn/version "0.6.0"}
+ metosin/reitit-dev {:mvn/version "0.6.0"}
+ metosin/reitit-schema {:mvn/version "0.6.0"}
+ metosin/muuntaja {:mvn/version "0.6.8"}
+ metosin/jsonista {:mvn/version "0.3.7"}
+ metosin/schema-tools {:mvn/version "0.13.1"}
+ ;; TODO Spec-tools can be removed when the issue below has been fixed:
+ ;; https://github.com/metosin/reitit/issues/355
+ metosin/spec-tools {:mvn/version "0.10.6"}
+ webjure/jeesql {:mvn/version "0.4.7"}
+ clj-http/clj-http {:mvn/version "3.12.3"}
+ buddy/buddy-core {:mvn/version "1.11.423"}
+ buddy/buddy-sign {:mvn/version "3.5.351"}
+ buddy/buddy-hashers {:mvn/version "2.0.167"}
+ org.apache.poi/poi {:mvn/version "5.2.3"}
+ org.apache.poi/poi-ooxml {:mvn/version "5.2.3"}
+ org.apache.pdfbox/pdfbox {:mvn/version "2.0.29"}
+ puumerkki/puumerkki {:mvn/version "0.9.2"
+ :exclusions [ring/ring
+ ring/ring-core
+ ring/ring-defaults
+ hiccup/hiccup
+ clj-http/clj-http
+ ring/ring-jetty-adapter
+ org.clojure/data.json]}
+ org.clojure/core.match {:mvn/version "1.0.1"}
+ com.cognitect.aws/api {:mvn/version "0.8.686"}
+ com.cognitect.aws/endpoints {:mvn/version "1.1.12.504"}
+ com.cognitect.aws/s3 {:mvn/version "848.2.1413.0"}
+ de.ubercode.clostache/clostache {:mvn/version "1.4.0"}
+ commonmark-hiccup/commonmark-hiccup {:mvn/version "0.3.0"}
- com.openhtmltopdf/openhtmltopdf-pdfbox {:mvn/version "1.0.10"}
- com.openhtmltopdf/openhtmltopdf-slf4j {:mvn/version "1.0.10"}
+ com.openhtmltopdf/openhtmltopdf-pdfbox {:mvn/version "1.0.10"}
+ com.openhtmltopdf/openhtmltopdf-slf4j {:mvn/version "1.0.10"}
- ;; Contains vulnerable version of batik-* libraries, exclude those
- ;; and add direct dependency to newer versions
- com.openhtmltopdf/openhtmltopdf-svg-support
- {:mvn/version "1.0.10"
- :exclusions [org.apache.xmlgraphics/batik-transcoder
- org.apache.xmlgraphics/batik-codec
- org.apache.xmlgraphics/batik-ext]}
- org.apache.xmlgraphics/batik-transcoder {:mvn/version "1.17"}
- org.apache.xmlgraphics/batik-codec {:mvn/version "1.17"}
- org.apache.xmlgraphics/batik-ext {:mvn/version "1.17"}
+ ;; Contains vulnerable version of batik-* libraries, exclude those
+ ;; and add direct dependency to newer versions
+ com.openhtmltopdf/openhtmltopdf-svg-support
+ {:mvn/version "1.0.10"
+ :exclusions [org.apache.xmlgraphics/batik-transcoder
+ org.apache.xmlgraphics/batik-codec
+ org.apache.xmlgraphics/batik-ext]}
+ org.apache.xmlgraphics/batik-transcoder {:mvn/version "1.17"}
+ org.apache.xmlgraphics/batik-codec {:mvn/version "1.17"}
+ org.apache.xmlgraphics/batik-ext {:mvn/version "1.17"}
- ;; Non-alpha version does not support xml namespaces
- org.clojure/data.xml {:mvn/version "0.2.0-alpha8"}
- camel-snake-kebab/camel-snake-kebab {:mvn/version "0.4.3"}
- com.jcraft/jsch {:mvn/version "0.1.55"}
- com.sun.mail/javax.mail {:mvn/version "1.6.2"}
+ ;; Non-alpha version does not support xml namespaces
+ org.clojure/data.xml {:mvn/version "0.2.0-alpha8"}
+ camel-snake-kebab/camel-snake-kebab {:mvn/version "0.4.3"}
+ com.jcraft/jsch {:mvn/version "0.1.55"}
+ com.sun.mail/javax.mail {:mvn/version "1.6.2"}
- org.apache.wss4j/wss4j-ws-security-dom {:mvn/version "3.0.1"}
- org.apache.wss4j/wss4j-ws-security-common {:mvn/version "3.0.1"}
- com.sun.xml.messaging.saaj/saaj-impl {:mvn/version "3.0.2"}
- org.apache.axis/axis {:mvn/version "1.4"}
- commons-io/commons-io {:mvn/version "2.13.0"}
- ;; commons-discovery is needed by some other library dynamically at runtime
- ;; related to suomi.fi-viestit implementation
- commons-discovery/commons-discovery {:mvn/version "0.5"}
- com.sun.xml.ws/webservices-rt {:mvn/version "2.0.1"}
- kovacnica/clojure.network.ip {:mvn/version "0.1.3"}}
- :aliases {:dev {:extra-paths ["src/test/clj"
- "src/test/resources"
- "src/dev/clj"]
- :extra-deps {integrant/repl {:mvn/version "0.3.3"}
- eftest/eftest {:mvn/version "0.6.0"}
- prismatic/schema-generators {:mvn/version "0.1.5"}
- ring/ring-mock {:mvn/version "0.4.0"}
- org.xmlunit/xmlunit-core {:mvn/version "2.9.1"}}
- :jvm-opts ["-Djava.awt.headless=true"]}
- :test {:main-opts ["-e" "(run-tests-and-exit!)" "-A:dev"]}
- :test-ci {:main-opts ["-e" "(run-tests-with-junit-reporter-and-exit!)" "-A:dev"]}
- :coverage {:extra-deps {cloverage/cloverage {:mvn/version "1.2.4"}}
- :main-opts ["-m" "cloverage.coverage -p src/main -s src/test -e solita.etp.api.* -e user"]}
- :jar {:extra-deps {seancorfield/depstar {:mvn/version "1.1.136"}}
- :main-opts ["-m" "hf.depstar.jar" "target/etp-backend.jar"]}
- :uberjar {:extra-deps {uberdeps/uberdeps {:mvn/version "0.1.8"}}
- :main-opts ["-m" "uberdeps.uberjar"]}
- :deploy {:extra-deps {slipset/deps-deploy {:mvn/version "0.2.1"}}
- :main-opts ["-m" "deps-deploy.deps-deploy" "deploy"
- "target/etp-backend.jar"]}
- :outdated {:extra-deps {com.github.liquidz/antq {:mvn/version "2.5.1109"}}
- :main-opts ["-m" "antq.core"]}
- :lint {:extra-deps {clj-kondo/clj-kondo {:mvn/version "2023.09.07"}}
- :main-opts ["-m" "clj-kondo.main" "--lint" "src"]}}}
+ org.apache.wss4j/wss4j-ws-security-dom {:mvn/version "3.0.1"}
+ org.apache.wss4j/wss4j-ws-security-common {:mvn/version "3.0.1"}
+ com.sun.xml.messaging.saaj/saaj-impl {:mvn/version "3.0.2"}
+ org.apache.axis/axis {:mvn/version "1.4"}
+ commons-io/commons-io {:mvn/version "2.13.0"}
+ ;; commons-discovery is needed by some other library dynamically at runtime
+ ;; related to suomi.fi-viestit implementation
+ commons-discovery/commons-discovery {:mvn/version "0.5"}
+ com.sun.xml.ws/webservices-rt {:mvn/version "2.0.1"}
+ kovacnica/clojure.network.ip {:mvn/version "0.1.3"
+ :exclusions [org.clojure/clojurescript]}}
+ :aliases {:dev {:extra-paths ["src/test/clj"
+ "src/test/resources"
+ "src/dev/clj"]
+ :extra-deps {integrant/repl {:mvn/version "0.3.3"}
+ eftest/eftest {:mvn/version "0.6.0"}
+ prismatic/schema-generators {:mvn/version "0.1.5"}
+ ring/ring-mock {:mvn/version "0.4.0"}
+ org.xmlunit/xmlunit-core {:mvn/version "2.9.1"}}
+ :jvm-opts ["-Djava.awt.headless=true"]}
+ :test {:main-opts ["-e" "(run-tests-and-exit!)" "-A:dev"]}
+ :test-ci {:main-opts ["-e" "(run-tests-with-junit-reporter-and-exit!)" "-A:dev"]}
+ :coverage {:extra-deps {cloverage/cloverage {:mvn/version "1.2.4"}}
+ :main-opts ["-m" "cloverage.coverage -p src/main -s src/test -e solita.etp.api.* -e user"]}
+ :jar {:extra-deps {seancorfield/depstar {:mvn/version "1.1.136"}}
+ :main-opts ["-m" "hf.depstar.jar" "target/etp-backend.jar"]}
+ :uberjar {:extra-deps {uberdeps/uberdeps {:mvn/version "0.1.8"}}
+ :main-opts ["-m" "uberdeps.uberjar"]}
+ :deploy {:extra-deps {slipset/deps-deploy {:mvn/version "0.2.1"}}
+ :main-opts ["-m" "deps-deploy.deps-deploy" "deploy"
+ "target/etp-backend.jar"]}
+ :outdated {:extra-deps {com.github.liquidz/antq {:mvn/version "2.5.1109"}}
+ :main-opts ["-m" "antq.core"]}
+ :lint {:extra-deps {clj-kondo/clj-kondo {:mvn/version "2023.09.07"}}
+ :main-opts ["-m" "clj-kondo.main" "--lint" "src"]}}}
diff --git a/etp-backend/nvd_suppressions.xml b/etp-backend/nvd_suppressions.xml
index 267b6cf62..9fa6409ba 100644
--- a/etp-backend/nvd_suppressions.xml
+++ b/etp-backend/nvd_suppressions.xml
@@ -41,6 +41,14 @@
^pkg:maven/org\.apache\.axis/axis@.*$
CVE-2007-2353
+
+
+
+ ^pkg:maven/org\.apache\.axis/axis@.*$
+ CVE-2023-40743
+