diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index e510bc04..b2cbe984 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -26,7 +26,7 @@ jobs:
TAG_FORMAT=$(yq '.TAG_FORMAT' .github/config/settings.yml)
echo "TAG_FORMAT=$TAG_FORMAT" >> "$GITHUB_OUTPUT"
quality_checks:
- uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks.yml@2b3ddfd1e59daf9905522d0140c6cd08e2547432
+ uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks.yml@2fe6bc6cd974efb4d55a2a7b665385f7a2d28950
needs: [get_asdf_version]
secrets:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml
index 39b8a42e..8a0ef89e 100644
--- a/.github/workflows/pull_request.yml
+++ b/.github/workflows/pull_request.yml
@@ -32,7 +32,7 @@ jobs:
TAG_FORMAT=$(yq '.TAG_FORMAT' .github/config/settings.yml)
echo "TAG_FORMAT=$TAG_FORMAT" >> "$GITHUB_OUTPUT"
quality_checks:
- uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks.yml@2b3ddfd1e59daf9905522d0140c6cd08e2547432
+ uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks.yml@2fe6bc6cd974efb4d55a2a7b665385f7a2d28950
needs: [get_asdf_version]
with:
asdfVersion: ${{ needs.get_asdf_version.outputs.asdf_version }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index b71ee8e2..74a48f13 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -25,7 +25,7 @@ jobs:
TAG_FORMAT=$(yq '.TAG_FORMAT' .github/config/settings.yml)
echo "TAG_FORMAT=$TAG_FORMAT" >> "$GITHUB_OUTPUT"
quality_checks:
- uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks.yml@2b3ddfd1e59daf9905522d0140c6cd08e2547432
+ uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks.yml@2fe6bc6cd974efb4d55a2a7b665385f7a2d28950
needs: [get_asdf_version]
secrets:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
diff --git a/.trivyignore b/.trivyignore
new file mode 100644
index 00000000..9e997747
--- /dev/null
+++ b/.trivyignore
@@ -0,0 +1,20 @@
+# various vulnerabilities due to running an old version of hapi-fhir
+CVE-2023-24057
+CVE-2023-28465
+CVE-2024-51132
+CVE-2024-55887
+CVE-2022-42889
+CVE-2024-45294
+CVE-2024-52007
+CVE-2024-45294
+CVE-2024-52007
+CVE-2024-45294
+CVE-2024-52007
+CVE-2024-45294
+CVE-2024-52007
+CVE-2024-45294
+CVE-2024-52007
+CVE-2021-35515
+CVE-2021-35516
+CVE-2021-35517
+CVE-2021-36090
diff --git a/Makefile b/Makefile
index 83ae02c1..4a391b6a 100644
--- a/Makefile
+++ b/Makefile
@@ -33,13 +33,9 @@ lint-githubaction-scripts:
test: download-dependencies
mvn test
-check-licenses: check-licenses-python check-licenses-java
-
-check-licenses-python:
- scripts/check_python_licenses.sh
-
-check-licenses-java:
- mvn validate
+check-licenses:
+ echo "not implemented from console"
+ exit 1
show-unused-dependencies:
mvn dependency:analyze
diff --git a/licenses/allowedMissingLicense.xml b/licenses/allowedMissingLicense.xml
deleted file mode 100644
index 568b7bf9..00000000
--- a/licenses/allowedMissingLicense.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-
-
-
- jakarta-regexp
- jakarta-regexp
- 1.4
-
-
diff --git a/licenses/licenses.xml b/licenses/licenses.xml
deleted file mode 100644
index 5543bd3f..00000000
--- a/licenses/licenses.xml
+++ /dev/null
@@ -1,153 +0,0 @@
-
-
-
-
- The Apache Software License, Version 2.0
-
- The Apache Software License, Version 2.0
- Apache License, Version 2.0
- Apache Software License 2.0
- Apache License 2.0
-
-
- http://www.apache.org/licenses/LICENSE-2.0.txt
- https://www.apache.org/licenses/LICENSE-2.0
- https://www.apache.org/licenses/LICENSE-2.0.txt
- https://www.apache.org/licenses/LICENSE-2.0
-
-
-
- Eclipse Public License 1.0
-
- Eclipse Public License 1.0
- Eclipse Public License - v 1.0
- Eclipse Distribution License - v 1.0
-
-
- http://www.eclipse.org/legal/epl-v10.html
- http://www.eclipse.org/legal/epl-v10.html
- http://www.eclipse.org/org/documents/edl-v10.php
-
-
-
- Eclipse Public License v2.0
-
- Eclipse Public License v2.0
- EPL 2.0
- Eclipse Public License - v 2.0
-
-
- https://www.eclipse.org/legal/epl-v20.html
- http://www.eclipse.org/legal/epl-2.0
-
-
-
-
- The MIT License
-
- The MIT License
- MIT License
- MIT
-
-
- http://code.google.com/p/mockito/wiki/License
- http://www.opensource.org/licenses/mit-license
- https://opensource.org/licenses/MIT
-
-
-
- BSD
-
- BSD
-
-
- http://asm.objectweb.org/license.html
-
-
-
- BSD License 3
-
- BSD License 3
-
-
- http://opensource.org/licenses/BSD-3-Clause
-
-
-
- BSD-2-Clause
-
- BSD-2-Clause
-
-
- https://opensource.org/licenses/BSD-2-Clause
-
-
-
- LGPL 2.1
-
- LGPL 2.1
- GNU Lesser General Public License
- http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
-
-
- http://www.gnu.org/licenses/lgpl-2.1.html
-
-
-
- MPL 1.1
-
- MPL 1.1
-
-
- http://www.mozilla.org/MPL/MPL-1.1.html
-
-
-
- Mozilla Public License Version 2.0
-
- Mozilla Public License Version 2.0
-
-
- http://www.mozilla.org/MPL/2.0/
-
-
-
- Unicode/ICU License
-
- Unicode/ICU License
-
-
- https://raw.githubusercontent.com/unicode-org/icu/main/icu4c/LICENSE
-
-
-
- GPL2 w/ CPE
-
- GPL2 w/ CPE
-
-
- https://www.gnu.org/software/classpath/license.html
-
-
-
- Public Domain, per Creative Commons CC0
-
- Public Domain, per Creative Commons CC0
-
-
- http://creativecommons.org/publicdomain/zero/1.0
-
-
-
-
-
- GNU General Public License version 2
-
- GNU General Public License version 2
-
-
- https://opensource.org/licenses/gpl-2.0.php
-
-
-
-
diff --git a/poetry.lock b/poetry.lock
index 75ab49f9..14707652 100644
--- a/poetry.lock
+++ b/poetry.lock
@@ -471,24 +471,6 @@ files = [
{file = "nodeenv-1.10.0.tar.gz", hash = "sha256:996c191ad80897d076bdfba80a41994c2b47c68e224c542b48feba42ba00f8bb"},
]
-[[package]]
-name = "pip-licenses"
-version = "5.5.0"
-description = "Dump the software license list of Python packages installed with pip."
-optional = false
-python-versions = ">=3.9"
-groups = ["dev"]
-files = [
- {file = "pip_licenses-5.5.0-py3-none-any.whl", hash = "sha256:ae1869436d13ee487088d29e71fc5821950062ad25ec28b6a1a443e0add6d8e8"},
- {file = "pip_licenses-5.5.0.tar.gz", hash = "sha256:2473e7afd02a0c21460758f70fd2bb3b3c080c5150713dd33baa9493dc1563a5"},
-]
-
-[package.dependencies]
-prettytable = ">=3.12.0"
-
-[package.extras]
-dev = ["autopep8", "black", "docutils", "isort", "mypy", "pip-tools", "pypandoc", "pytest-cov", "pytest-pycodestyle", "pytest-runner", "tomli-w", "twine", "wheel"]
-
[[package]]
name = "platformdirs"
version = "4.5.1"
@@ -525,24 +507,6 @@ nodeenv = ">=0.11.1"
pyyaml = ">=5.1"
virtualenv = ">=20.10.0"
-[[package]]
-name = "prettytable"
-version = "3.17.0"
-description = "A simple Python library for easily displaying tabular data in a visually appealing ASCII table format"
-optional = false
-python-versions = ">=3.10"
-groups = ["dev"]
-files = [
- {file = "prettytable-3.17.0-py3-none-any.whl", hash = "sha256:aad69b294ddbe3e1f95ef8886a060ed1666a0b83018bbf56295f6f226c43d287"},
- {file = "prettytable-3.17.0.tar.gz", hash = "sha256:59f2590776527f3c9e8cf9fe7b66dd215837cca96a9c39567414cbc632e8ddb0"},
-]
-
-[package.dependencies]
-wcwidth = "*"
-
-[package.extras]
-tests = ["pytest", "pytest-cov", "pytest-lazy-fixtures"]
-
[[package]]
name = "pycodestyle"
version = "2.14.0"
@@ -1224,19 +1188,7 @@ platformdirs = ">=3.9.1,<5"
docs = ["furo (>=2023.7.26)", "proselint (>=0.13)", "sphinx (>=7.1.2,!=7.3)", "sphinx-argparse (>=0.4)", "sphinxcontrib-towncrier (>=0.2.1a0)", "towncrier (>=23.6)"]
test = ["covdefaults (>=2.3)", "coverage (>=7.2.7)", "coverage-enable-subprocess (>=1)", "flaky (>=3.7)", "packaging (>=23.1)", "pytest (>=7.4)", "pytest-env (>=0.8.2)", "pytest-freezer (>=0.4.8) ; platform_python_implementation == \"PyPy\" or platform_python_implementation == \"GraalVM\" or platform_python_implementation == \"CPython\" and sys_platform == \"win32\" and python_version >= \"3.13\"", "pytest-mock (>=3.11.1)", "pytest-randomly (>=3.12)", "pytest-timeout (>=2.1)", "setuptools (>=68)", "time-machine (>=2.10) ; platform_python_implementation == \"CPython\""]
-[[package]]
-name = "wcwidth"
-version = "0.2.14"
-description = "Measures the displayed width of unicode strings in a terminal"
-optional = false
-python-versions = ">=3.6"
-groups = ["dev"]
-files = [
- {file = "wcwidth-0.2.14-py2.py3-none-any.whl", hash = "sha256:a7bb560c8aee30f9957e5f9895805edd20602f2d7f720186dfd906e82b4982e1"},
- {file = "wcwidth-0.2.14.tar.gz", hash = "sha256:4d478375d31bc5395a3c55c40ccdf3354688364cd61c4f6adacaa9215d0b3605"},
-]
-
[metadata]
lock-version = "2.1"
python-versions = "^3.12"
-content-hash = "9e75e5c0607f1f8becb76767969171d1d0ff9ed8cb7baf9e6d9316a92f4f89b7"
+content-hash = "9f991d6b34ade62cc62e2103a80cfa28a801f80c6df1d5484c0820b909ec9cf7"
diff --git a/pom.xml b/pom.xml
index a5a6e8fe..f1069e30 100644
--- a/pom.xml
+++ b/pom.xml
@@ -175,27 +175,6 @@
-
- se.ayoy.maven-plugins
- ayoy-license-verifier-maven-plugin
- 1.2.0
-
-
- validate
-
- verify
-
-
-
-
- ${project.basedir}/licenses/licenses.xml
-
- ${project.basedir}/licenses/allowedMissingLicense.xml
- true
- true
- true
-
-
maven-dependency-plugin
3.9.0
diff --git a/pyproject.toml b/pyproject.toml
index dd33e1e1..fadff782 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -20,7 +20,6 @@ flake8 = "^7.3.0"
requests = "^2.32.5"
[tool.poetry.group.dev.dependencies]
-pip-licenses = "^5.0.0"
pre-commit = "^4.5.1"
cfn-lint = "^1.43.2"
diff --git a/trivy.yaml b/trivy.yaml
new file mode 100644
index 00000000..2a1affb7
--- /dev/null
+++ b/trivy.yaml
@@ -0,0 +1,2 @@
+license:
+ ignored: ["LGPL-2.1-only", "GPL-2.0-with-classpath-exception"]