From 1eb000a612c7a99a7844ff188df38afaad1aecb1 Mon Sep 17 00:00:00 2001
From: Biju Joseph <biju.joseph@semanticbits.com>
Date: Fri, 7 Mar 2025 13:48:34 -0600
Subject: [PATCH 1/5] Create .snyk policy file

Add a .snyk policy file to exclude some test phase dependencies.
---
 .snyk | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 .snyk

diff --git a/.snyk b/.snyk
new file mode 100644
index 000000000..d5467c559
--- /dev/null
+++ b/.snyk
@@ -0,0 +1,5 @@
+ignore:
+  "com.github.spotbugs:spotbugs-maven-plugin":
+    - "*":
+        reason: "SpotBugs is a build-time plugin and does not impact runtime security."
+        expires: "2025-12-31"

From 3f2ffaecc9812dec0472ca406264a7f429a1cbd3 Mon Sep 17 00:00:00 2001
From: John Manack <john.manack@semanticbits.com>
Date: Mon, 11 Aug 2025 15:57:42 -0400
Subject: [PATCH 2/5] feat: QPPA-10640 improve maven binary download command
 with increased timeout limit and retry logic

---
 Dockerfile | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index eb678d5eb..91acad689 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -6,7 +6,11 @@ ARG SHA=706f01b20dec0305a822ab614d51f32b07ee11d0218175e55450242e49d2156386483b50
 ARG BASE_URL=https://archive.apache.org/dist/maven/maven-3/${MAVEN_VERSION}/binaries/
 
 RUN mkdir -p /usr/share/maven /usr/share/maven/ref \
-  && curl -fsSL -o /tmp/apache-maven.tar.gz ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
+  && for i in 1 2 3; do \
+      echo "Attempt $i to download Maven..." && \
+      curl -fsSL --connect-timeout 300 --max-time 600 -o /tmp/apache-maven.tar.gz ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz && break || \
+      (echo "Download failed, attempt $i of 3" && sleep 10); \
+     done \
   && echo "${SHA}  /tmp/apache-maven.tar.gz" | sha512sum -c - \
   && tar -xzf /tmp/apache-maven.tar.gz -C /usr/share/maven --strip-components=1 \
   && rm -f /tmp/apache-maven.tar.gz \

From 67d73a63cc8e6711b1bdae941d342b9eaa193898 Mon Sep 17 00:00:00 2001
From: John Manack <john.manack@semanticbits.com>
Date: Mon, 11 Aug 2025 16:18:45 -0400
Subject: [PATCH 3/5] chore: QPPA-10640 removes extra forward slash in BASE_URL
 variable

---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 91acad689..53a4ba70b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -3,7 +3,7 @@ FROM eclipse-temurin:17 AS builder
 ARG MAVEN_VERSION=3.9.6
 ARG USER_HOME_DIR="/root"
 ARG SHA=706f01b20dec0305a822ab614d51f32b07ee11d0218175e55450242e49d2156386483b506b3a4e8a03ac8611bae96395fd5eec15f50d3013d5deed6d1ee18224
-ARG BASE_URL=https://archive.apache.org/dist/maven/maven-3/${MAVEN_VERSION}/binaries/
+ARG BASE_URL=https://archive.apache.org/dist/maven/maven-3/${MAVEN_VERSION}/binaries
 
 RUN mkdir -p /usr/share/maven /usr/share/maven/ref \
   && for i in 1 2 3; do \

From 06f469273b7fc253b8b1c1d3ee10fcf96e6dd543 Mon Sep 17 00:00:00 2001
From: John Manack <john.manack@semanticbits.com>
Date: Tue, 12 Aug 2025 11:32:13 -0400
Subject: [PATCH 4/5] chore: QPPA-10686 updates dependencies to clear snyk
 flags

---
 commons/src/main/resources/measures-data.json |  2 +-
 pom.xml                                       |  2 +-
 rest-api/pom.xml                              | 10 +++++-----
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/commons/src/main/resources/measures-data.json b/commons/src/main/resources/measures-data.json
index 156bd7e37..a8a8062ee 100644
--- a/commons/src/main/resources/measures-data.json
+++ b/commons/src/main/resources/measures-data.json
@@ -18257,7 +18257,7 @@
     "measureType": "process",
     "isHighPriority": true,
     "primarySteward": "AAOS Orthopaedic Quality Resource Center",
-    "isInverse": true,
+    "isInverse": false,
     "isRiskAdjusted": false,
     "isIcdImpacted": false,
     "icdImpacted": [],
diff --git a/pom.xml b/pom.xml
index 36e5acfad..1df6dab9c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -501,7 +501,7 @@
 			<dependency>
 				<groupId>net.logstash.logback</groupId>
 				<artifactId>logstash-logback-encoder</artifactId>
-				<version>6.4</version>
+				<version>8.1</version>
 			</dependency>
 
 			<dependency>
diff --git a/rest-api/pom.xml b/rest-api/pom.xml
index 534f4b59e..2d4ce5e75 100644
--- a/rest-api/pom.xml
+++ b/rest-api/pom.xml
@@ -30,7 +30,7 @@
 			<plugin>
 				<groupId>org.springframework.boot</groupId>
 				<artifactId>spring-boot-maven-plugin</artifactId>
-				<version>3.4.7</version>
+				<version>3.4.8</version>
 				<executions>
 					<execution>
 						<goals>
@@ -63,7 +63,7 @@
 				<!-- Import dependency management from Spring Boot -->
 				<groupId>org.springframework.boot</groupId>
 				<artifactId>spring-boot-dependencies</artifactId>
-				<version>3.4.7</version>
+				<version>3.4.8</version>
 				<type>pom</type>
 				<scope>import</scope>
 			</dependency>
@@ -127,12 +127,12 @@
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-security</artifactId>
-			<version>3.4.7</version>
+			<version>3.4.8</version>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-web</artifactId>
-			<version>3.4.7</version>
+			<version>3.4.8</version>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework</groupId>
@@ -317,7 +317,7 @@
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-test</artifactId>
-			<version>3.4.7</version>
+			<version>3.4.8</version>
 			<scope>test</scope>
 			<exclusions>
 				<exclusion>

From 2aaba5f6b2ef10091f807288ca5a268bd39c5a03 Mon Sep 17 00:00:00 2001
From: John Manack <john.manack@semanticbits.com>
Date: Wed, 13 Aug 2025 13:47:00 -0400
Subject: [PATCH 5/5] chore: QPPA-10689 updates pom files for new version

---
 acceptance-tests/pom.xml      | 2 +-
 commandline/pom.xml           | 2 +-
 commons/pom.xml               | 2 +-
 converter/pom.xml             | 4 ++--
 generate-race-cpcplus/pom.xml | 2 +-
 generate/pom.xml              | 2 +-
 pom.xml                       | 2 +-
 qrda3-update-measures/pom.xml | 2 +-
 rest-api/pom.xml              | 2 +-
 test-commons/pom.xml          | 2 +-
 test-coverage/pom.xml         | 2 +-
 11 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/acceptance-tests/pom.xml b/acceptance-tests/pom.xml
index 040b732e7..dcab2762f 100644
--- a/acceptance-tests/pom.xml
+++ b/acceptance-tests/pom.xml
@@ -3,7 +3,7 @@
     <modelVersion>4.0.0</modelVersion>
 	<artifactId>acceptance-tests</artifactId>
 	<groupId>gov.cms.qpp.conversion</groupId>
-	<version>2025.07.31.01-RELEASE</version>
+	<version>2025.08.13.01-RELEASE</version>
 	<name>conversion-tests</name>
 	<packaging>jar</packaging>
 	<properties>
diff --git a/commandline/pom.xml b/commandline/pom.xml
index 15223bd1e..6ea60f8db 100644
--- a/commandline/pom.xml
+++ b/commandline/pom.xml
@@ -6,7 +6,7 @@
 	<parent>
 		<groupId>gov.cms.qpp.conversion</groupId>
 		<artifactId>qpp-conversion-tool-parent</artifactId>
-		<version>2025.07.31.01-RELEASE</version>
+		<version>2025.08.13.01-RELEASE</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 
diff --git a/commons/pom.xml b/commons/pom.xml
index fd511e2bc..b356eb476 100644
--- a/commons/pom.xml
+++ b/commons/pom.xml
@@ -6,7 +6,7 @@
 	<parent>
 		<groupId>gov.cms.qpp.conversion</groupId>
 		<artifactId>qpp-conversion-tool-parent</artifactId>
-		<version>2025.07.31.01-RELEASE</version>
+		<version>2025.08.13.01-RELEASE</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 
diff --git a/converter/pom.xml b/converter/pom.xml
index f07e6d615..5458fd6f3 100644
--- a/converter/pom.xml
+++ b/converter/pom.xml
@@ -6,7 +6,7 @@
 	<parent>
 		<groupId>gov.cms.qpp.conversion</groupId>
 		<artifactId>qpp-conversion-tool-parent</artifactId>
-		<version>2025.07.31.01-RELEASE</version>
+		<version>2025.08.13.01-RELEASE</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 
@@ -170,7 +170,7 @@
 		<dependency>
 			<groupId>gov.cms.qpp.conversion</groupId>
 			<artifactId>commons</artifactId>
-			<version>2025.07.31.01-RELEASE</version>
+			<version>2025.08.13.01-RELEASE</version>
 			<scope>compile</scope>
 		</dependency>
 
diff --git a/generate-race-cpcplus/pom.xml b/generate-race-cpcplus/pom.xml
index db3824319..8597c56ba 100644
--- a/generate-race-cpcplus/pom.xml
+++ b/generate-race-cpcplus/pom.xml
@@ -5,7 +5,7 @@
 	<parent>
 		<artifactId>qpp-conversion-tool-parent</artifactId>
 		<groupId>gov.cms.qpp.conversion</groupId>
-		<version>2025.07.31.01-RELEASE</version>
+		<version>2025.08.13.01-RELEASE</version>
 		<relativePath>../</relativePath>
 	</parent>
 	<modelVersion>4.0.0</modelVersion>
diff --git a/generate/pom.xml b/generate/pom.xml
index 8adae6155..2ac6c44dc 100644
--- a/generate/pom.xml
+++ b/generate/pom.xml
@@ -5,7 +5,7 @@
     <parent>
         <artifactId>qpp-conversion-tool-parent</artifactId>
         <groupId>gov.cms.qpp.conversion</groupId>
-        <version>2025.07.31.01-RELEASE</version>
+        <version>2025.08.13.01-RELEASE</version>
 		<relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/pom.xml b/pom.xml
index 1df6dab9c..535ce9588 100644
--- a/pom.xml
+++ b/pom.xml
@@ -6,7 +6,7 @@
 	<groupId>gov.cms.qpp.conversion</groupId>
 	<artifactId>qpp-conversion-tool-parent</artifactId>
 	<packaging>pom</packaging>
-	<version>2025.07.31.01-RELEASE</version>
+	<version>2025.08.13.01-RELEASE</version>
 	<name>QPP Conversion Tool</name>
 
 	<properties>
diff --git a/qrda3-update-measures/pom.xml b/qrda3-update-measures/pom.xml
index 4edbfd33a..b340177b9 100644
--- a/qrda3-update-measures/pom.xml
+++ b/qrda3-update-measures/pom.xml
@@ -3,7 +3,7 @@
 	<parent>
 		<artifactId>qpp-conversion-tool-parent</artifactId>
 		<groupId>gov.cms.qpp.conversion</groupId>
-		<version>2025.07.31.01-RELEASE</version>
+		<version>2025.08.13.01-RELEASE</version>
 		<relativePath>../</relativePath>
 	</parent>
 
diff --git a/rest-api/pom.xml b/rest-api/pom.xml
index 2d4ce5e75..8a14ca732 100644
--- a/rest-api/pom.xml
+++ b/rest-api/pom.xml
@@ -6,7 +6,7 @@
 	<parent>
 		<groupId>gov.cms.qpp.conversion</groupId>
 		<artifactId>qpp-conversion-tool-parent</artifactId>
-		<version>2025.07.31.01-RELEASE</version>
+		<version>2025.08.13.01-RELEASE</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 
diff --git a/test-commons/pom.xml b/test-commons/pom.xml
index 511087c14..a385950df 100644
--- a/test-commons/pom.xml
+++ b/test-commons/pom.xml
@@ -6,7 +6,7 @@
 	<parent>
 		<groupId>gov.cms.qpp.conversion</groupId>
 		<artifactId>qpp-conversion-tool-parent</artifactId>
-		<version>2025.07.31.01-RELEASE</version>
+		<version>2025.08.13.01-RELEASE</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 
diff --git a/test-coverage/pom.xml b/test-coverage/pom.xml
index d74150f83..d2ed13f95 100644
--- a/test-coverage/pom.xml
+++ b/test-coverage/pom.xml
@@ -6,7 +6,7 @@
 	<parent>
 		<groupId>gov.cms.qpp.conversion</groupId>
 		<artifactId>qpp-conversion-tool-parent</artifactId>
-		<version>2025.07.31.01-RELEASE</version>
+		<version>2025.08.13.01-RELEASE</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>