[fix][*][*]: update deps versions to avoid the vulnerabilities

zouxyan · zouxyan · commit a34cc2beb086 · 2024-03-13T10:57:38.000+08:00
diff --git a/pom.xml b/pom.xml
@@ -5,7 +5,7 @@
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>2.7.16</version>
+        <version>2.7.18</version>
         <relativePath/>
     </parent>
     <packaging>pom</packaging>
@@ -20,22 +20,24 @@
     <properties>
         <java.version>8</java.version>
         <pluginserver.version>0.2.2</pluginserver.version>
-        <grpc-starter.version>2.13.1.RELEASE</grpc-starter.version>
+        <grpc-starter.version>2.15.0.RELEASE</grpc-starter.version>
         <netty-tcnative-boringssl-static.version>2.0.59.Final</netty-tcnative-boringssl-static.version>
         <protobuf.version>3.19.1</protobuf.version>
         <protobuf-plugin.version>0.6.1</protobuf-plugin.version>
-        <grpc.version>1.42.2</grpc.version>
+        <grpc.version>1.62.2</grpc.version>
         <jakarta.annotation-api.version>1.3.5</jakarta.annotation-api.version>
         <junit.version>4.13.2</junit.version>
         <antchain-bridge.sdk.version>0.2.1</antchain-bridge.sdk.version>
         <jline.version>3.3.0</jline.version>
         <groovy.version>3.0.17</groovy.version>
         <commons-cli.version>1.5.0</commons-cli.version>
-        <hutool.version>5.8.10</hutool.version>
+        <hutool.version>5.8.26</hutool.version>
         <fastjson.version>1.2.83_noneautotype</fastjson.version>
-        <pf4j.version>3.8.0</pf4j.version>
+        <pf4j.version>3.10.0</pf4j.version>
         <slf4j.version>1.7.28</slf4j.version>
         <jetty.alpnAgent.version>2.0.0</jetty.alpnAgent.version>
+        <snake.yaml.version>2.2</snake.yaml.version>
+        <logback.classic.version>1.2.13</logback.classic.version>
         <jetty.alpnAgent.path>${settings.localRepository}/org/mortbay/jetty/alpn/jetty-alpn-agent/${jetty.alpnAgent.version}/jetty-alpn-agent-${jetty.alpnAgent.version}.jar</jetty.alpnAgent.path>
     </properties>
 
@@ -68,6 +70,26 @@
                 <artifactId>netty-tcnative-boringssl-static</artifactId>
                 <version>${netty-tcnative-boringssl-static.version}</version>
             </dependency>
+            <dependency>
+                <groupId>io.grpc</groupId>
+                <artifactId>grpc-core</artifactId>
+                <version>${grpc.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>io.grpc</groupId>
+                <artifactId>grpc-inprocess</artifactId>
+                <version>${grpc.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>io.grpc</groupId>
+                <artifactId>grpc-services</artifactId>
+                <version>${grpc.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>io.grpc</groupId>
+                <artifactId>grpc-api</artifactId>
+                <version>${grpc.version}</version>
+            </dependency>
             <dependency>
                 <groupId>io.grpc</groupId>
                 <artifactId>grpc-netty-shaded</artifactId>
@@ -170,9 +192,41 @@
     </dependencyManagement>
 
     <dependencies>
+        <dependency>
+            <groupId>org.yaml</groupId>
+            <artifactId>snakeyaml</artifactId>
+            <version>${snake.yaml.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>ch.qos.logback</groupId>
+            <artifactId>logback-core</artifactId>
+            <version>${logback.classic.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>ch.qos.logback</groupId>
+            <artifactId>logback-classic</artifactId>
+            <version>${logback.classic.version}</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>ch.qos.logback</groupId>
+                    <artifactId>logback-core</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.yaml</groupId>
+                    <artifactId>snakeyaml</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>ch.qos.logback</groupId>
+                    <artifactId>logback-classic</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>org.projectlombok</groupId>
