fix: [DevOps] Upgrading spring springframework and spring boot versions to remove vulnerabilities (#467)

* Upgrading spring springframework version to one without vulnerability

* Upgrading spring boot

* declare tomcat version

* Update sample-code/spring-app/pom.xml

---------

Co-authored-by: Roshin Rajan Panackal <[email protected]>
Co-authored-by: Alexander Dümont <[email protected]>

Author: rpanackal

pom.xml

@@ -66,7 +66,7 @@
     <checkstyle.version>10.25.0</checkstyle.version>
     <system-stubs.version>2.1.3</system-stubs.version>
     <surefire.version>3.5.3</surefire.version>
-    <springframework.version>6.2.1</springframework.version>
+    <springframework.version>6.2.8</springframework.version>
     <spring-ai.version>1.0.0-M6</spring-ai.version>
     <reactor-core.version>3.6.12</reactor-core.version>
     <dotenv-java.version>3.2.0</dotenv-java.version>

sample-code/spring-app/pom.xml

@@ -33,7 +33,7 @@
   </developers>
   <properties>
     <project.rootdir>${project.basedir}/../../</project.rootdir>
-    <spring-boot.version>3.4.5</spring-boot.version>
+    <spring-boot.version>3.5.0</spring-boot.version>
     <logback.version>1.5.18</logback.version>
     <cf-logging.version>3.8.5</cf-logging.version>
     <!-- Skip end-to-end tests by default, can be overridden with -DskipTests=false -->
@@ -44,6 +44,17 @@
     <enforcer.skipEnforceSpringAIOptional>true</enforcer.skipEnforceSpringAIOptional>
   </properties>
 
+  <dependencyManagement>
+    <!-- Temporary fix for CVE-2025-48988 -->
+    <dependencies>
+      <dependency>
+        <groupId>org.apache.tomcat.embed</groupId>
+        <artifactId>tomcat-embed-core</artifactId>
+        <version>10.1.42</version>
+      </dependency>
+    </dependencies>
+  </dependencyManagement>
+
   <dependencies>
     <!-- scope "compile" -->
     <dependency>