Skip to content

Commit 4838843

Browse files
adamsaghyadamsaghy
committed
FINERACT-2326: Upgrade dependencies
1 parent 3a59a72 commit 4838843

File tree

1 file changed

+6
-8
lines changed

1 file changed

+6
-8
lines changed

buildSrc/src/main/groovy/org.apache.fineract.dependencies.gradle

Lines changed: 6 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -63,7 +63,7 @@ dependencyManagement {
6363
exclude 'com.sun.mail:javax.mail'
6464
exclude 'javax.activation:activation'
6565
}
66-
dependency 'commons-io:commons-io:2.17.0'
66+
dependency 'commons-io:commons-io:2.18.0'
6767
dependency 'com.github.librepdf:openpdf:2.0.3'
6868
dependency ('org.mnode.ical4j:ical4j:3.2.19') {
6969
exclude 'com.sun.mail:javax.mail'
@@ -125,7 +125,6 @@ dependencyManagement {
125125

126126
dependency 'io.github.classgraph:classgraph:4.8.179'
127127
dependency 'org.awaitility:awaitility:4.2.2'
128-
// TODO: upgrade to 4.8.3
129128
dependency 'com.github.spotbugs:spotbugs-annotations:4.8.6'
130129
dependency 'javax.cache:cache-api:1.1.1'
131130
dependency 'org.mock-server:mockserver-junit-jupiter:5.15.0'
@@ -234,9 +233,6 @@ dependencyManagement {
234233
exclude 'org.slf4j:jcl-over-slf4j'
235234
exclude 'org.slf4j:slf4j-api'
236235
}
237-
238-
//v42.7.5: performance issue: https://github.com/pgjdbc/pgjdbc/issues/3511#issuecomment-2637277977
239-
//v42.7.4: CVE-2025-49146: https://nvd.nist.gov/vuln/detail/CVE-2025-49146
240236
dependency 'org.postgresql:postgresql:42.7.8'
241237

242238
dependency 'com.mysql:mysql-connector-j:9.2.0'
@@ -273,11 +269,13 @@ dependencyManagement {
273269
dependency 'org.yakworks:spring-icu4j:0.4.2'
274270
dependency 'org.apache.commons:commons-lang3:3.18.0'
275271
dependency 'com.nimbusds:nimbus-jose-jwt:10.0.2'
276-
// Force Spring Framework version: https://spring.io/security/cve-2025-41249
272+
// Force Spring Framework version: CVE-2025-41249
277273
dependency 'org.springframework:spring-core:6.2.11'
278-
// Force Spring Framework version: https://spring.io/security/cve-2025-41248
274+
// Force Spring Framework version: CVE-2025-41248
279275
dependency 'org.springframework.security:spring-security-core:6.5.4'
280-
// Force netty-codec version: https://scout.docker.com/vulnerabilities/id/CVE-2025-58057
276+
// Force netty-codec version: CVE-2025-58057
281277
dependency 'io.netty:netty-codec:4.1.125.Final'
278+
// Force netty-codec version: CVE-2025-58056
279+
dependency 'io.netty:netty-codec-http:4.1.125.Final'
282280
}
283281
}

0 commit comments

Comments
 (0)