Skip to content

Commit 7dee272

Browse files
emilie-robichaudemilie-robichaud
committed
Upgrade dependencies and add dependency management for transitive vulnerable dependencies
1 parent cc09db5 commit 7dee272

File tree

9 files changed

+477
-36
lines changed

9 files changed

+477
-36
lines changed

spring-boot-with-admin/admin/pom.xml

Lines changed: 164 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -35,19 +35,180 @@
3535
<maven.compiler.source>11</maven.compiler.source>
3636
<maven.compiler.target>11</maven.compiler.target>
3737

38-
<spring-boot-admin.version>2.6.7</spring-boot-admin.version>
39-
<spring-cloud.version>3.1.2</spring-cloud.version>
38+
<spring-boot-admin.version>3.4.5</spring-boot-admin.version>
39+
<spring-cloud.version>4.2.1</spring-cloud.version>
4040
</properties>
4141

4242
<dependencyManagement>
4343
<dependencies>
4444
<dependency>
4545
<groupId>org.springframework.boot</groupId>
4646
<artifactId>spring-boot-starter-parent</artifactId>
47-
<version>2.6.7</version>
47+
<version>3.4.4</version>
4848
<type>pom</type>
4949
<scope>import</scope>
5050
</dependency>
51+
<!-- Vulnerabilities from spring-admin-starter-server -->
52+
<dependency>
53+
<groupId>org.springframework</groupId>
54+
<artifactId>spring-web</artifactId>
55+
<version>7.0.0-M4</version>
56+
</dependency>
57+
<dependency>
58+
<groupId>io.netty</groupId>
59+
<artifactId>netty-common</artifactId>
60+
<version>5.0.0.Alpha2</version>
61+
</dependency>
62+
<dependency>
63+
<groupId>io.netty</groupId>
64+
<artifactId>netty-handler</artifactId>
65+
<version>5.0.0.Alpha2</version>
66+
</dependency>
67+
<dependency>
68+
<groupId>io.netty</groupId>
69+
<artifactId>netty-codec-http</artifactId>
70+
<version>5.0.0.Alpha2</version>
71+
</dependency>
72+
<dependency>
73+
<groupId>io.netty</groupId>
74+
<artifactId>netty-codec-http2</artifactId>
75+
<version>5.0.0.Alpha2</version>
76+
</dependency>
77+
<dependency>
78+
<groupId>io.projectreactor.netty</groupId>
79+
<artifactId>reactor-netty-core</artifactId>
80+
<version>1.3.0-M2</version>
81+
</dependency>
82+
<dependency>
83+
<groupId>io.projectreactor.netty</groupId>
84+
<artifactId>reactor-netty-http</artifactId>
85+
<version>1.3.0-M2</version>
86+
</dependency>
87+
<dependency>
88+
<groupId>org.springframework</groupId>
89+
<artifactId>spring-beans</artifactId>
90+
<version>7.0.0-M4</version>
91+
</dependency>
92+
<dependency>
93+
<groupId>org.springframework.boot</groupId>
94+
<artifactId>spring-boot-autoconfigure</artifactId>
95+
<version>3.4.4</version>
96+
</dependency>
97+
<dependency>
98+
<groupId>org.springframework</groupId>
99+
<artifactId>spring-webflux</artifactId>
100+
<version>7.0.0-M4</version>
101+
</dependency>
102+
<dependency>
103+
<groupId>org.springframework.boot</groupId>
104+
<artifactId>spring-boot-actuator</artifactId>
105+
<version>3.4.4</version>
106+
</dependency>
107+
<dependency>
108+
<groupId>org.springframework.boot</groupId>
109+
<artifactId>spring-boot-actuator-autoconfigure</artifactId>
110+
<version>3.4.4</version>
111+
</dependency>
112+
<dependency>
113+
<groupId>com.fasterxml.jackson.core</groupId>
114+
<artifactId>jackson-databind</artifactId>
115+
<version>2.19.0-rc2</version>
116+
</dependency>
117+
<!-- Vulnerabilities from spring-boot-starter-security -->
118+
<dependency>
119+
<groupId>org.springframework</groupId>
120+
<artifactId>spring-context</artifactId>
121+
<version>7.0.0-M4</version>
122+
</dependency>
123+
<dependency>
124+
<groupId>ch.qos.logback</groupId>
125+
<artifactId>logback-core</artifactId>
126+
<version>1.5.18</version>
127+
</dependency>
128+
<dependency>
129+
<groupId>ch.qos.logback</groupId>
130+
<artifactId>logback-classic</artifactId>
131+
<version>1.5.18</version>
132+
</dependency>
133+
<dependency>
134+
<groupId>org.yaml</groupId>
135+
<artifactId>snakeyaml</artifactId>
136+
<version>2.4</version>
137+
</dependency>
138+
<dependency>
139+
<groupId>org.springframework.security</groupId>
140+
<artifactId>spring-security-crypto</artifactId>
141+
<version>6.4.5</version>
142+
</dependency>
143+
<dependency>
144+
<groupId>org.springframework</groupId>
145+
<artifactId>spring-expression</artifactId>
146+
<version>7.0.0-M4</version>
147+
</dependency>
148+
<dependency>
149+
<groupId>org.springframework.security</groupId>
150+
<artifactId>spring-security-core</artifactId>
151+
<version>6.4.5</version>
152+
</dependency>
153+
<dependency>
154+
<groupId>org.springframework.security</groupId>
155+
<artifactId>spring-security-config</artifactId>
156+
<version>6.4.5</version>
157+
</dependency>
158+
<dependency>
159+
<groupId>org.springframework.security</groupId>
160+
<artifactId>spring-security-web</artifactId>
161+
<version>6.4.5</version>
162+
</dependency>
163+
<!-- Vulnerabilities from spring-boot-starter-web -->
164+
<dependency>
165+
<groupId>org.apache.tomcat.embed</groupId>
166+
<artifactId>tomcat-embed-core</artifactId>
167+
<version>11.0.6</version>
168+
</dependency>
169+
<dependency>
170+
<groupId>org.apache.tomcat.embed</groupId>
171+
<artifactId>tomcat-embed-websocket</artifactId>
172+
<version>11.0.6</version>
173+
</dependency>
174+
<dependency>
175+
<groupId>org.springframework</groupId>
176+
<artifactId>spring-webmvc</artifactId>
177+
<version>7.0.0-M4</version>
178+
</dependency>
179+
<!-- Vulnerabilities from spring-cloud-starter-netflix-eureka-client -->
180+
<dependency>
181+
<groupId>com.thoughtworks.xstream</groupId>
182+
<artifactId>xstream</artifactId>
183+
<version>1.4.21</version>
184+
</dependency>
185+
<dependency>
186+
<groupId>com.google.guava</groupId>
187+
<artifactId>guava</artifactId>
188+
<version>33.4.8-jre</version>
189+
</dependency>
190+
<dependency>
191+
<groupId>org.apache.httpcomponents</groupId>
192+
<artifactId>httpclient</artifactId>
193+
<version>4.5.14</version>
194+
</dependency>
195+
<!-- Vulnerabilities from spring-boot-starter-test -->
196+
<dependency>
197+
<groupId>com.jayway.jsonpath</groupId>
198+
<artifactId>json-path</artifactId>
199+
<version>2.9.0</version>
200+
</dependency>
201+
<dependency>
202+
<groupId>net.minidev</groupId>
203+
<artifactId>json-smart</artifactId>
204+
<version>2.5.2</version>
205+
</dependency>
206+
<dependency>
207+
<groupId>org.xmlunit</groupId>
208+
<artifactId>xmlunit-core</artifactId>
209+
<version>2.10.0</version>
210+
<scope>test</scope>
211+
</dependency>
51212
</dependencies>
52213
</dependencyManagement>
53214

spring-boot-with-admin/notification/pom.xml

Lines changed: 151 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -35,9 +35,9 @@
3535
<maven.compiler.source>11</maven.compiler.source>
3636
<maven.compiler.target>11</maven.compiler.target>
3737

38-
<log4j2.version>2.17.1</log4j2.version>
39-
<spring-cloud.version>2021.0.0</spring-cloud.version>
40-
<swagger2.version>2.6.0</swagger2.version>
38+
<log4j2.version>3.0.0-beta3</log4j2.version>
39+
<spring-cloud.version>2024.0.1</spring-cloud.version>
40+
<swagger2.version>3.0.0</swagger2.version>
4141
</properties>
4242

4343
<dependencyManagement>
@@ -52,7 +52,7 @@
5252
<dependency>
5353
<groupId>org.springframework.boot</groupId>
5454
<artifactId>spring-boot-starter-parent</artifactId>
55-
<version>2.6.3</version>
55+
<version>3.4.4</version>
5656
<type>pom</type>
5757
<scope>import</scope>
5858
</dependency>
@@ -63,6 +63,152 @@
6363
<type>pom</type>
6464
<scope>import</scope>
6565
</dependency>
66+
<!-- Vulnerabilities from spring-cloud-starter-netflix-eureka-client -->
67+
<dependency>
68+
<groupId>com.thoughtworks.xstream</groupId>
69+
<artifactId>xstream</artifactId>
70+
<version>1.4.21</version>
71+
</dependency>
72+
<dependency>
73+
<groupId>com.google.guava</groupId>
74+
<artifactId>guava</artifactId>
75+
<version>33.4.8-jre</version>
76+
</dependency>
77+
<dependency>
78+
<groupId>org.springframework.security</groupId>
79+
<artifactId>spring-security-crypto</artifactId>
80+
<version>6.4.5</version>
81+
</dependency>
82+
<dependency>
83+
<groupId>com.fasterxml.jackson.core</groupId>
84+
<artifactId>jackson-databind</artifactId>
85+
<version>2.19.0-rc2</version>
86+
</dependency>
87+
<dependency>
88+
<groupId>org.springframework</groupId>
89+
<artifactId>spring-beans</artifactId>
90+
<version>7.0.0-M4</version>
91+
</dependency>
92+
<dependency>
93+
<groupId>org.springframework</groupId>
94+
<artifactId>spring-context</artifactId>
95+
<version>7.0.0-M4</version>
96+
</dependency>
97+
<dependency>
98+
<groupId>org.apache.httpcomponents</groupId>
99+
<artifactId>httpclient</artifactId>
100+
<version>4.5.14</version>
101+
</dependency>
102+
<!-- Vulnerabilities from spring-boot-starter-web -->
103+
<dependency>
104+
<groupId>org.springframework.boot</groupId>
105+
<artifactId>spring-boot-starter-web</artifactId>
106+
<version>3.4.4</version>
107+
</dependency>
108+
<dependency>
109+
<groupId>org.apache.tomcat.embed</groupId>
110+
<artifactId>tomcat-embed-core</artifactId>
111+
<version>11.0.6</version>
112+
</dependency>
113+
<dependency>
114+
<groupId>org.apache.tomcat.embed</groupId>
115+
<artifactId>tomcat-embed-websocket</artifactId>
116+
<version>11.0.6</version>
117+
</dependency>
118+
<dependency>
119+
<groupId>org.springframework</groupId>
120+
<artifactId>spring-webmvc</artifactId>
121+
<version>7.0.0-M4</version>
122+
</dependency>
123+
<dependency>
124+
<groupId>org.yaml</groupId>
125+
<artifactId>snakeyaml</artifactId>
126+
<version>2.4</version>
127+
</dependency>
128+
<dependency>
129+
<groupId>org.springframework.boot</groupId>
130+
<artifactId>spring-boot-autoconfigure</artifactId>
131+
<version>3.4.4</version>
132+
</dependency>
133+
<dependency>
134+
<groupId>org.springframework</groupId>
135+
<artifactId>spring-web</artifactId>
136+
<version>7.0.0-M4</version>
137+
</dependency>
138+
<dependency>
139+
<groupId>org.springframework</groupId>
140+
<artifactId>spring-expression</artifactId>
141+
<version>7.0.0-M4</version>
142+
</dependency>
143+
<!-- Vulnerabilities from spring-boot-starter-actuator -->
144+
<dependency>
145+
<groupId>org.springframework.boot</groupId>
146+
<artifactId>spring-boot-actuator</artifactId>
147+
<version>3.4.4</version>
148+
</dependency>
149+
<dependency>
150+
<groupId>org.springframework.boot</groupId>
151+
<artifactId>spring-boot-actuator-autoconfigure</artifactId>
152+
<version>3.4.4</version>
153+
</dependency>
154+
<!-- Vulnerabilities from spring-boot-starter-webflux -->
155+
<dependency>
156+
<groupId>io.netty</groupId>
157+
<artifactId>netty-common</artifactId>
158+
<version>5.0.0.Alpha2</version>
159+
</dependency>
160+
<dependency>
161+
<groupId>io.netty</groupId>
162+
<artifactId>netty-handler</artifactId>
163+
<version>5.0.0.Alpha2</version>
164+
</dependency>
165+
<dependency>
166+
<groupId>io.netty</groupId>
167+
<artifactId>netty-codec-http</artifactId>
168+
<version>5.0.0.Alpha2</version>
169+
</dependency>
170+
<dependency>
171+
<groupId>io.netty</groupId>
172+
<artifactId>netty-codec-http2</artifactId>
173+
<version>5.0.0.Alpha2</version>
174+
</dependency>
175+
<dependency>
176+
<groupId>io.projectreactor.netty</groupId>
177+
<artifactId>reactor-netty-core</artifactId>
178+
<version>1.3.0-M2</version>
179+
</dependency>
180+
<dependency>
181+
<groupId>io.projectreactor.netty</groupId>
182+
<artifactId>reactor-netty-http</artifactId>
183+
<version>1.3.0-M2</version>
184+
</dependency>
185+
<dependency>
186+
<groupId>org.springframework</groupId>
187+
<artifactId>spring-webflux</artifactId>
188+
<version>7.0.0-M4</version>
189+
</dependency>
190+
<dependency>
191+
<groupId>org.springframework.boot</groupId>
192+
<artifactId>spring-boot-starter-webflux</artifactId>
193+
<version>3.4.4</version>
194+
</dependency>
195+
<!-- Vulnerabilities from spring-boot-starter-test -->
196+
<dependency>
197+
<groupId>com.jayway.jsonpath</groupId>
198+
<artifactId>json-path</artifactId>
199+
<version>2.9.0</version>
200+
</dependency>
201+
<dependency>
202+
<groupId>net.minidev</groupId>
203+
<artifactId>json-smart</artifactId>
204+
<version>2.5.2</version>
205+
</dependency>
206+
<dependency>
207+
<groupId>org.xmlunit</groupId>
208+
<artifactId>xmlunit-core</artifactId>
209+
<version>2.10.0</version>
210+
<scope>test</scope>
211+
</dependency>
66212
</dependencies>
67213
</dependencyManagement>
68214
<dependencies>
@@ -107,7 +253,7 @@
107253
<groupId>io.projectreactor</groupId>
108254
<artifactId>reactor-test</artifactId>
109255
<scope>test</scope>
110-
<version>3.4.18</version>
256+
<version>3.8.0-M2</version>
111257
</dependency>
112258

113259
</dependencies>

spring-boot-with-admin/pom.xml

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -49,4 +49,24 @@
4949
<module>notification</module>
5050
</modules>
5151

52+
<dependencyManagement>
53+
<dependencies>
54+
<dependency>
55+
<groupId>com.thoughtworks.xstream</groupId>
56+
<artifactId>xstream</artifactId>
57+
<version>1.4.21</version>
58+
</dependency>
59+
<dependency>
60+
<groupId>org.apache.httpcomponents</groupId>
61+
<artifactId>httpclient</artifactId>
62+
<version>4.5.14</version>
63+
</dependency>
64+
<dependency>
65+
<groupId>com.google.guava</groupId>
66+
<artifactId>guava</artifactId>
67+
<version>33.4.8-jre</version>
68+
</dependency>
69+
</dependencies>
70+
</dependencyManagement>
71+
5272
</project>

0 commit comments

Comments
 (0)