Merge branch 'main' into dependabot/gradle/org.junit.platform-junit-platform-launcher-1.13.4

pboos · web-flow · commit ebdf9941f70e · 2025-08-22T09:55:20.000+02:00
diff --git a/build.gradle b/build.gradle
@@ -69,7 +69,7 @@ subprojects {
 
         // Security constraints
         constraints {
-            implementation("org.springframework:spring-web:6.2.8") {
+            implementation("org.springframework:spring-web:6.2.10") {
                 because("versions below 6.2.8 have security vulnerabilities including CVE-2024-38820 - see dependabot #12")
             }
             implementation("org.apache.tomcat.embed:tomcat-embed-core:10.1.42") {
@@ -78,6 +78,12 @@ subprojects {
             implementation("org.apache.commons:commons-lang3:3.18.0") {
                 because("versions below 3.18.0 have security vulnerabilities including CVE-2025-48924 - see dependabot #15")
             }
+            implementation("io.projectreactor.netty:reactor-netty-http:1.2.9") {
+                because("versions below 1.2.8 have security vulnerabilities including CVE-2025-22227 - see dependabot #16")
+            }
+            implementation("io.netty:netty-codec-http2:4.1.124.Final") {
+                because("versions below 4.1.124.Final have security vulnerabilities including CVE-2025-55163 - see dependabot #17")
+            }
         }
     }
 
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
@@ -1,11 +1,11 @@
 [versions]
 java = "21"
-spring-boot = "3.5.3"
+spring-boot = "3.5.4"
 spring-dependency-management = "1.1.7"
-openapi-generator = "7.13.0"
+openapi-generator = "7.14.0"
 openapi-tools = "0.2.6"
-swagger = "2.2.34"
-swagger-request-validator = "2.44.9"
+swagger = "2.2.36"
+swagger-request-validator = "2.45.1"
 jakarta-validation = "3.1.1"
 lombok = "1.18.38"
 commons-codec = "1.18.0"
@@ -17,8 +17,8 @@ checkstyle = "8.44"
 pmd = "7.14.0"
 jacoco = "0.8.13"
 # Testing
-mockito = "5.18.0"
-junit-jupiter = "5.13.1"
+mockito = "5.19.0"
+junit-jupiter = "5.13.4"
 junit-platform = "1.13.4"
 
 [libraries]
diff --git a/service-provisioning.yml b/service-provisioning.yml
@@ -1,7 +1,6 @@
-version: '1'
 service:
   name: openapi-validation-java
-  type: Library
-  main_language: Java
   owner: chk
+  type: Library
   level: best effort
+  main_language: Java

Original file line number	Diff line number	Diff line change
`@@ -69,7 +69,7 @@ subprojects {`
`69`	`69`
`70`	`70`	`// Security constraints`
`71`	`71`	`constraints {`
`72`		`- implementation("org.springframework:spring-web:6.2.8") {`
	`72`	`+ implementation("org.springframework:spring-web:6.2.10") {`
`73`	`73`	`because("versions below 6.2.8 have security vulnerabilities including CVE-2024-38820 - see dependabot #12")`
`74`	`74`	`}`
`75`	`75`	`implementation("org.apache.tomcat.embed:tomcat-embed-core:10.1.42") {`
`@@ -78,6 +78,12 @@ subprojects {`
`78`	`78`	`implementation("org.apache.commons:commons-lang3:3.18.0") {`
`79`	`79`	`because("versions below 3.18.0 have security vulnerabilities including CVE-2025-48924 - see dependabot #15")`
`80`	`80`	`}`
	`81`	`+ implementation("io.projectreactor.netty:reactor-netty-http:1.2.9") {`
	`82`	`+ because("versions below 1.2.8 have security vulnerabilities including CVE-2025-22227 - see dependabot #16")`
	`83`	`+ }`
	`84`	`+ implementation("io.netty:netty-codec-http2:4.1.124.Final") {`
	`85`	`+ because("versions below 4.1.124.Final have security vulnerabilities including CVE-2025-55163 - see dependabot #17")`
	`86`	`+ }`
`81`	`87`	`}`
`82`	`88`	`}`
`83`	`89`