From fd112727637454135c8ec80a8455ed0b6db3e948 Mon Sep 17 00:00:00 2001
From: Fiete Ostkamp <Fiete.Ostkamp@telekom.de>
Date: Fri, 8 Nov 2024 14:23:49 +0100
Subject: Upgrade spring boot to 2.6

- upgrade spring-boot (2.5.15 -> 2.6.15)
- upgrade vulnerable guava (25 -> 33.3.1), janino (3.1.9 -> 3.1.12) and commons-configuration2 (2.0 -> 2.11.0) dependencies

Issue-ID: AAI-4048
Change-Id: I88fb4b9752bc05bdada5a8e4944b6cd0489383ce
Signed-off-by: Fiete Ostkamp <Fiete.Ostkamp@telekom.de>
---
 aai-resources/pom.xml | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

(limited to 'aai-resources/pom.xml')

diff --git a/aai-resources/pom.xml b/aai-resources/pom.xml
index 677f8a7..ddfc848 100644
--- a/aai-resources/pom.xml
+++ b/aai-resources/pom.xml
@@ -93,7 +93,7 @@
         <skipITs>true</skipITs>
 
         <swagger.version>1.6.8</swagger.version>
-        <spring-cloud.version>2020.0.6</spring-cloud.version>
+        <spring-cloud.version>2021.0.9</spring-cloud.version>
         <!-- fix the driver version to match the one defined in janusgraph-cql
             spring-boot (2.4) is otherwise downgrading it to 4.9.0 -->
         <!-- see https://github.com/spring-projects/spring-boot/blob/d336a96b7f204a398b8237560c5dfa7095c53460/spring-boot-project/spring-boot-dependencies/build.gradle#L163 -->
@@ -359,11 +359,6 @@
             <artifactId>swagger-annotations</artifactId>
             <version>${swagger.version}</version>
         </dependency>
-        <dependency>
-            <groupId>org.apache.commons</groupId>
-            <artifactId>commons-configuration2</artifactId>
-            <version>2.0</version>
-        </dependency>
         <dependency>
             <groupId>io.swagger</groupId>
             <artifactId>swagger-jersey2-jaxrs</artifactId>
@@ -423,6 +418,7 @@
         <dependency>
             <groupId>org.codehaus.janino</groupId>
             <artifactId>janino</artifactId>
+            <version>3.1.12</version>
         </dependency>
         <dependency>
             <groupId>net.logstash.logback</groupId>
@@ -500,7 +496,6 @@
         <dependency>
             <groupId>org.springframework.kafka</groupId>
             <artifactId>spring-kafka</artifactId>
-            <version>2.7.14</version>
         </dependency>
         <dependency>
             <groupId>com.jayway.jsonpath</groupId>
@@ -708,7 +703,7 @@
             <dependency>
                 <groupId>com.google.guava</groupId>
                 <artifactId>guava</artifactId>
-                <version>25.0-jre</version>
+                <version>33.3.1-jre</version>
             </dependency>
             <!-- cassandra driver -->
             <dependency>
@@ -727,6 +722,11 @@
                 <version>${datastax.native-protocol.version}</version>
             </dependency>
             <!-- /cassandra driver -->
+            <dependency>
+                <groupId>org.apache.commons</groupId>
+                <artifactId>commons-configuration2</artifactId>
+                <version>2.11.0</version>
+            </dependency>
         </dependencies>
     </dependencyManagement>
     <build>
-- 
cgit 1.2.3-korg