upgrade spring libraries

2548536a · Joze RIHTARSIC · 7b1a744d · 2548536a · 2548536a
Commit 2548536a authored 1 year ago by Joze RIHTARSIC
--- a/owasp-false-positive-warnings.xml
+++ b/owasp-false-positive-warnings.xml
@@ -2,7 +2,7 @@
 <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
    <suppress>
        <notes><![CDATA[
-   file name: spring-security-crypto-5.8.2.jar
+   file name: spring-security-crypto-5.8.*.jar
   ]]></notes>
        <packageUrl regex="true">^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$</packageUrl>
        <vulnerabilityName>CVE-2020-5408</vulnerabilityName>
@@ -10,7 +10,7 @@
    </suppress>
    <suppress>
        <notes><![CDATA[
-   file name: spring-web-5.3.26.jar
+   file name: spring-web-5.3.*.jar
   ]]></notes>
        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-(web|core)@.*$</packageUrl>
        <cve>CVE-2016-1000027</cve>
@@ -18,9 +18,8 @@
    </suppress>
    <suppress>
        <notes><![CDATA[
-   file name: smp.war: spring-core-5.3.26.jar
+   file name: smp.war: spring-core-5.3.*.jar
   ]]></notes>
-        <sha1>81f0f0bbba14ca6e17d52f0b1c7d52da8c4da098</sha1>
        <cve>CVE-2016-1000027</cve>
    </suppress>
    <suppress>

--- a/pom.xml
+++ b/pom.xml
@@ -86,10 +86,10 @@
        <servlet-api.version>3.0.1</servlet-api.version>
        <slf4j.version>1.7.36</slf4j.version>
        <spring-modules-jakarta-commons.version>0.8</spring-modules-jakarta-commons.version>
-        <spring-boot.version>2.7.10</spring-boot.version>
-        <spring-boot.tomcat.version>9.0.73</spring-boot.tomcat.version>
-        <spring.security.version>5.8.2</spring.security.version>
-        <spring.version>5.3.26</spring.version>
+        <spring-boot.version>2.7.11</spring-boot.version>
+        <spring-boot.tomcat.version>9.0.74</spring-boot.tomcat.version>
+        <spring.security.version>5.8.3</spring.security.version>
+        <spring.version>5.3.27</spring.version>
        <xmlunit.version>2.9.0</xmlunit.version>

        <!-- plugins -->
@@ -814,7 +814,7 @@
                    <plugin>
                        <groupId>org.owasp</groupId>
                        <artifactId>dependency-check-maven</artifactId>
-                        <version>8.1.2</version>
+                        <version>8.2.1</version>
                        <inherited>false</inherited>
                        <configuration>
                            <skipProvidedScope>true</skipProvidedScope>