[EDELIVERY-13982] upgrade libraries

58acf23e · Joze RIHTARSIC · eca83584 · 58acf23e · 58acf23e · 58acf23e
Commit 58acf23e authored 5 months ago by Joze RIHTARSIC
--- a/owasp-false-positive-warnings.xml
+++ b/owasp-false-positive-warnings.xml
@@ -92,4 +92,23 @@
        <packageUrl regex="true">^pkg:maven/joda\-time/joda\-time@.*$</packageUrl>
        <vulnerabilityName>CVE-2024-23080</vulnerabilityName>
    </suppress>
+    <suppress>
+        <notes><![CDATA[
+   file name: protobuf-java-3.25.1.jar
+   This is the transitive library of the mysql-connector-j:jar:8.4.0: Check if this is needed when using Mysql-connector-java is upgrades.
+   The is added only for the spring boot demo module which is used only for the Demo and testing. Final smp.war artefact does not include this library.
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/com\.google\.protobuf/protobuf-java@.*$</packageUrl>
+        <vulnerabilityName>CVE-2024-7254</vulnerabilityName>
+    </suppress>
+
+    <suppress>
+        <notes><![CDATA[
+   file name: spring-webmvc-5.3.39.jar
+    The vulnerability is not exploitable by SMP usage of the library.
+    The application does not serve static resources through the functional web frameworks WebMvc.fn or WebFlux.
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring-webmvc@.*$</packageUrl>
+        <vulnerabilityName>CVE-2024-38816</vulnerabilityName>
+    </suppress>
 </suppressions>
--- a/pom.xml
+++ b/pom.xml
@@ -57,7 +57,7 @@ See the Licence for the specific language governing permissions and limitations
        <bdmsl-api.version>4.3</bdmsl-api.version>
        <!-- plugin versions -->
        <maven-enforcer-plugin.version>3.4.1</maven-enforcer-plugin.version>
-        <plugin.dependency-check-maven.version>10.0.1</plugin.dependency-check-maven.version>
+        <plugin.dependency-check-maven.version>10.0.4</plugin.dependency-check-maven.version>
        <plugin.jacoco-maven-plugin.version>0.8.11</plugin.jacoco-maven-plugin.version>
        <plugin.license-maven-plugin.version>2.4.0</plugin.license-maven-plugin.version>
        <plugin.maven-antrun-plugin.version>3.1.0</plugin.maven-antrun-plugin.version>
@@ -72,16 +72,16 @@ See the Licence for the specific language governing permissions and limitations
        <plugin.maven-surefire-plugin.version>3.2.2</plugin.maven-surefire-plugin.version>
        <plugin.maven-war-plugin.version>3.4.0</plugin.maven-war-plugin.version>

-        <aspectj.version>1.9.22</aspectj.version>
+        <aspectj.version>1.9.22.1</aspectj.version>
        <commons-beanutils.version>1.9.4</commons-beanutils.version>
        <commons-collections.version>3.2.2</commons-collections.version>
-        <commons-io.version>2.15.1</commons-io.version>
-        <commons-lang3.version>3.14.0</commons-lang3.version>
+        <commons-io.version>2.17.0</commons-io.version>
+        <commons-lang3.version>3.17.0</commons-lang3.version>
        <commons-fileupload.version>1.5</commons-fileupload.version>
-        <commons-net.version>3.10.0</commons-net.version>
-        <commons-validator.version>1.8.0</commons-validator.version>
-        <cxf-xjc-runtime.version>3.3.2</cxf-xjc-runtime.version>
-        <cxf.version>3.5.8</cxf.version>
+        <commons-net.version>3.11.1</commons-net.version>
+        <commons-validator.version>1.9.0</commons-validator.version>
+        <cxf-xjc-runtime.version>3.3.4</cxf-xjc-runtime.version>
+        <cxf.version>3.5.9</cxf.version>
        <ehcache.version>3.10.8</ehcache.version>
        <h2.version>2.2.224</h2.version>
        <hamcrest.version>2.2</hamcrest.version>
@@ -89,30 +89,30 @@ See the Licence for the specific language governing permissions and limitations
        <hibernate.validator.version>7.0.5.Final</hibernate.validator.version>
        <hibernate.version>5.6.15.Final</hibernate.version>
        <httpclient.version>4.5.14</httpclient.version>
-        <jackson.version>2.17.0</jackson.version>
+        <jackson.version>2.17.2</jackson.version>
        <javaee-api.version>7.0</javaee-api.version>
        <javax.annotation.version>1.3.2</javax.annotation.version>
        <javax.mail.version>1.6.2</javax.mail.version>
        <jaxb2-basics.version>1.11.1</jaxb2-basics.version>
        <org.glassfish.jaxb.jaxb-runtime.version>2.3.9</org.glassfish.jaxb.jaxb-runtime.version>
        <jakarta.xml.bind-api.version>2.3.3</jakarta.xml.bind-api.version>
-        <junit-jupiter.version>5.10.2</junit-jupiter.version>
+        <junit-jupiter.version>5.11.0</junit-jupiter.version>
        <junit-platform-surefire-provider.version>1.3.2</junit-platform-surefire-provider.version>
        <junitparams.version>1.1.1</junitparams.version>
        <!-- Use logback 1.2.x because is the one used by springboot 5.7. Changing to 1.3+ will break springboot logging. -->
        <slf4j.version>1.7.36</slf4j.version>
        <logback.version>1.2.13</logback.version>
-        <mysql.jdbc.version>8.3.0</mysql.jdbc.version>
+        <mysql.jdbc.version>8.4.0</mysql.jdbc.version>
        <metro.version>2.2.1-1</metro.version>
        <mockito.version>4.11.0</mockito.version>
        <jakarta.servlet-api.version>4.0.2</jakarta.servlet-api.version>

        <spring-modules-jakarta-commons.version>0.8</spring-modules-jakarta-commons.version>
        <spring-boot.version>2.7.18</spring-boot.version>
-        <spring-boot.tomcat.version>9.0.88</spring-boot.tomcat.version>
-        <spring.security.version>5.8.12</spring.security.version>
-        <spring.version>5.3.36</spring.version>
-        <xmlunit.version>2.9.1</xmlunit.version>
+        <spring-boot.tomcat.version>9.0.95</spring-boot.tomcat.version>
+        <spring.security.version>5.8.14</spring.security.version>
+        <spring.version>5.3.39</spring.version>
+        <xmlunit.version>2.10.0</xmlunit.version>

        <!-- plugins -->
        <plugin.frontend-maven-plugin.version>1.15.0</plugin.frontend-maven-plugin.version>

--- a/smp-angular/package-lock.json
+++ b/smp-angular/package-lock.json