[Improvement][Seatunnel-web] dom4j-1.6.1.jar has multiple CVEs, updat…

…e the versions-maven-plugin version to avoid downloading the vulnerable version (#209)
apache · Sep 9, 2024 · ee671d3 · ee671d3
1 parent 70e526a
commit ee671d3
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/pom.xml b/pom.xml
@@ -86,6 +86,7 @@
         <flatten-maven-plugin.version>1.3.0</flatten-maven-plugin.version>
         <maven-remote-resources-plugin.version>3.2.0</maven-remote-resources-plugin.version>
         <maven-site-plugin.version>4.0.0-M16</maven-site-plugin.version>
+        <versions-maven-plugin.version>2.14.1</versions-maven-plugin.version>
 
         <spring-boot.version>2.6.8</spring-boot.version>
         <spring.version>5.3.20</spring.version>
@@ -1429,6 +1430,11 @@
                     <artifactId>maven-dependency-plugin</artifactId>
                     <version>${maven-dependency-plugin.version}</version>
                 </plugin>
+                <plugin>
+                    <groupId>org.codehaus.mojo</groupId>
+                    <artifactId>versions-maven-plugin</artifactId>
+                    <version>${versions-maven-plugin.version}</version>
+                </plugin>
 
                 <plugin>
                     <groupId>com.diffplug.spotless</groupId>