CVE-2024-30172: fix security vulnerability (#807)

* CVE-2024-30172: fix security vulnerability * update spring version to latest
finos · Oct 18, 2024 · a709743 · a709743
1 parent 78af75a
commit a709743
Showing 1 changed file with 11 additions and 11 deletions.
diff --git a/symphony-bdk-bom/build.gradle b/symphony-bdk-bom/build.gradle
@@ -16,13 +16,13 @@ repositories {
 
 dependencies {
     // import Spring Boot's BOM
-    api platform('org.springframework.boot:spring-boot-dependencies:3.2.4')
+    api platform('org.springframework.boot:spring-boot-dependencies:3.3.4')
     // import Jackson's BOM
-    api platform('com.fasterxml.jackson:jackson-bom:2.16.0')
+    api platform('com.fasterxml.jackson:jackson-bom:2.18.0')
     // import Jersey's BOM
-    api platform('org.glassfish.jersey:jersey-bom:3.1.5')
+    api platform('org.glassfish.jersey:jersey-bom:3.1.9')
     // import Log4j's BOM
-    api platform('org.apache.logging.log4j:log4j-bom:2.22.0')
+    api platform('org.apache.logging.log4j:log4j-bom:2.24.1')
 
     // define all our dependencies versions
     constraints {
@@ -48,15 +48,15 @@ dependencies {
         api 'org.slf4j:slf4j-api:2.0.9'
         api 'org.slf4j:slf4j-log4j12:2.0.9'
 
-        api 'commons-io:commons-io:2.15.1'
-        api 'commons-codec:commons-codec:1.16.0'
+        api 'commons-io:commons-io:2.17.0'
+        api 'commons-codec:commons-codec:1.17.1'
         api 'commons-beanutils:commons-beanutils:1.9.4'
-        api 'org.apache.commons:commons-lang3:3.14.0'
-        api 'org.apache.commons:commons-text:1.11.0'
-        api 'commons-logging:commons-logging:1.3.0'
+        api 'org.apache.commons:commons-lang3:3.17.0'
+        api 'org.apache.commons:commons-text:1.12.0'
+        api 'commons-logging:commons-logging:1.3.4'
         api 'com.brsanthu:migbase64:2.2'
         api 'io.jsonwebtoken:jjwt:0.9.1'
-        api 'org.bouncycastle:bcpkix-jdk18on:1.77'
+        api 'org.bouncycastle:bcpkix-jdk18on:1.78'
         api 'com.google.code.findbugs:jsr305:3.0.2'
 
         api 'io.github.resilience4j:resilience4j-retry:2.2.0'
@@ -66,7 +66,7 @@ dependencies {
 
         api 'org.projectreactor:reactor-spring:1.0.1.RELEASE'
 
-        api 'org.freemarker:freemarker:2.3.32'
+        api 'org.freemarker:freemarker:2.3.33'
         api 'com.github.jknack:handlebars:4.3.1'
         api 'org.reflections:reflections:0.10.2'