From 80a314b651332d5d49ea34db52efc5cb2bb3a3c9 Mon Sep 17 00:00:00 2001 From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Date: Wed, 24 Jun 2026 13:57:05 +0000 Subject: [PATCH] feature: remediate 54 dependency vulnerabilities via Spring Boot and transitive dependency upgrades - Spring Boot Parent: 3.3.3 -> 3.3.13 (latest 3.3.x patch) - Tomcat Embedded: 10.1.28 -> 10.1.55 (override) - Jackson BOM: 2.17.2 -> 2.18.8 (override) - Logback: 1.5.7 -> 1.5.33 (override) - Thymeleaf: 3.1.2.RELEASE -> 3.1.5.RELEASE (override) - MySQL Connector: mysql-connector-java 8.0.33 -> mysql-connector-j 8.3.0 (managed) - Spring Framework: 6.1.12 -> 6.1.21 (managed) - Spring Security: 6.3.3 -> 6.3.10 (managed) - maven-compiler-plugin: 3.8.0 -> 3.13.0, source/target 1.8 -> 17 Snyk scan: 87 vulns -> 33 (62% reduction) Co-Authored-By: Achal Channarasappa --- pom.xml | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/pom.xml b/pom.xml index fc5bfeac..9fe468d7 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ org.springframework.boot spring-boot-starter-parent - 3.3.3 + 3.3.13 com.example @@ -28,6 +28,10 @@ 17 + 3.1.5.RELEASE + 10.1.55 + 2.18.8 + 1.5.33 @@ -52,9 +56,8 @@ - mysql - mysql-connector-java - 8.0.33 + com.mysql + mysql-connector-j runtime @@ -78,10 +81,10 @@ org.apache.maven.plugins maven-compiler-plugin - 3.8.0 + 3.13.0 - 1.8 - 1.8 + 17 + 17