diff --git a/.github/workflows/allow-list.xml b/.github/workflows/allow-list.xml
index 4d83aa5fa..f37a0654b 100644
--- a/.github/workflows/allow-list.xml
+++ b/.github/workflows/allow-list.xml
@@ -112,16 +112,29 @@
- We will take this on next release
+ azure-json jar is for json parsing , we dont use it
- CVE-2024-45772
+ CVE-2023-5072
+
+
+
+ javax.json jar is non vulnerable
+
+ CVE-2023-5072
- We will take this on next release
+ we are not using Microsoft Teams online service for display name
CVE-2020-10146
-
+
+
+
+ Not using file download feature with “Content-Disposition” header with a non-ASCII charset
+
+ CVE-2025-41234
+
+
diff --git a/demos/rooms-bot/pom.xml b/demos/rooms-bot/pom.xml
index fff52e3e8..467552e5a 100644
--- a/demos/rooms-bot/pom.xml
+++ b/demos/rooms-bot/pom.xml
@@ -6,7 +6,7 @@
org.finos.springbot
spring-bot
- 10.0.2
+ 10.0.2-SNAPSHOT
../../pom.xml
@@ -23,12 +23,12 @@
org.finos.springbot
symphony-bdk-chat-workflow-spring-boot-starter
- 10.0.2
+ 10.0.2-SNAPSHOT
org.finos.springbot
teams-chat-workflow-spring-boot-starter
- 10.0.2
+ 10.0.2-SNAPSHOT
diff --git a/libs/teams/teams-chat-workflow-spring-boot-starter/pom.xml b/libs/teams/teams-chat-workflow-spring-boot-starter/pom.xml
index 8ecce99d2..efb27c0f3 100644
--- a/libs/teams/teams-chat-workflow-spring-boot-starter/pom.xml
+++ b/libs/teams/teams-chat-workflow-spring-boot-starter/pom.xml
@@ -16,6 +16,9 @@
17
17
+ 12.25.3
+ 4.5.13
+ 10.1.42
@@ -24,6 +27,18 @@
chat-workflow
10.0.2-SNAPSHOT
+
+
+ com.microsoft.azure
+ msal4j
+ ${azure-msal4j.version}
+
+
+
+ org.apache.tomcat.embed
+ tomcat-embed-core
+ ${tomcat-embed-core.version}
+
@@ -32,110 +47,38 @@
${teams.version}
compile
-
+
- com.microsoft.bot
- bot-azure
- ${teams.version}
- compile
-
-
+ com.microsoft.bot
+ bot-azure
+ ${teams.version}
+ compile
+
org.json
json
-
- com.azure
- azure-storage-blob
-
-
- com.google.guava
- guava
-
-
- org.apache.httpcomponents
- httpclient
-
-
-
-
- com.microsoft.azure
- msal4j
- ${azure-msal4j.version}
-
-
-
- com.microsoft.bot
- bot-builder
- ${teams.version}
- compile
-
-
- com.squareup.okio
- okio-jvm
-
-
- com.google.guava
- guava
-
-
- com.nimbusds
- nimbus-jose-jwt
-
-
-
-
-
- io.netty
- netty-codec-http
- ${netty-codec.version}
-
- io.netty
- netty-handler
- ${netty-handler.version}
-
-
com.azure
- azure-storage-blob
- 12.25.3
-
-
- com.azure
- azure-core-http-netty
-
-
+ azure-storage-blob
+ ${azure-storage-blob.version}
-
+
com.azure
- azure-core-http-netty
- ${azure-core-http-netty.version}
+ azure-core-http-netty
+ ${azure-core-http-netty.version}
-
- com.nimbusds
- nimbus-jose-jwt
- 9.37.2
-
-
org.apache.httpcomponents
- httpclient
- 4.5.13
+ httpclient
+ ${httpclient.version}
-
-
-
- com.squareup.okio
- okio-jvm
- ${okio-jvm.version}
-
-
+
org.jsoup
@@ -149,20 +92,22 @@
js
${graalvm.version}
-
-
+
+
+
+
- org.springframework.boot
- spring-boot-starter-thymeleaf
+ org.springframework.boot
+ spring-boot-starter-thymeleaf
-
+
com.google.guava
- guava
- ${guava.version}
+ guava
+ ${guava.version}
-
+
diff --git a/pom.xml b/pom.xml
index 583cc7081..f8123ae79 100644
--- a/pom.xml
+++ b/pom.xml
@@ -53,31 +53,19 @@
17
17
17
-
- 2.16.2
- 2.16.2
- 2.16.2
- 4.4.0
- 1.3.5
1.15.0
+ 1.3.5
4.14.3
- 12.20.1
- 3.4.0
32.1.0-jre
1.17.2
23.0.3
3.0.0
-
-
1.15.11
- 9.9.1
4.5.13
4.5.7
- 12.25.3
- 4.1.115.Final
- 4.1.115.Final
1.16.1
+ 1.16
@@ -219,31 +207,7 @@
-
-
- com.fasterxml.jackson.core
- jackson-databind
- ${jackson-databind.version}
-
-
- com.fasterxml.jackson.core
- jackson-core
- ${jackson.version}
-
-
-
- com.fasterxml.jackson.core
- jackson-annotations
- ${jackson-annotations.version}
-
-
org.springframework.boot
spring-boot-dependencies
@@ -265,17 +229,8 @@
com.codepoetics
protonpack
- 1.16
-
-
-
-
- org.yaml
- snakeyaml
- 2.2
-
-
+ ${protonpack.version}
+