chore: Update dependencies to avoid vulnerabilities V2 (#3074)

Signed-off-by: Pavel Jareš <[email protected]>
zowe · Sep 13, 2023 · 011c983 · 011c983
1 parent 2650e72
commit 011c983
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 6 deletions.
diff --git a/build.gradle b/build.gradle
@@ -101,6 +101,10 @@ allprojects {
             //substitute(module('javax.inject:javax.inject:1')).using(module('jakarta.inject:jakarta.inject-api:1.0.5'))
             substitute(module('javax.activation:javax.activation-api:1.0')).using(module('jakarta.activation:jakarta.activation-api:1.2.2'))
         }
+
+        resolutionStrategy.force libs.slf4j.api
+        resolutionStrategy.force libs.log4j.api
+        resolutionStrategy.force libs.log4j.to.slf4j
     }
 }
 

diff --git a/gradle/versions.gradle b/gradle/versions.gradle
@@ -5,10 +5,10 @@ dependencyResolutionManagement {
             version('projectNode', '18.14.0')
             version('projectNpm', '9.3.1')
 
-            version('springBoot', '2.7.12')
+            version('springBoot', '2.7.15')
             version('springCloud', '2.2.10.RELEASE')
-            version('springCloudCommons', '3.1.6')
-            version('springCloudVersion3', '3.1.6')
+            version('springCloudCommons', '3.1.7')
+            version('springCloudVersion3', '3.1.7')
             version('springCloudCB', '2.1.7')
             version('springCloudGateway', '3.1.7')
             version('springSecurity') {
@@ -48,7 +48,7 @@ dependencyResolutionManagement {
             version('gradleGitProperties', '2.2.4') // Used in classpath dependencies
             version('gradleNode', '3.0.1') // Used in classpath dependencies
             version('gson', '2.9.1')
-            version('guava', '31.1-jre')
+            version('guava', '32.1.2-jre')
             version('hamcrest', '1.3')
             version('httpClient', '4.5.14')
             version('httpCore', '4.4.16')
@@ -109,7 +109,7 @@ dependencyResolutionManagement {
             version('restAssured', '5.3.0')
             version('rhino', '1.7.14')
             version('slf4j', '1.7.36')
-            version('snakeyaml', '2.0')
+            version('snakeyaml', '2.2')
             version('springFox', '2.9.2')
             version('springDoc') {
                 // version 1.7+ has a conflict with Jackson databind (displaying of examples)
@@ -122,7 +122,7 @@ dependencyResolutionManagement {
             version('swaggerCore', '1.6.10')
             version('swaggerInflector', '2.0.9')
             version('swaggerJaxrs2', '2.2.9')
-            version('thymeleaf', '3.0.15.RELEASE')
+            version('thymeleaf', '3.1.2.RELEASE')
             version('tomcat', '9.0.75')
             version('velocity', '2.3')
             version('woodstoxCore', '6.5.1')