From 3cf7fe7b2e4aacb8db664e94d0a4fd46ac75cf19 Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Tue, 21 Feb 2023 17:25:12 +0100
Subject: chore(libs): update third-party libs

 - commons-fileupload to 1.5 to fix CVE-2023-24998
---
 pom.xml | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

(limited to 'pom.xml')

diff --git a/pom.xml b/pom.xml
index 5d00318a..a4922e16 100644
--- a/pom.xml
+++ b/pom.xml
@@ -47,8 +47,8 @@
     <io.grpc-core.version>1.42.1</io.grpc-core.version>
 
     <!-- Other third-party libs -->
-    <spring-boot-starter-web.version>2.6.12</spring-boot-starter-web.version>
-    <org.springframework.version>5.3.23</org.springframework.version>
+    <spring-boot-starter-web.version>2.7.8</spring-boot-starter-web.version>
+    <org.springframework.version>5.3.25</org.springframework.version>
     <org.opensaml.version>4.0.1</org.opensaml.version>
     <org.apache.santuario.xmlsec.version>2.3.2</org.apache.santuario.xmlsec.version>
     <org.cryptacular.version>1.2.5</org.cryptacular.version>
@@ -65,24 +65,24 @@
     <org.apache.commons-collections>3.2.2</org.apache.commons-collections>
     <org.apache.commons-collections4>4.4</org.apache.commons-collections4>
     <commons-io.version>2.11.0</commons-io.version>
-    <commons-fileupload.version>1.4</commons-fileupload.version>
+    <commons-fileupload.version>1.5</commons-fileupload.version>
 
     <javax.servlet-api>3.0.1</javax.servlet-api>
     
     <org.apache.velocity.version>2.3</org.apache.velocity.version>
     <javax.annotation-api>1.3.2</javax.annotation-api>
-    <joda-time.version>2.12.0</joda-time.version>
+    <joda-time.version>2.12.2</joda-time.version>
     <jsr305.version>3.0.2</jsr305.version>
     <com.google.guava.version>31.1-jre</com.google.guava.version>
     <org.owasp.encoder.version>1.2.3</org.owasp.encoder.version>
 
-    <httpclient.version>4.5.13</httpclient.version>
-    <httpcore.version>4.4.15</httpcore.version>
+    <httpclient.version>4.5.14</httpclient.version>
+    <httpcore.version>4.4.16</httpcore.version>
 
-    <com.fasterxml.jackson.core.version>2.13.4</com.fasterxml.jackson.core.version>
-    <com.fasterxml.jackson.databind.version>2.13.4.2</com.fasterxml.jackson.databind.version>
-    <gson.version>2.9.1</gson.version>
-    <org.bitbucket.b_c.jose4j.version>0.9.1</org.bitbucket.b_c.jose4j.version>
+    <com.fasterxml.jackson.core.version>2.14.2</com.fasterxml.jackson.core.version>
+    <com.fasterxml.jackson.databind.version>2.14.2</com.fasterxml.jackson.databind.version>
+    <gson.version>2.10.1</gson.version>
+    <org.bitbucket.b_c.jose4j.version>0.9.3</org.bitbucket.b_c.jose4j.version>
 
     <jaxen.jaxen.version>1.2.0</jaxen.jaxen.version>
     <xerces.version>2.12.2</xerces.version>
-- 
cgit v1.2.3