Merge pull request #4805 from nscuro/bump-deps-

nscuro · web-flow · commit db5d1bb3490e · 2025-04-02T12:53:50.000+02:00
Bump dependencies that Dependabot missed
diff --git a/pom.xml b/pom.xml
@@ -87,22 +87,22 @@
         <!-- Dependency Versions -->
         <frontend.version>4.12.7</frontend.version>
         <lib.alpine.version>${project.parent.version}</lib.alpine.version>
-        <lib.awaitility.version>4.2.2</lib.awaitility.version>
+        <lib.awaitility.version>4.3.0</lib.awaitility.version>
         <lib.brotli-decoder.version>0.1.2</lib.brotli-decoder.version>
-        <lib.checkstyle.version>10.20.2</lib.checkstyle.version>
+        <lib.checkstyle.version>10.22.0</lib.checkstyle.version>
         <lib.aws-advanced-jdbc-wrapper.version>2.5.5</lib.aws-advanced-jdbc-wrapper.version>
         <lib.cloud-sql-connector-jdbc-sqlserver.version>1.24.1</lib.cloud-sql-connector-jdbc-sqlserver.version>
-        <lib.cloud-sql-mysql-socket-factory-connector-j-8.version>1.21.0</lib.cloud-sql-mysql-socket-factory-connector-j-8.version>
-        <lib.cloud-sql-postgres-socket-factory.version>1.21.0</lib.cloud-sql-postgres-socket-factory.version>
+        <lib.cloud-sql-mysql-socket-factory-connector-j-8.version>1.24.1</lib.cloud-sql-mysql-socket-factory-connector-j-8.version>
+        <lib.cloud-sql-postgres-socket-factory.version>1.24.1</lib.cloud-sql-postgres-socket-factory.version>
         <lib.cpe-parser.version>3.0.0</lib.cpe-parser.version>
         <lib.commons-compress.version>1.27.1</lib.commons-compress.version>
         <lib.commons-text.version>1.13.0</lib.commons-text.version>
         <lib.cvss-calculator.version>1.4.2</lib.cvss-calculator.version>
         <lib.owasp-rr-calculator.version>1.0.1</lib.owasp-rr-calculator.version>
-        <lib.cyclonedx-java.version>9.1.0</lib.cyclonedx-java.version>
+        <lib.cyclonedx-java.version>10.2.1</lib.cyclonedx-java.version>
         <lib.greenmail.version>2.1.3</lib.greenmail.version>
-        <lib.jackson.version>2.18.0</lib.jackson.version>
-        <lib.jackson-databind.version>2.18.0</lib.jackson-databind.version>
+        <lib.jackson.version>2.18.3</lib.jackson.version>
+        <lib.jackson-databind.version>2.18.3</lib.jackson-databind.version>
         <lib.json-java.version>20250107</lib.json-java.version>
         <lib.json-unit.version>4.1.0</lib.json-unit.version>
         <lib.junit.version>4.13.2</lib.junit.version>
@@ -114,7 +114,7 @@
         <lib.pebble.version>3.2.3</lib.pebble.version>
         <lib.protobuf-java.version>4.30.2</lib.protobuf-java.version>
         <lib.resilience4j.version>2.2.0</lib.resilience4j.version>
-        <lib.swagger-parser.version>2.1.22</lib.swagger-parser.version>
+        <lib.swagger-parser.version>2.1.25</lib.swagger-parser.version>
         <lib.system-rules.version>1.19.0</lib.system-rules.version>
         <lib.testcontainers.version>1.20.6</lib.testcontainers.version>
         <lib.wiremock.version>2.35.2</lib.wiremock.version>
@@ -128,7 +128,7 @@
         <!-- JDBC Drivers -->
         <lib.jdbc-driver.mssql.version>12.10.0.jre11</lib.jdbc-driver.mssql.version>
         <lib.jdbc-driver.mysql.version>8.2.0</lib.jdbc-driver.mysql.version>
-        <lib.jdbc-driver.postgresql.version>42.7.4</lib.jdbc-driver.postgresql.version>
+        <lib.jdbc-driver.postgresql.version>42.7.5</lib.jdbc-driver.postgresql.version>
         <!-- Maven Plugin Properties -->
         <plugin.retirejs.breakOnFailure>false</plugin.retirejs.breakOnFailure>
         <plugin.jetty.version>12.0.18</plugin.jetty.version>
@@ -153,24 +153,6 @@
         </repository>
     </repositories>
 
-    <dependencyManagement>
-        <dependencies>
-            <!--
-              Resolve CVE-2024-57699 (https://github.com/advisories/GHSA-pq2g-wx69-c263).
-              Highly unlikely to be exploitable in DT or Alpine, but we're bumping the
-              version anyway since the update is low-risk and reduces scanner noise.
-
-              TODO: Remove this when bumping Alpine to >= 3.2.0, which includes a version
-               of com.nimbusds:oauth2-oidc-sdk pulling in a newer json-smart version, too.
-            -->
-            <dependency>
-                <groupId>net.minidev</groupId>
-                <artifactId>json-smart</artifactId>
-                <version>2.5.2</version>
-            </dependency>
-        </dependencies>
-    </dependencyManagement>
-
     <dependencies>
         <!-- Alpine -->
         <dependency>
