From 904526efdf8f387966d98be9a5e2795ea6158a90 Mon Sep 17 00:00:00 2001
From: "snyk-io[bot]" <141718529+snyk-io[bot]@users.noreply.github.com>
Date: Mon, 8 Sep 2025 10:20:32 +0000
Subject: [PATCH] fix: threadfix-importers/pom.xml & pom.xml to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-COMMONSBEANUTILS-30077
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-12008931
- https://snyk.io/vuln/SNYK-JAVA-COMMONSBEANUTILS-10259368
---
 pom.xml                     | 2 +-
 threadfix-importers/pom.xml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index 0e2886c089..fb2cee599b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -311,7 +311,7 @@
         <servlet-api.version>3.1.0</servlet-api.version>
         <sitemesh.version>2.4.2</sitemesh.version>
         <slf4j.version>1.7.10</slf4j.version>
-        <spring.version>6.1.20</spring.version>
+        <spring.version>6.2.10</spring.version>
         <spring-ldap.version>2.0.2.RELEASE</spring-ldap.version>
         <springsecurity.version>6.4.6</springsecurity.version>
         <javax-el.version>2.2.4</javax-el.version>
diff --git a/threadfix-importers/pom.xml b/threadfix-importers/pom.xml
index 1fdd9d5765..b0eb65edeb 100644
--- a/threadfix-importers/pom.xml
+++ b/threadfix-importers/pom.xml
@@ -122,7 +122,7 @@
         <dependency>
             <groupId>commons-validator</groupId>
             <artifactId>commons-validator</artifactId>
-            <version>1.4.0</version>
+            <version>1.10.0</version>
             <scope>provided</scope>
         </dependency>
         <dependency>