Vulnerabilities updates (fix level: critical and high) (#7)

* maven updates * maven updates * maven updates * maven updates * maven updates
sberg-net · Oct 12, 2023 · 44fb747 · 44fb747
1 parent 284a9cd
commit 44fb747
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 4 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -13,6 +13,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Fixed
 
+## [0.19.1]
+
+### Fixed
+- Vulnerabilities updates
+  - spring-boot-parent
+  - webjars-locator
+  - snakeyaml
+
 ## [0.19.0]
 
 ### Added

diff --git a/pom.xml b/pom.xml
@@ -5,14 +5,14 @@
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>3.0.4</version>
+        <version>3.1.4</version>
         <relativePath/> <!-- lookup parent from repository -->
     </parent>
     <groupId>net.sberg</groupId>
     <artifactId>openkim</artifactId>
-    <version>0.19.0</version>
+    <version>0.19.1</version>
     <name>openkim</name>
-    <description>Open KIM Client Modul</description>
+    <description>Open KIM Client Modul </description>
 
     <properties>
         <logback.version>1.4.5</logback.version>
@@ -31,6 +31,18 @@
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-web</artifactId>
+            <exclusions>
+                <!-- exclude snakeyaml version 1.33 (with Vulnerabilities), newer version 2.2 is set later-->
+                <exclusion>
+                    <groupId>org.yaml</groupId>
+                    <artifactId>snakeyaml</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.yaml</groupId>
+            <artifactId>snakeyaml</artifactId>
+            <version>2.2</version>
         </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
@@ -211,7 +223,7 @@
         <dependency>
             <groupId>org.webjars</groupId>
             <artifactId>webjars-locator</artifactId>
-            <version>0.45</version>
+            <version>0.47</version>
         </dependency>
         <dependency>
             <groupId>org.projectlombok</groupId>