From 44fb747f7f3eedea6f29b23457e1fd6b3b80ff74 Mon Sep 17 00:00:00 2001
From: Stephan <derlinuxer@sberg.net>
Date: Thu, 12 Oct 2023 21:15:30 +0200
Subject: [PATCH] Vulnerabilities updates (fix level: critical and high) (#7)

* maven updates

* maven updates

* maven updates

* maven updates

* maven updates
---
 CHANGELOG.md |  8 ++++++++
 pom.xml      | 20 ++++++++++++++++----
 2 files changed, 24 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index fdd0565..dbb7ece 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -13,6 +13,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Fixed
 
+## [0.19.1]
+
+### Fixed
+- Vulnerabilities updates
+  - spring-boot-parent
+  - webjars-locator
+  - snakeyaml
+
 ## [0.19.0]
 
 ### Added
diff --git a/pom.xml b/pom.xml
index 5270764..d0a46d1 100644
--- a/pom.xml
+++ b/pom.xml
@@ -5,14 +5,14 @@
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>3.0.4</version>
+        <version>3.1.4</version>
         <relativePath/> <!-- lookup parent from repository -->
     </parent>
     <groupId>net.sberg</groupId>
     <artifactId>openkim</artifactId>
-    <version>0.19.0</version>
+    <version>0.19.1</version>
     <name>openkim</name>
-    <description>Open KIM Client Modul</description>
+    <description>Open KIM Client Modul </description>
 
     <properties>
         <logback.version>1.4.5</logback.version>
@@ -31,6 +31,18 @@
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-web</artifactId>
+            <exclusions>
+                <!-- exclude snakeyaml version 1.33 (with Vulnerabilities), newer version 2.2 is set later-->
+                <exclusion>
+                    <groupId>org.yaml</groupId>
+                    <artifactId>snakeyaml</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.yaml</groupId>
+            <artifactId>snakeyaml</artifactId>
+            <version>2.2</version>
         </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
@@ -211,7 +223,7 @@
         <dependency>
             <groupId>org.webjars</groupId>
             <artifactId>webjars-locator</artifactId>
-            <version>0.45</version>
+            <version>0.47</version>
         </dependency>
         <dependency>
             <groupId>org.projectlombok</groupId>