diff --git a/build.gradle b/build.gradle index a9fdcb7f6..c655c26ad 100644 --- a/build.gradle +++ b/build.gradle @@ -14,7 +14,7 @@ plugins { id "info.solidsoft.pitest" version '1.7.0' id 'io.spring.dependency-management' version '1.1.0' id 'org.sonarqube' version '3.1.1' - id 'org.springframework.boot' version '2.7.7' + id 'org.springframework.boot' version '2.7.11' id "org.flywaydb.flyway" version "8.5.12" id 'au.com.dius.pact' version '4.1.7' id 'org.owasp.dependencycheck' version '8.0.1' @@ -33,7 +33,7 @@ def versions = [ reformHealthStarter: '0.0.5', serenity : '2.0.76', sonarPitest : '0.5', - springBoot : '2.7.7', + springBoot : '2.7.11', springHystrix : '2.2.8.RELEASE', pact_version : '4.1.7', launchDarklySdk : "5.10.7", @@ -377,7 +377,7 @@ dependencies { implementation group: 'org.springframework', name: 'spring-core', version: versions.springVersion implementation group: 'org.springframework', name: 'spring-beans', version: versions.springVersion - implementation group: 'org.springframework.security', name: 'spring-security-core', version: '5.7.5' + implementation group: 'org.springframework.security', name: 'spring-security-core', version: '5.7.8' implementation group: 'org.bouncycastle', name: 'bcpkix-jdk15on', version: '1.70' implementation group: 'ch.qos.logback', name: 'logback-core', version: versions.logback @@ -386,7 +386,6 @@ dependencies { implementation group: 'org.apache.logging.log4j', name: 'log4j-api', version: versions.log4j implementation group: 'org.apache.logging.log4j', name: 'log4j', version: versions.log4j implementation group: 'org.apache.logging.log4j', name: 'log4j-to-slf4j', version: versions.log4j - implementation group: 'org.springframework.security', name: 'spring-security-core', version: '5.7.5' implementation group:"org.yaml", name: "snakeyaml", version:"1.33" //Fix for CVE-2021-29425