Commit 1356f05a authored by cdanger's avatar cdanger

-upgrade compile deps: spring: 4.3.12 -> 4.3.14, cxf: 3.2.1 -> 3.2.4,

logback-ext-spring: 0.1.4 -> 0.1.5, logback-classic: 1.2.2 -> 1.2.3,
Saxon-HE: 9.7.0-14 -> 9.8.0-12
- upgrade plugin version dependency-check-maven: 3.0.2 -> 3.2.1
parent b5a61a4a
......@@ -23,8 +23,8 @@
<jaxb2-value-constructor.version>3.0</jaxb2-value-constructor.version>
<slf4j.version>1.7.25</slf4j.version>
<!-- This version must match the Spring version used by 'logback-ext-spring' in dependencyManagement. -->
<spring.version>4.3.12.RELEASE</spring.version>
<cxf.version>3.2.1</cxf.version>
<spring.version>4.3.14.RELEASE</spring.version>
<cxf.version>3.2.4</cxf.version>
</properties>
<url>${project.url}</url>
<inceptionYear>2012</inceptionYear>
......@@ -93,14 +93,14 @@
<groupId>org.logback-extensions</groupId>
<artifactId>logback-ext-spring</artifactId>
<!-- TODO: upgrade so that logback-classic dependency version matches below -->
<version>0.1.4</version>
<version>0.1.5</version>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
<!-- This version must match the version used by the one of 'logback-ext-spring' above. -->
<!-- Versions before 1.2.0 (excluded) affected by CVE-2017-5929 -->
<version>1.2.2</version>
<version>1.2.3</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
......@@ -155,7 +155,7 @@
<dependency>
<groupId>net.sf.saxon</groupId>
<artifactId>Saxon-HE</artifactId>
<version>9.7.0-14</version>
<version>9.8.0-12</version>
</dependency>
<dependency>
<groupId>com.google.guava</groupId>
......@@ -251,7 +251,7 @@
<!-- Consider combining with Red Hat Victims and OSS Index. More info on Victims vs. Dependency-check: https://bugzilla.redhat.com/show_bug.cgi?id=1388712 -->
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>3.0.2</version>
<version>3.2.1</version>
</plugin>
<plugin>
<groupId>org.jvnet.jaxb2.maven2</groupId>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment