Addresses EBISPOT/lodestar#20 by updating spring, and overriding some of the libraries depended on by other libraries so as to avoid CVEs. Apache Jena itself is not patched as Virt-jena does not claim support for anything past jena 2.6.2, and we are already using jena 2.12.0. Attempts to build with jena 2.13.0 worked. Selenium driven tests of MeSH RDF worked after these patches.
These library version numbers could be pushed up to the master pom as properties.
This includes the changes in pull request #17 which can be separated if desirable.
Addresses EBISPOT/lodestar#20 by updating spring, and overriding some of the libraries depended on by other libraries so as to avoid CVEs. Apache Jena itself is not patched as Virt-jena does not claim support for anything past jena 2.6.2, and we are already using jena 2.12.0. Attempts to build with jena 2.13.0 worked. Selenium driven tests of MeSH RDF worked after these patches.
These library version numbers could be pushed up to the master pom as properties.
This includes the changes in pull request #17 which can be separated if desirable.