We should upgrade to the latest spring-boot version to reduce the CVEs and exclude JUNIT from json-simple, as it introduces an unnecessary old JUNIT version.
Upgrade spring-boot to 3.1.11. This is a minor update which doesn't include any regressions or breaking changes and exclude the unnecessary JUNIT dep from json-simple.
Is there an existing issue for this?
Problem description
We should upgrade to the latest spring-boot version to reduce the CVEs and exclude JUNIT from json-simple, as it introduces an unnecessary old JUNIT version.
spring-web 6.0.14 6.0.18 java-archive https://github.com/advisories/GHSA-hgjh-9rj2-g67j High spring-web 6.0.14 6.0.17 java-archive https://github.com/advisories/GHSA-ccgv-vj62-xf9h High tomcat-embed-core 10.1.16 10.1.19 java-archive https://github.com/advisories/GHSA-7w75-32cg-r6g2 Medium tomcat-embed-websocket 10.1.16 10.1.19 java-archive https://github.com/advisories/GHSA-v682-8vv8-vpwr Medium
Proposed solution
Upgrade spring-boot to 3.1.11. This is a minor update which doesn't include any regressions or breaking changes and exclude the unnecessary JUNIT dep from json-simple.
Additional context
No response
Forum Topic Link
No response