Merge pull request medizininformatik-initiative#283 from medizininfor…

…matik-initiative/feature/282-update-spring-boot medizininformatik-initiative#282 - Update Spring Boot
geloro94 · Apr 23, 2024 · 9b88a4d · 9b88a4d
2 parents 9d9bb31 + f54d820
commit 9b88a4d
Showing 1 changed file with 1 addition and 22 deletions.
diff --git a/pom.xml b/pom.xml
@@ -5,7 +5,7 @@
   <parent>
     <groupId>org.springframework.boot</groupId>
     <artifactId>spring-boot-starter-parent</artifactId>
-    <version>3.2.4</version>
+    <version>3.2.5</version>
     <relativePath /> <!-- lookup parent from repository -->
   </parent>
 
@@ -61,22 +61,9 @@
       <artifactId>spring-boot-starter-data-jpa</artifactId>
     </dependency>
 
-    <!-- Fix CVE-2024-29025. Remove exclusion and manual inclusion when update is included in spring-boot-starter-webflux -->
     <dependency>
       <groupId>org.springframework.boot</groupId>
       <artifactId>spring-boot-starter-webflux</artifactId>
-      <exclusions>
-        <exclusion>
-          <groupId>io.netty</groupId>
-          <artifactId>netty-codec-http</artifactId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-
-    <dependency>
-      <groupId>io.netty</groupId>
-      <artifactId>netty-codec-http</artifactId>
-      <version>4.1.108.Final</version>
     </dependency>
 
     <dependency>
@@ -293,14 +280,6 @@
       <scope>test</scope>
     </dependency>
 
-    <!-- This dependency is only added to address a vulnerability in  org.springframework.boot-->
-    <!-- Remove this once the vulnerability is adressed in the next version -->
-    <dependency>
-      <groupId>org.yaml</groupId>
-      <artifactId>snakeyaml</artifactId>
-      <version>2.0</version>
-    </dependency>
-
     <dependency>
       <groupId>io.projectreactor</groupId>
       <artifactId>reactor-test</artifactId>