Upgrade spring boot dependencies and fix snakeyaml vulnerability

esanchezros · Aug 27, 2023 · b29e1d4 · b29e1d4
1 parent 3648b7f
commit b29e1d4
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 5 deletions.
diff --git a/README.adoc b/README.adoc
@@ -1,6 +1,6 @@
 image:https://dl.circleci.com/status-badge/img/gh/esanchezros/quickfixj-spring-boot-starter/tree/main.svg?style=shield["CircleCI", link="https://dl.circleci.com/status-badge/redirect/gh/esanchezros/quickfixj-spring-boot-starter/tree/main"]
 image:https://codecov.io/gh/esanchezros/quickfixj-spring-boot-starter/branch/main/graph/badge.svg?token=DhK6IBGZMS["codecov",link="https://codecov.io/gh/esanchezros/quickfixj-spring-boot-starter"]
-image:https://img.shields.io/badge/maven%20central-v2.15.4-blue.svg["Maven Central",link="https://search.maven.org/#search%7Cga%7C1%7Ca%3A%22quickfixj-spring-boot-starter%22"]
+image:https://img.shields.io/badge/maven%20central-v2.16.1-blue.svg["Maven Central",link="https://search.maven.org/#search%7Cga%7C1%7Ca%3A%22quickfixj-spring-boot-starter%22"]
 image:https://img.shields.io/hexpm/l/plug.svg["Apache 2",link="http://www.apache.org/licenses/LICENSE-2.0"]
 image:https://img.shields.io/badge/quickfixj-2.3.1-blue.svg["QuickFIX/J 2.3.1", link="https://github.com/quickfix-j/quickfixj"]
 image:https://app.codacy.com/project/badge/Grade/1c6bf92b53324a45ba587e061dc6547d["Codacy code quality", link="https://www.codacy.com/gh/esanchezros/quickfixj-spring-boot-starter/dashboard?utm_source=github.com&utm_medium=referral&utm_content=esanchezros/quickfixj-spring-boot-starter&utm_campaign=Badge_Grade"]
@@ -19,7 +19,7 @@ To use the QuickFIX/J Server or QuickFIX/J Client you need to add the QuickFIX/J
 <dependency>
     <groupId>io.allune</groupId>
     <artifactId>quickfixj-spring-boot-starter</artifactId>
-    <version>2.15.4</version>
+    <version>2.16.1</version>
 </dependency>
 ----
 
@@ -327,7 +327,7 @@ To enable the actuator endpoints you will also have to add the QuickFIX/J Spring
 <dependency>
     <groupId>io.allune</groupId>
     <artifactId>quickfixj-spring-boot-actuator</artifactId>
-    <version>2.15.4</version>
+    <version>2.16.1</version>
 </dependency>
 ----
 
@@ -724,7 +724,7 @@ To enable the actuator endpoints you will also have to add the QuickFIX/J Spring
 <dependency>
     <groupId>io.allune</groupId>
     <artifactId>quickfixj-spring-boot-actuator</artifactId>
-    <version>2.15.4</version>
+    <version>2.16.1</version>
 </dependency>
 ----
 

diff --git a/pom.xml b/pom.xml
@@ -75,11 +75,17 @@
 				<!-- Import dependency management from Spring Boot -->
 				<groupId>org.springframework.boot</groupId>
 				<artifactId>spring-boot-dependencies</artifactId>
-				<version>2.7.12</version>
+				<version>2.7.15</version>
 				<type>pom</type>
 				<scope>import</scope>
 			</dependency>
 
+			<dependency>
+				<groupId>org.yaml</groupId>
+				<artifactId>snakeyaml</artifactId>
+				<version>2.1</version>
+			</dependency>
+
 			<dependency>
 				<groupId>io.allune</groupId>
 				<artifactId>quickfixj-spring-boot-dependencies</artifactId>