Upgrade postgresql JDBC client from 42.3.3 to 42.5.0. This fixes SQL Injection: https://nvd.nist.gov/vuln/detail/CVE-2022-31197
Note that postgresql 42.3.* and 42.4.* have reached their end-of-life and should no longer be used in production:
Upgrade snakeyaml from 1.29 to 1.33 fixing Denial of Service (DoS) and Stack-based Buffer Overflow:
Upgrade rest-assured from 4.4.0 to 4.5.1 because Spring Boot uses rest-assured-bom that exists for 4.5.0 and later but not for 4.4.0.
Upgrade folio-spring-base from 4.0.0 (Morning Glory) to 5.0.2 (Nolana).
Upgrading folio-spring-base indirectly upgrades jackson-databind from 22.214.171.124 to 126.96.36.199 fixing Denial of Service (DoS):
Upgrading folio-spring-base indirectly upgrades plexus-utils from 1.5.8 to 3.3.0 fixing Shell Command Injection and Directory Traversal and XML External Entity (XXE) Injection:
Upgrading folio-spring-base indirectly upgrades okhttp from 3.14.9 to 4.9.3 fixing Information Exposure:
Upgrading folio-spring-base indirectly upgrades commons-text from 1.9 to 1.10.0 fixing Arbitrary Code Execution:
Upgrading folio-spring-base indirectly upgrades liquibase-core from 4.5.0 to 4.9.1 fixing XML External Entity (XXE) Injection:
Upgrading folio-spring-base indirectly upgrades rhino from 188.8.131.52 to 1.7.14 fixing XML External Entity (XXE) Injection:
Upgrading folio-spring-base indirectly upgrades spring-context from 5.3.18 to 5.3.23 fixing Improper Handling of Case Sensitivity:
Upgrading folio-spring-base indirectly upgrades spring-security-crypto from 5.6.2 to 5.7.4 fixing Integer Overflow or Wraparound:
Upgrading folio-spring-base indirectly upgrades bcprov-jdk15on from 1.68 to 1.69 fixing Cryptographic Issues:
Upgrading folio-spring-base indirectly upgrades spring-beans from 5.3.18 to 5.3.23 fixing Denial of Service (DoS):
Upgrading folio-spring-base indirectly upgrades tomcat-embed-core from 9.0.60 to 9.0.68 fixing HTTP Request Smuggling and Information Exposure:
Upgrade Spring Boot from 2.6.6 to 2.7.5.
Note that Open Source support for Spring Boot 2.6.* ends 2022-11-24:
Therefore upgrading to Spring Boot 2.7 is required for Nolana:
Upgrading Spring Boot indirectly upgrades spring-context from 5.3.18 to 5.3.23 fixing Improper Handling of Case Sensitivity:
Upgrading Spring Boot indirectly upgrades spring-security-crypto from 5.6.2 to 5.7.4 fixing Integer Overflow or Wraparound: