Update Spring Boot and xmlunit-core

to get rid of vulnerabilites found by maven-enforcer (banVulnerable).
svekar · Jun 2, 2024 · 1d0845d · 1d0845d
1 parent 1262d1d
commit 1d0845d
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/pom.xml b/pom.xml
@@ -15,13 +15,20 @@
 
 	<properties>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-		<spring.boot.version>3.1.3</spring.boot.version>
+		<spring.boot.version>3.3.0</spring.boot.version>
 		<java.version>19</java.version>
 		<maven.compiler.release>19</maven.compiler.release>
 	</properties>
 
 	<dependencyManagement>
 		<dependencies>
+			<!-- Overriden, since spring-boot-starter-test 3.3.0 pulls in a
+			     vulnerable version (CVE-2024-31573). -->
+			<dependency>
+				<groupId>org.xmlunit</groupId>
+				<artifactId>xmlunit-core</artifactId>
+				<version>2.10.0</version>
+			</dependency>
 			<dependency>
 				<groupId>org.springframework.boot</groupId>
 				<artifactId>spring-boot-dependencies</artifactId>