Merge branch 'tomcat-vuln-fix' into 'master'

fix CVE-2024-34750 See merge request !566

Merge branch 'tomcat-vuln-fix' into 'master'
2c6bab6e · Rustam Lotsmanenko (EPAM) · 176f2bfd · 0f1e6988 · 2c6bab6e · 2c6bab6e
Commit 2c6bab6e authored 8 months ago by Rustam Lotsmanenko (EPAM)
--- a/pom.xml
+++ b/pom.xml
@@ -14,9 +14,9 @@
        <openapi.version>1.6.14</openapi.version>
        <json-smart.version>2.5.0</json-smart.version>
        <jackson.version>2.16.1</jackson.version>
-        <spring-framework-version>6.1.6</spring-framework-version>
-        <spring-boot.version>3.2.4</spring-boot.version>
-        <spring-security.version>6.2.3</spring-security.version>
+        <spring-framework-version>6.1.10</spring-framework-version>
+        <spring-boot.version> 3.3.1</spring-boot.version>
+        <spring-security.version>6.3.1</spring-security.version>
    </properties>

    <licenses>

--- a/provider/legal-azure/pom.xml
+++ b/provider/legal-azure/pom.xml
@@ -34,33 +34,10 @@
        <osdu.corelibazure.version>0.26.0-rc6</osdu.corelibazure.version>
        <osdu.legal-core.version>0.27.0-SNAPSHOT</osdu.legal-core.version>
        <woodstox-core.version>6.4.0</woodstox-core.version>
-        <netty.version>4.1.107.Final</netty.version>
        <argLine>--add-opens java.base/java.lang=ALL-UNNAMED</argLine>
-        <reactor-netty-http.version>1.1.13</reactor-netty-http.version>
-        <azure-active-directory.version>5.10.0</azure-active-directory.version>
+        <spring-cloud-azure-starter-active-directory.version>5.13.0</spring-cloud-azure-starter-active-directory.version>
    </properties>

-    <dependencyManagement>
-        <dependencies>
-            <!-- netty-bom dependency to be declared before spring-boot-dependencies,
-           to pull all netty-transitive dependencies with same version -->
-            <dependency>
-                <groupId>io.netty</groupId>
-                <artifactId>netty-bom</artifactId>
-                <version>${netty.version}</version>
-                <type>pom</type>
-                <scope>import</scope>
-            </dependency>
-            <dependency>
-                <groupId>com.azure.spring</groupId>
-                <artifactId>spring-cloud-azure-starter-active-directory</artifactId>
-                <version>${azure-active-directory.version}</version>
-                <type>pom</type>
-                <scope>import</scope>
-            </dependency>
-        </dependencies>
-    </dependencyManagement>
-
    <dependencies>
        <dependency>
            <groupId>org.opengroup.osdu.legal</groupId>
@@ -81,7 +58,7 @@
        <dependency>
            <groupId>com.azure.spring</groupId>
            <artifactId>spring-cloud-azure-starter-active-directory</artifactId>
-            <version>${azure-active-directory.version}</version>
+            <version>${spring-cloud-azure-starter-active-directory.version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>