This is an automated email from the ASF dual-hosted git repository. lprimak pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/shiro.git
commit b9656950839d568f8e1034f2b1883804e21abe12 Author: lprimak <[email protected]> AuthorDate: Thu Dec 4 18:18:57 2025 -0600 chore: fix vulnerabilities in tests reported by OpenSSF tool --- integration-tests/meecrowave-support/pom.xml | 27 +++++++++++++++ pom.xml | 10 ++++++ samples/spring-boot-3-web/pom.xml | 25 ++++++++++++++ samples/spring-boot-web/pom.xml | 16 +++++++++ samples/web-jakarta/pom.xml | 39 +++++++++++++++++++++- support/spring-boot/spring-boot-starter/pom.xml | 20 +++++++++++ .../spring-boot/spring-boot-web-starter/pom.xml | 21 ++++++++++++ 7 files changed, 157 insertions(+), 1 deletion(-) diff --git a/integration-tests/meecrowave-support/pom.xml b/integration-tests/meecrowave-support/pom.xml index f6f33ce0e..323b4f15d 100644 --- a/integration-tests/meecrowave-support/pom.xml +++ b/integration-tests/meecrowave-support/pom.xml @@ -73,4 +73,31 @@ </dependency> </dependencies> + <dependencyManagement> + <dependencies> + <dependency> + <groupId>org.apache.cxf</groupId> + <artifactId>cxf-bom</artifactId> + <version>3.6.7</version> + <scope>import</scope> + <type>pom</type> + </dependency> + <dependency> + <groupId>org.apache.johnzon</groupId> + <artifactId>johnzon-jsonb</artifactId> + <version>1.2.21</version> + </dependency> + <dependency> + <groupId>org.apache.tomcat</groupId> + <artifactId>tomcat-jaspic-api</artifactId> + <version>9.0.112</version> + </dependency> + <dependency> + <groupId>org.apache.tomcat</groupId> + <artifactId>tomcat-catalina</artifactId> + <version>9.0.112</version> + </dependency> + </dependencies> + </dependencyManagement> + </project> diff --git a/pom.xml b/pom.xml index d0b7f6884..03645a930 100644 --- a/pom.xml +++ b/pom.xml @@ -1213,6 +1213,16 @@ </exclusion> </exclusions> </dependency> + <dependency> + <groupId>ch.qos.logback</groupId> + <artifactId>logback-core</artifactId> + <version>1.5.21</version> + </dependency> + <dependency> + <groupId>ch.qos.logback</groupId> + <artifactId>logback-classic</artifactId> + <version>1.5.21</version> + </dependency> <dependency> <groupId>org.apache.logging.log4j</groupId> diff --git a/samples/spring-boot-3-web/pom.xml b/samples/spring-boot-3-web/pom.xml index c6f4acd7e..388a64842 100644 --- a/samples/spring-boot-3-web/pom.xml +++ b/samples/spring-boot-3-web/pom.xml @@ -117,6 +117,31 @@ <scope>import</scope> <type>pom</type> </dependency> + <dependency> + <groupId>org.apache.tomcat.embed</groupId> + <artifactId>tomcat-embed-core</artifactId> + <version>10.1.49</version> + </dependency> + <dependency> + <groupId>org.apache.tomcat.embed</groupId> + <artifactId>tomcat-embed-el</artifactId> + <version>10.1.49</version> + </dependency> + <dependency> + <groupId>org.apache.tomcat.embed</groupId> + <artifactId>tomcat-embed-websocket</artifactId> + <version>10.1.49</version> + </dependency> + <dependency> + <groupId>ch.qos.logback</groupId> + <artifactId>logback-classic</artifactId> + <version>1.5.21</version> + </dependency> + <dependency> + <groupId>ch.qos.logback</groupId> + <artifactId>logback-core</artifactId> + <version>1.5.21</version> + </dependency> </dependencies> </dependencyManagement> diff --git a/samples/spring-boot-web/pom.xml b/samples/spring-boot-web/pom.xml index f55307983..6a7e53f20 100644 --- a/samples/spring-boot-web/pom.xml +++ b/samples/spring-boot-web/pom.xml @@ -97,6 +97,22 @@ </exclusion> </exclusions> </dependency> + + <dependency> + <groupId>org.apache.tomcat.embed</groupId> + <artifactId>tomcat-embed-core</artifactId> + <version>9.0.112</version> + </dependency> + <dependency> + <groupId>org.apache.tomcat.embed</groupId> + <artifactId>tomcat-embed-el</artifactId> + <version>9.0.112</version> + </dependency> + <dependency> + <groupId>org.apache.tomcat.embed</groupId> + <artifactId>tomcat-embed-websocket</artifactId> + <version>9.0.112</version> + </dependency> </dependencies> </dependencyManagement> diff --git a/samples/web-jakarta/pom.xml b/samples/web-jakarta/pom.xml index 1aa6857a6..adab15570 100644 --- a/samples/web-jakarta/pom.xml +++ b/samples/web-jakarta/pom.xml @@ -33,7 +33,7 @@ <properties> <meecrowave.version>1.2.15</meecrowave.version> - <tomcat.version>10.1.30</tomcat.version> + <tomcat.version>10.1.49</tomcat.version> <jacoco.skip>true</jacoco.skip> </properties> @@ -46,6 +46,43 @@ <scope>import</scope> <type>pom</type> </dependency> + <dependency> + <groupId>org.apache.cxf</groupId> + <artifactId>cxf-bom</artifactId> + <version>3.6.7</version> + <scope>import</scope> + <type>pom</type> + </dependency> + <dependency> + <groupId>org.apache.johnzon</groupId> + <artifactId>johnzon-jsonb</artifactId> + <version>1.2.21</version> + </dependency> + <dependency> + <groupId>org.apache.tomcat.embed</groupId> + <artifactId>tomcat-embed-core</artifactId> + <version>9.0.112</version> + </dependency> + <dependency> + <groupId>org.apache.tomcat.embed</groupId> + <artifactId>tomcat-embed-el</artifactId> + <version>9.0.112</version> + </dependency> + <dependency> + <groupId>org.apache.tomcat</groupId> + <artifactId>tomcat-jaspic-api</artifactId> + <version>9.0.112</version> + </dependency> + <dependency> + <groupId>org.apache.tomcat.embed</groupId> + <artifactId>tomcat-embed-websocket</artifactId> + <version>9.0.112</version> + </dependency> + <dependency> + <groupId>org.apache.tomcat</groupId> + <artifactId>tomcat-catalina</artifactId> + <version>9.0.112</version> + </dependency> </dependencies> </dependencyManagement> diff --git a/support/spring-boot/spring-boot-starter/pom.xml b/support/spring-boot/spring-boot-starter/pom.xml index f8fadeb2e..01b60a955 100644 --- a/support/spring-boot/spring-boot-starter/pom.xml +++ b/support/spring-boot/spring-boot-starter/pom.xml @@ -94,6 +94,26 @@ </dependency> </dependencies> + <dependencyManagement> + <dependencies> + <dependency> + <groupId>org.apache.tomcat.embed</groupId> + <artifactId>tomcat-embed-core</artifactId> + <version>9.0.112</version> + </dependency> + <dependency> + <groupId>org.apache.tomcat.embed</groupId> + <artifactId>tomcat-embed-el</artifactId> + <version>9.0.112</version> + </dependency> + <dependency> + <groupId>org.apache.tomcat.embed</groupId> + <artifactId>tomcat-embed-websocket</artifactId> + <version>9.0.112</version> + </dependency> + </dependencies> + </dependencyManagement> + <build> <plugins> <plugin> diff --git a/support/spring-boot/spring-boot-web-starter/pom.xml b/support/spring-boot/spring-boot-web-starter/pom.xml index 5045035ca..f75c5b074 100644 --- a/support/spring-boot/spring-boot-web-starter/pom.xml +++ b/support/spring-boot/spring-boot-web-starter/pom.xml @@ -64,6 +64,27 @@ </dependency> </dependencies> + + <dependencyManagement> + <dependencies> + <dependency> + <groupId>org.apache.tomcat.embed</groupId> + <artifactId>tomcat-embed-core</artifactId> + <version>9.0.112</version> + </dependency> + <dependency> + <groupId>org.apache.tomcat.embed</groupId> + <artifactId>tomcat-embed-el</artifactId> + <version>9.0.112</version> + </dependency> + <dependency> + <groupId>org.apache.tomcat.embed</groupId> + <artifactId>tomcat-embed-websocket</artifactId> + <version>9.0.112</version> + </dependency> + </dependencies> + </dependencyManagement> + <build> <plugins> <plugin>
