[Snyk] Fix for 28 vulnerabilities

[tristanrobert]

Snyk has created this PR to fix 28 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

• pom.xml

Vulnerabilities that will be fixed with an upgrade:

	Issue	Upgrade
	External Initialization of Trusted Variables or Data Stores SNYK-JAVA-CHQOSLOGBACK-13169722	`` No Known Exploit
	Server-side Request Forgery (SSRF) SNYK-JAVA-CHQOSLOGBACK-8539865	`` No Known Exploit
	Improper Neutralization of Special Elements SNYK-JAVA-CHQOSLOGBACK-8539866	`` No Known Exploit
	Improper Neutralization of Special Elements SNYK-JAVA-CHQOSLOGBACK-8539867	`` No Known Exploit
	Uncontrolled Recursion SNYK-JAVA-COMNIMBUSDS-10691768	`` Proof of Concept
	Improper Handling of Case Sensitivity SNYK-JAVA-ORGAPACHETOMCATEMBED-10264469	`` No Known Exploit
	Allocation of Resources Without Limits or Throttling SNYK-JAVA-ORGAPACHETOMCATEMBED-10365122	`` No Known Exploit
	Authentication Bypass Using an Alternate Path or Channel SNYK-JAVA-ORGAPACHETOMCATEMBED-10365310	`` No Known Exploit
	Integer Overflow or Wraparound SNYK-JAVA-ORGAPACHETOMCATEMBED-10674391	`` No Known Exploit
	Allocation of Resources Without Limits or Throttling SNYK-JAVA-ORGAPACHETOMCATEMBED-10676855	`` No Known Exploit
	Session Fixation SNYK-JAVA-ORGAPACHETOMCATEMBED-11798986	`` No Known Exploit
	Improper Resource Shutdown or Release SNYK-JAVA-ORGAPACHETOMCATEMBED-11799152	`` No Known Exploit
	Improper Resource Shutdown or Release SNYK-JAVA-ORGAPACHETOMCATEMBED-13723930	`` No Known Exploit
	Relative Path Traversal SNYK-JAVA-ORGAPACHETOMCATEMBED-13733966	`` Proof of Concept
	Untrusted Search Path SNYK-JAVA-ORGAPACHETOMCATEMBED-13746602	`` No Known Exploit
	Time-of-check Time-of-use (TOCTOU) Race Condition SNYK-JAVA-ORGAPACHETOMCATEMBED-8523186	`` Proof of Concept
	Time-of-check Time-of-use (TOCTOU) Race Condition SNYK-JAVA-ORGAPACHETOMCATEMBED-8547999	`` No Known Exploit
	Path Equivalence SNYK-JAVA-ORGAPACHETOMCATEMBED-9396739	`` Mature
	Improper Cleanup on Thrown Exception SNYK-JAVA-ORGAPACHETOMCATEMBED-9905132	`` Mature
	Improper Neutralization SNYK-JAVA-ORGAPACHETOMCATEMBED-9905136	`` Proof of Concept
	Allocation of Resources Without Limits or Throttling SNYK-JAVA-ORGBOUNCYCASTLE-11789695	`` No Known Exploit
	Improper Handling of Case Sensitivity SNYK-JAVA-ORGSPRINGFRAMEWORK-10176071	`` No Known Exploit
	HTTP Response Splitting SNYK-JAVA-ORGSPRINGFRAMEWORK-10345766	`` No Known Exploit
	Relative Path Traversal SNYK-JAVA-ORGSPRINGFRAMEWORK-12008931	`` No Known Exploit
	Incorrect Authorization SNYK-JAVA-ORGSPRINGFRAMEWORK-12817817	`` No Known Exploit
	Improper Input Validation SNYK-JAVA-ORGSPRINGFRAMEWORKBOOT-9804539	`` Mature
	Authentication Bypass by Primary Weakness SNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-9486467	`` No Known Exploit
	Information Exposure SNYK-JAVA-ORGJETBRAINSKOTLIN-2393744	com.squareup.okio:okio: 3.9.1 -> 3.10.0 Major version upgrade No Path Found Proof of Concept

Vulnerabilities that could not be fixed

• Upgrade:
  • Could not upgrade com.squareup.okhttp3:logging-interceptor@4.12.0 to com.squareup.okhttp3:logging-interceptor@5.0.0; Reason could not apply upgrade, dependency is managed externally ; Location: provenance does not contain location
• Could not upgrade org.bouncycastle:bcprov-jdk18on@1.78.1 to org.bouncycastle:bcprov-jdk18on@1.79; Reason could not apply upgrade, dependency is managed externally ; Location: provenance does not contain location
• Could not upgrade org.springframework.boot:spring-boot-devtools@3.2.12 to org.springframework.boot:spring-boot-devtools@3.4.10; Reason could not apply upgrade, dependency is managed externally ; Location: provenance does not contain location
• Could not upgrade org.springframework.boot:spring-boot-starter-actuator@3.2.12 to org.springframework.boot:spring-boot-starter-actuator@3.4.11; Reason could not apply upgrade, dependency is managed externally ; Location: provenance does not contain location
• Could not upgrade org.springframework.boot:spring-boot-starter-data-jpa@3.2.12 to org.springframework.boot:spring-boot-starter-data-jpa@3.4.10; Reason could not apply upgrade, dependency is managed externally ; Location: provenance does not contain location
• Could not upgrade org.springframework.boot:spring-boot-starter-oauth2-resource-server@3.2.12 to org.springframework.boot:spring-boot-starter-oauth2-resource-server@3.4.10; Reason could not apply upgrade, dependency is managed externally ; Location: provenance does not contain location
• Could not upgrade org.springframework.boot:spring-boot-starter-web@3.2.12 to org.springframework.boot:spring-boot-starter-web@3.4.11; Reason could not apply upgrade, dependency is managed externally ; Location: provenance does not contain location
• Could not upgrade org.springframework:spring-context-support@6.1.15 to org.springframework:spring-context-support@6.2.11; Reason could not apply upgrade, dependency is managed externally ; Location: provenance does not contain location

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Server-side Request Forgery (SSRF)
🦉 Allocation of Resources Without Limits or Throttling
🦉 Integer Overflow or Wraparound
🦉 More lessons are available in Snyk Learn

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[tristanrobert]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.