Fix couple of CVEs before releasing 2024.0.1 (#625)

* Updates Spring Boot to 3.3.8 and Spring Cloud to 2023.0.5 * Update Groovy to 3.0.23 This updates `org.codehaus.groovy:groovy-all` used by the `stream-applications-release-train` module to `3.0.23` to fix `CVE-2022-4065` from transitive depepdency `org.testng:testng`. * Add CVEs to .trivyignore due to `debezium-supplier` transitive dependencies.
spring-cloud · Feb 2, 2025 · 22970be · 22970be
1 parent 48a16dc
commit 22970be
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 2 deletions.
diff --git a/.trivyignore b/.trivyignore
@@ -3,6 +3,8 @@
 ################################
 CVE-2023-1428
 CVE-2023-32731
+CVE-2024-41909
+CVE-2024-7254
 
 ################################
 # Snakeyaml 1.3.3

diff --git a/stream-applications-release-train/stream-applications-descriptor/pom.xml b/stream-applications-release-train/stream-applications-descriptor/pom.xml
@@ -20,7 +20,7 @@
         <dependency>
             <groupId>org.codehaus.groovy</groupId>
             <artifactId>groovy-all</artifactId>
-            <version>3.0.17</version>
+            <version>3.0.23</version>
             <type>pom</type>
             <scope>compile</scope>
         </dependency>
@@ -52,7 +52,7 @@
                     <dependency>
                         <groupId>org.codehaus.groovy</groupId>
                         <artifactId>groovy-all</artifactId>
-                        <version>3.0.17</version>
+                        <version>3.0.23</version>
                         <type>pom</type>
                     </dependency>
                 </dependencies>