[Snyk] Security upgrade org.springframework:spring-webmvc from 5.3.31 to 6.1.13

[pavelbe4solutions]

Snyk has created this PR to fix 1 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

• pom.xml

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score	Upgrade
	Path Traversal SNYK-JAVA-ORGSPRINGFRAMEWORK-7945490	635	org.springframework:spring-webmvc: 5.3.31 -> 6.1.13 Major version upgrade No Path Found No Known Exploit

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Path Traversal

[dryrunsecurity]

DryRun Security Summary

The pull request focuses on updating the deployment configuration of the OWASP Benchmark application, including changes to the maven-antrun-plugin and cargo-maven3-plugin configurations, the addition of tasks to run the application and manage the database, the configuration of HTTPS and JVM arguments for the Tomcat server, and the integration of security tools (Contrast, Seeker, and CxIAST) into the deployment process.

Expand for full summary

Summary:

The code changes in this pull request are primarily focused on the deployment configuration of the OWASP Benchmark application. The changes involve updates to the maven-antrun-plugin and cargo-maven3-plugin configurations, which are used to manage the deployment of the application to a Tomcat server.

The key changes include the addition of tasks to run the application, start the database server, and initialize the database. The cargo-maven3-plugin configurations have been updated to use the tomcat${tomcat.major.version}x container, set the application to be deployed on HTTPS, and configure various HTTPS-related settings for the Tomcat server. Additionally, the changes include the configuration of JVM arguments for the Tomcat server, as well as the integration of several security tools (Contrast, Seeker, and CxIAST) into the deployment process.

From an application security perspective, the changes related to the HTTPS configuration are important, as they ensure that the application is accessed over a secure channel, protecting the communication between the client and the server. The integration of security tools can also help identify and address security vulnerabilities in the application during the deployment process.

Files Changed:

• pom.xml: This file contains the deployment configuration for the OWASP Benchmark application. The changes include updates to the maven-antrun-plugin and cargo-maven3-plugin configurations, as well as the addition of several profiles for integrating different security tools (Contrast, Seeker, and CxIAST) into the deployment process.

Code Analysis

We ran 9 analyzers against 1 file and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Sensitive Files Analyzer	1 finding

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.