[Snyk] Security upgrade org.springframework:spring-webmvc from 5.3.31 to 6.0.0

[pavelbe4solutions]

Snyk has created this PR to fix 1 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

• pom.xml

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score	Upgrade
	Denial of Service (DoS) SNYK-JAVA-ORGSPRINGFRAMEWORK-8384234	545	org.springframework:spring-webmvc: 5.3.31 -> 6.0.0 Major version upgrade No Path Found No Known Exploit

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service (DoS)

[dryrunsecurity]

DryRun Security Summary

The pull request updates the pom.xml file of the OWASP Benchmark application to address potential security vulnerabilities, configure deployment profiles for various application security tools, and set up static code analysis tools to identify potential security issues during the build process.

Expand for full summary

Summary:

The changes in this pull request are focused on updating the pom.xml file, which is the Maven project configuration file for the OWASP Benchmark application. The key changes include updating project dependencies, configuring deployment profiles for various application security tools, and setting up static code analysis tools.

From an application security perspective, the updates to the dependencies are important to address potential security vulnerabilities and improve the overall stability and security of the application. The deployment profiles, which include configurations for tools like Contrast Security, Seeker, and CxIAST, indicate that the Benchmark application is designed to be used with these security tools to help identify and mitigate vulnerabilities. Additionally, the inclusion of static code analysis tools, such as SpotBugs and FindSecBugs, can help identify potential security issues during the build process.

Files Changed:

• pom.xml: The changes in this file are focused on updating the project dependencies, configuring deployment profiles for various application security tools, and setting up static code analysis tools. The key changes include:
  • Updating dependencies for Spring, Tomcat, and various Apache Directory Server and LDAP-related libraries.
  • Configuring deployment profiles for tools like Contrast Security, Seeker, and CxIAST.
  • Enabling the spotless-maven-plugin to enforce code formatting rules.
  • Configuring the spotbugs-maven-plugin and findsecbugs-plugin to perform static code analysis on the Benchmark application.

Code Analysis

We ran 9 analyzers against 1 file and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Sensitive Files Analyzer	1 finding

View PR in the DryRun Dashboard.