chore(deps): update dependencies (Kotlin 1.9.22, Spring Boot 3.2.2)

Several dependencies which had been added to include CVE fixes have been removed, since the CVEs have been addressed by Spring Boot.
digitalservicebund · Jan 22, 2024 · 68c5ccb · 68c5ccb
1 parent df51c83
commit 68c5ccb
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 18 deletions.
diff --git a/build.gradle.kts b/build.gradle.kts
@@ -41,16 +41,6 @@ dependencies {
     implementation(libs.kotlin.stdlib.jdk8)
     implementation(libs.kotlinx.coroutines.reactor)
 
-    // CVE-2023-6378 / CVE-2023-6481
-    implementation(libs.logback.classic)
-    implementation(libs.logback.core)
-
-    // CVE-2022-1471
-    implementation(libs.snakeyaml)
-
-    // CVE-2023-34062
-    implementation(libs.reactor.netty.http)
-
     developmentOnly(libs.spring.boot.devtools)
 }
 

diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
@@ -1,9 +1,8 @@
 [versions]
 # @keep
 jacoco = "0.8.10"
-kotlin = "1.9.21"
-logback = "1.4.14"
-spring-boot = "3.2.0"
+kotlin = "1.9.22"
+spring-boot = "3.2.2"
 
 [libraries]
 archunit-junit5 = "com.tngtech.archunit:archunit-junit5:1.2.1"
@@ -12,12 +11,8 @@ kotlin-bom = { module = "org.jetbrains.kotlin:kotlin-bom", version.ref = "kotlin
 kotlin-reflect = { module = "org.jetbrains.kotlin:kotlin-reflect" }
 kotlin-stdlib-jdk8 = { module = "org.jetbrains.kotlin:kotlin-stdlib-jdk8" }
 kotlinx-coroutines-reactor = { module = "org.jetbrains.kotlinx:kotlinx-coroutines-reactor" }
-logback-classic = { module = "ch.qos.logback:logback-classic", version.ref = "logback" }
-logback-core = { module = "ch.qos.logback:logback-core", version.ref = "logback" }
 reactor-kotlin-extensions = { module = "io.projectreactor.kotlin:reactor-kotlin-extensions" }
-reactor-netty-http = "io.projectreactor.netty:reactor-netty-http:1.1.13"
 reactor-test = { module = "io.projectreactor:reactor-test" }
-snakeyaml = "org.yaml:snakeyaml:2.2"
 spring-boot-devtools = { module = "org.springframework.boot:spring-boot-devtools" }
 spring-boot-starter-actuator = { module = "org.springframework.boot:spring-boot-starter-actuator" }
 spring-boot-starter-security = { module = "org.springframework.boot:spring-boot-starter-security" }
@@ -35,5 +30,5 @@ spotless = "com.diffplug.spotless:6.24.0"
 spring-boot = { id = "org.springframework.boot", version.ref = "spring-boot" }
 spring-dependency-management = "io.spring.dependency-management:1.1.4"
 test-logger = "com.adarshr.test-logger:4.0.0"
-version-catalog-update = "nl.littlerobots.version-catalog-update:0.8.1"
+version-catalog-update = "nl.littlerobots.version-catalog-update:0.8.3"
 versions = "com.github.ben-manes.versions:0.50.0"