Merge pull request #39 from spt-development/feature/spring-boot-3.4.1-upgrade

Updated dependencies to align with Spring Boot 3.4.1

Author: SimonTaylor

documentation/releases/release-3.4.1.md

@@ -0,0 +1,3 @@
+## Dependencies
+
+* Aligned dependencies with [Spring Boot 3.1.0](https://github.com/spring-projects/spring-boot/releases/tag/v3.4.1)

pom.xml

@@ -40,38 +40,38 @@
         <maven.min.version>3.9.4</maven.min.version>
 
         <!-- Dependency versions -->
-        <spring-boot.version>3.4.0</spring-boot.version>
+        <spring-boot.version>3.4.1</spring-boot.version>
         <spt-cid.version>2.0.15</spt-cid.version>
-        <spt-logging-spring.version>3.2.5</spt-logging-spring.version>
+        <spt-logging-spring.version>3.2.6</spt-logging-spring.version>
 
         <!-- Plugin versions -->
         <build-helper-maven-plugin.version>3.6.0</build-helper-maven-plugin.version>
         <checkstyle-maven-plugin.version>3.6.0</checkstyle-maven-plugin.version>
-        <dependency-check-maven.version>11.1.0</dependency-check-maven.version>
+        <dependency-check-maven.version>11.1.1</dependency-check-maven.version>
         <jacoco-maven-plugin.version>0.8.12</jacoco-maven-plugin.version>
-        <license-maven-plugin.version>2.4.0</license-maven-plugin.version>
+        <license-maven-plugin.version>2.5.0</license-maven-plugin.version>
         <maven-compiler-plugin.version>3.13.0</maven-compiler-plugin.version>
         <maven-dependency-plugin.version>3.8.1</maven-dependency-plugin.version>
         <maven-enforcer-plugin.version>3.5.0</maven-enforcer-plugin.version>
         <maven-gpg-plugin.version>3.2.7</maven-gpg-plugin.version>
-        <maven-javadoc-plugin.version>3.11.1</maven-javadoc-plugin.version>
+        <maven-javadoc-plugin.version>3.11.2</maven-javadoc-plugin.version>
         <maven-jxr-plugin.version>3.6.0</maven-jxr-plugin.version>
         <maven-pmd-plugin.version>3.26.0</maven-pmd-plugin.version>
         <maven-release-plugin.version>3.1.1</maven-release-plugin.version>
         <maven-scm-plugin.version>2.1.0</maven-scm-plugin.version>
         <maven-source-plugin.version>3.3.1</maven-source-plugin.version>
         <maven-surefire-plugin.version>3.5.2</maven-surefire-plugin.version>
         <nexus-staging-plugin.version>1.7.0</nexus-staging-plugin.version>
-        <pitest-maven.version>1.17.1</pitest-maven.version>
+        <pitest-maven.version>1.17.3</pitest-maven.version>
         <spotbugs.version>4.8.6.6</spotbugs.version>
         <versions-maven-plugin.version>2.18.0</versions-maven-plugin.version>
 
         <!-- Plugin dependencies -->
-        <checkstyle.version>10.20.1</checkstyle.version>
+        <checkstyle.version>10.21.0</checkstyle.version>
         <findbugs-slf4j-bug-pattern.version>1.5.0</findbugs-slf4j-bug-pattern.version>
         <findbugs-sec-bug-pattern.version>1.13.0</findbugs-sec-bug-pattern.version>
         <pitest-junit5-plugin.version>1.2.1</pitest-junit5-plugin.version>
-        <pmd.version>7.7.0</pmd.version>
+        <pmd.version>7.8.0</pmd.version>
         <slf4j.version>2.0.16</slf4j.version>
     </properties>
 

spt-development-logging-spring-boot-starter/config/owasp/suppress.xml

@@ -3,17 +3,16 @@
     <!-- Not wanting to deviate from a Spring Boot dependency -->
     <suppress>
         <notes><![CDATA[
-   file name: logback-classic-1.4.11.jar
+   file name: logback-core-1.5.12.jar
    ]]></notes>
-        <packageUrl regex="true">^pkg:maven/ch\.qos\.logback/logback\-classic@.*$</packageUrl>
-        <vulnerabilityName>CVE-2023-6378</vulnerabilityName>
+        <packageUrl regex="true">^pkg:maven/ch\.qos\.logback/logback\-core@.*$</packageUrl>
+        <vulnerabilityName>CVE-2024-12798</vulnerabilityName>
     </suppress>
-    <!-- Not wanting to deviate from a Spring Boot dependency -->
     <suppress>
         <notes><![CDATA[
-   file name: logback-core-1.4.11.jar
+   file name: logback-core-1.5.12.jar
    ]]></notes>
         <packageUrl regex="true">^pkg:maven/ch\.qos\.logback/logback\-core@.*$</packageUrl>
-        <vulnerabilityName>CVE-2023-6378</vulnerabilityName>
+        <vulnerabilityName>CVE-2024-12801</vulnerabilityName>
     </suppress>
 </suppressions>