Update dependencies to address some CVE scans (#2123)

Quinn-With-Two-Ns · web-flow · commit 8872e33e631b · 2024-06-25T08:16:21.000-07:00
Update dependencies to address some CVE scans
diff --git a/build.gradle b/build.gradle
@@ -50,13 +50,13 @@ ext {
 
     gsonVersion = '2.10.1' // [2.0,)
 
-    jsonPathVersion = '2.8.0' // compileOnly
+    jsonPathVersion = '2.9.0' // compileOnly
 
     cronUtilsVersion = '9.2.1' // for test server only
 
     // Spring Boot 3 requires Java 17, java-sdk builds against 2.x version because we support Java 8.
     // We do test compatibility with Spring Boot 3 in integration tests.
-    springBootVersion = project.hasProperty("edgeDepsTest") ? '3.0.4' : '2.7.12'// [2.4.0,)
+    springBootVersion = project.hasProperty("edgeDepsTest") ? '3.0.4' : '2.7.18'// [2.4.0,)
 
     // test scoped
     // we don't upgrade to 1.3 and 1.4 because they require slf4j 2.x
diff --git a/temporal-remote-data-encoder/build.gradle b/temporal-remote-data-encoder/build.gradle
@@ -1,7 +1,7 @@
 description = '''Temporal Workflow Java SDK'''
 
 ext {
-    okhttpVersion = '4.10.0'
+    okhttpVersion = '4.11.0'
     servletVersion = '4.0.1'
 }
 
diff --git a/temporal-sdk/build.gradle b/temporal-sdk/build.gradle
@@ -19,7 +19,9 @@ dependencies {
     // It's useful only for unit tests and debugging.
     // For these use-cases Temporal users can add this dep in the classpath temporary or permanently themselves.
     compileOnly "com.jayway.jsonpath:json-path:$jsonPathVersion"
-    testImplementation "com.jayway.jsonpath:json-path:$jsonPathVersion"
+    testImplementation("com.jayway.jsonpath:json-path:$jsonPathVersion"){
+        exclude group: 'org.slf4j', module: 'slf4j-api'
+    }
 
     testImplementation project(':temporal-testing')
     testImplementation "junit:junit:${junitVersion}"
diff --git a/temporal-testing/build.gradle b/temporal-testing/build.gradle
@@ -20,7 +20,9 @@ dependencies {
     // This dependency is included in temporal-sdk module as optional with compileOnly scope.
     // To make things easier for users, it's helpful for the testing module to bring this dependency
     // transitively as most users work with history jsons in tests.
-    implementation "com.jayway.jsonpath:json-path:$jsonPathVersion"
+    implementation("com.jayway.jsonpath:json-path:$jsonPathVersion"){
+        exclude group: 'org.slf4j', module: 'slf4j-api'
+    }
 
     junit4Api 'junit:junit:4.13.2'
 

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`description = '''Temporal Workflow Java SDK'''`
`2`	`2`
`3`	`3`	`ext {`
`4`		`- okhttpVersion = '4.10.0'`
	`4`	`+ okhttpVersion = '4.11.0'`
`5`	`5`	`servletVersion = '4.0.1'`
`6`	`6`	`}`
`7`	`7`