Updated version of org.springframework.boot to address CVE-2023-20883.…

… Removed unused dependencies. (#34)
duosecurity · Oct 9, 2024 · 2bd472c · 2bd472c
1 parent 6bfcafc
commit 2bd472c
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 18 deletions.
diff --git a/duo-example/pom.xml b/duo-example/pom.xml
@@ -5,7 +5,7 @@
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>2.6.6</version>
+        <version>2.6.15</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
@@ -48,17 +48,12 @@
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-autoconfigure</artifactId>
-            <version>2.6.6</version>
+            <version>2.6.15</version>
         </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-tomcat</artifactId>
-            <version>2.6.6</version>
-        </dependency>
-        <!-- JSTL for JSP -->
-        <dependency>
-            <groupId>javax.servlet</groupId>
-            <artifactId>jstl</artifactId>
+            <version>2.6.15</version>
         </dependency>
         <dependency>
             <groupId>org.apache.tomcat</groupId>

diff --git a/duo-universal-sdk/pom.xml b/duo-universal-sdk/pom.xml
@@ -118,21 +118,11 @@
             <version>1.18.20</version>
             <scope>provided</scope>
         </dependency>
-        <dependency>
-            <groupId>com.fasterxml.jackson.core</groupId>
-            <artifactId>jackson-core</artifactId>
-            <version>2.16.0</version>
-        </dependency>
         <dependency>
             <groupId>com.auth0</groupId>
             <artifactId>java-jwt</artifactId>
             <version>4.0.0</version>
         </dependency>
-        <dependency>
-            <groupId>com.squareup.okhttp3</groupId>
-            <artifactId>logging-interceptor</artifactId>
-            <version>4.9.2</version>
-        </dependency>
         <dependency>
             <groupId>org.junit.jupiter</groupId>
             <artifactId>junit-jupiter</artifactId>