From 87c671e102b89bd28038fc2bf05a77e371adad6c Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 10 Sep 2024 08:10:12 +0000
Subject: [PATCH] fix: upgrade multiple dependencies with Snyk

Snyk has created this PR to upgrade:
  - com.thoughtworks.xstream:xstream from 1.4.4 to 1.4.20.
    See this package in maven: https://mvnrepository.com/artifact/com.thoughtworks.xstream/xstream/
  - log4j:log4j from 1.2.16 to 1.2.17.
    See this package in maven: https://mvnrepository.com/artifact/log4j/log4j/
  - net.sf.saxon:saxon from 8.5.1 to 8.7.
    See this package in maven: https://mvnrepository.com/artifact/net.sf.saxon/saxon/
  - org.codehaus.jackson:jackson-mapper-asl from 1.7.1 to 1.9.13.
    See this package in maven: https://mvnrepository.com/artifact/org.codehaus.jackson/jackson-mapper-asl/
  - org.slf4j:slf4j-api from 1.6.1 to 1.7.36.
    See this package in maven: https://mvnrepository.com/artifact/org.slf4j/slf4j-api/
  - org.hibernate:hibernate-validator from 4.2.0.Final to 4.3.2.Final.
    See this package in maven: https://mvnrepository.com/artifact/org.hibernate/hibernate-validator/
  - org.slf4j:jcl-over-slf4j from 1.6.1 to 1.7.36.
    See this package in maven: https://mvnrepository.com/artifact/org.slf4j/jcl-over-slf4j/
  - org.slf4j:slf4j-log4j12 from 1.6.1 to 1.7.36.
    See this package in maven: https://mvnrepository.com/artifact/org.slf4j/slf4j-log4j12/
  - org.springframework:spring-beans from 4.0.0.RELEASE to 4.3.30.RELEASE.
    See this package in maven: https://mvnrepository.com/artifact/org.springframework/spring-beans/
  - org.springframework:spring-aop from 4.0.0.RELEASE to 4.3.30.RELEASE.
    See this package in maven: https://mvnrepository.com/artifact/org.springframework/spring-aop/
  - org.springframework:spring-expression from 4.0.0.RELEASE to 4.3.30.RELEASE.
    See this package in maven: https://mvnrepository.com/artifact/org.springframework/spring-expression/
  - org.springframework:spring-context from 4.0.0.RELEASE to 4.3.30.RELEASE.
    See this package in maven: https://mvnrepository.com/artifact/org.springframework/spring-context/
  - org.springframework:spring-oxm from 4.0.0.RELEASE to 4.3.30.RELEASE.
    See this package in maven: https://mvnrepository.com/artifact/org.springframework/spring-oxm/
  - org.springframework:spring-web from 4.0.0.RELEASE to 4.3.30.RELEASE.
    See this package in maven: https://mvnrepository.com/artifact/org.springframework/spring-web/
  - org.springframework:spring-webmvc from 4.0.0.RELEASE to 4.3.30.RELEASE.
    See this package in maven: https://mvnrepository.com/artifact/org.springframework/spring-webmvc/

See this project in Snyk:
https://app.snyk.io/org/eoftedal/project/13c08cb8-bfda-431d-af1d-8fd8974e912b?utm_source=github&utm_medium=referral&page=upgrade-pr
---
 pom.xml | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/pom.xml b/pom.xml
index 0509260..02821e3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -8,11 +8,11 @@
 	<name>Vulnerable REST API</name>
 	
 	<properties>
-		<spring.version>4.0.0.RELEASE</spring.version>
+		<spring.version>4.3.30.RELEASE</spring.version>
 		<jetty.version>6.1.26</jetty.version>
-		<slf4j.version>1.6.1</slf4j.version>
+		<slf4j.version>1.7.36</slf4j.version>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-		<log4j.version>1.2.16</log4j.version>
+		<log4j.version>1.2.17</log4j.version>
 	</properties>
 	
 	<dependencies>
@@ -69,7 +69,7 @@
 <dependency>
     <groupId>net.sf.saxon</groupId>
     <artifactId>saxon</artifactId>
-    <version>8.5.1</version>
+    <version>8.7</version>
 </dependency>
 
 
@@ -77,21 +77,21 @@
 		<dependency>
 			<groupId>org.hibernate</groupId>
 			<artifactId>hibernate-validator</artifactId>
-			<version>4.2.0.Final</version>
+			<version>4.3.2.Final</version>
 		</dependency>
 
 		<!-- Jackson JSON Mapper -->
 		<dependency>
 			<groupId>org.codehaus.jackson</groupId>
 			<artifactId>jackson-mapper-asl</artifactId>
-			<version>1.7.1</version>
+			<version>1.9.13</version>
 		</dependency>
 
 		<!-- XML Mapper -->
 		<dependency>
 			<groupId>com.thoughtworks.xstream</groupId>
 			<artifactId>xstream</artifactId>
-			<version>1.4.4</version>
+			<version>1.4.20</version>
 			<optional>false</optional>
 		</dependency>