Update dependency versions to align with the spring boot 4.0.x upgrade

nrknithin · nrknithin · commit ffe45fa301ea · 2026-04-28T07:23:36.000+05:30
diff --git a/build-parent/pom.xml b/build-parent/pom.xml
@@ -51,28 +51,29 @@
       - A version property must be specified in the format "version.{groupId}", optionally with a suffix to make it unique.
       - Version properties must be sorted alphabetically (other form of sorting were found to be unclear and ambiguous).
     -->
-    <version.ch.qos.logback>1.5.25</version.ch.qos.logback>
+    <version.ch.qos.logback>1.5.32</version.ch.qos.logback>
     <version.commons-codec>1.19.0</version.commons-codec>
     <version.commons-collections>3.2.2</version.commons-collections>
     <version.commons-logging>1.1.1</version.commons-logging>
     <version.commons-io>2.20.0</version.commons-io>
     <version.common-text>1.14.0</version.common-text>
-    <version.com.fasterxml.jackson>2.21.1</version.com.fasterxml.jackson>
-    <version.com.fasterxml.jackson.databind>2.21.1</version.com.fasterxml.jackson.databind>
+    <version.com.fasterxml.jackson>2.21.2</version.com.fasterxml.jackson>
+    <version.com.fasterxml.jackson.databind>2.21.2</version.com.fasterxml.jackson.databind>
     <version.com.fasterxml.jackson.annotations>2.21</version.com.fasterxml.jackson.annotations>
     <version.com.github.victools>4.37.0</version.com.github.victools> <!-- victools should align with Jackson if possible -->
     <version.com.miglayout>3.7.4</version.com.miglayout>
     <version.domino-slf4j-logger>1.0.1</version.domino-slf4j-logger>
     <version.com.google.protobuf>3.25.5</version.com.google.protobuf>
-    <version.com.h2database>2.3.232</version.com.h2database>
+    <version.com.h2database>2.4.240</version.com.h2database>
     <version.com.networknt.json-schema-validator>1.0.86</version.com.networknt.json-schema-validator>
     <version.com.sun.xml.bind>4.0.5</version.com.sun.xml.bind>
     <version.com.thoughtworks.xstream>1.4.21</version.com.thoughtworks.xstream>
     <version.guru.nidi>0.18.0</version.guru.nidi>
     <version.info.picocli>4.7.7</version.info.picocli>
-    <version.io.micrometer>1.14.12</version.io.micrometer>
+    <version.io.micrometer>1.16.4</version.io.micrometer>
     <version.io.quarkus>3.27.3</version.io.quarkus>
     <version.io.netty>4.1.132.Final</version.io.netty>
+    <version.at.yawk.lz4.java>1.10.1</version.at.yawk.lz4.java>
     <version.io.smallrye.openapi.core>4.0.12</version.io.smallrye.openapi.core>
     <version.io.smallrye.config.core>3.13.4</version.io.smallrye.config.core>
     <version.org.apache.kafka>4.1.2</version.org.apache.kafka>
@@ -84,7 +85,7 @@
     <version.org.antlr>3.5.2</version.org.antlr>
     <version.org.antlr.ST4>4.0.7</version.org.antlr.ST4>
     <version.org.apache.ant>1.10.11</version.org.apache.ant>
-    <version.org.apache.commons.lang3>3.18.0</version.org.apache.commons.lang3>
+    <version.org.apache.commons.lang3>3.19.0</version.org.apache.commons.lang3>
     <version.org.apache.commons.math3>3.6.1</version.org.apache.commons.math3>
     <version.org.apache.httpcomponents.httpcore>4.4.16</version.org.apache.httpcomponents.httpcore>
     <version.org.apache.maven>3.9.11</version.org.apache.maven>
@@ -98,9 +99,9 @@
     <version.org.freemarker>2.3.34</version.org.freemarker>
     <version.org.glassfish.jaxb>4.0.6</version.org.glassfish.jaxb>
     <!--This needs to be in sync with JUnit-->
-    <version.org.hamcrest>2.2</version.org.hamcrest>
+    <version.org.hamcrest>3.0</version.org.hamcrest>
     <version.org.hsqldb>2.7.1</version.org.hsqldb>
-    <version.org.infinispan>15.0.21.Final</version.org.infinispan>
+    <version.org.infinispan>15.2.6.Final</version.org.infinispan>
     <version.org.infinispan.protostream>5.0.13.Final</version.org.infinispan.protostream>
     <version.org.javassist>3.26.0-GA</version.org.javassist>
     <version.org.jboss.narayana.tomcat>7.2.2.Final</version.org.jboss.narayana.tomcat>
@@ -121,8 +122,8 @@
     <version.jakarta.json-api>2.1.3</version.jakarta.json-api>
     <version.org.apache.openjpa>4.0.0</version.org.apache.openjpa>
     <version.org.jpmml.model>1.6.4</version.org.jpmml.model> <!-- jpmml-model BSD 3C license - ATTENTION 1.5.1 intentional, because 1.5.1 evaluators works with 1.5.1 -->
-    <version.org.junit.jupiter>5.13.4</version.org.junit.jupiter>
-    <version.org.junit.platform>1.13.4</version.org.junit.platform> <!-- Keep synchronized with junit-jupiter (middle and minor should be the same) -->
+    <version.org.junit.jupiter>6.0.3</version.org.junit.jupiter>
+    <version.org.junit.platform>6.0.3</version.org.junit.platform> <!-- JUnit 6 unified versioning: platform shares the jupiter version, managed by junit-bom 6.0.3 -->
     <version.org.mvel>2.5.2.Final</version.org.mvel>
     <version.org.powermock>2.0.9</version.org.powermock>
     <version.org.slf4j>2.0.17</version.org.slf4j>
@@ -188,7 +189,7 @@
 
     <version.net.byte-buddy>1.17.6</version.net.byte-buddy>
 
-    <version.org.postgresql>42.7.8</version.org.postgresql>
+    <version.org.postgresql>42.7.10</version.org.postgresql>
 
     <version.ch.obermuhlner>2.0.1</version.ch.obermuhlner>
     <version.io.smallrye.jandex>3.4.0</version.io.smallrye.jandex>
@@ -1342,6 +1343,13 @@
           </exclusion>
         </exclusions>
       </dependency>
+
+      <!-- CVE fix: use at.yawk.lz4:lz4-java instead of org.lz4:lz4-java -->
+      <dependency>
+        <groupId>at.yawk.lz4</groupId>
+        <artifactId>lz4-java</artifactId>
+        <version>${version.at.yawk.lz4.java}</version>
+      </dependency>
     </dependencies>
 
   </dependencyManagement>
