levigo · ebidosm · Nov 20, 2023 · Nov 14, 2023 · Nov 17, 2023 · Nov 20, 2023
diff --git a/neverpile-commons-locking/pom.xml b/neverpile-commons-locking/pom.xml
@@ -8,6 +8,10 @@
   </parent>
   <artifactId>neverpile-commons-locking</artifactId>
 
+  <properties>
+    <h2.version>2.2.224</h2.version>
+  </properties>
+
   <dependencies>
     <dependency>
       <groupId>org.springframework.boot</groupId>
@@ -38,6 +42,7 @@
       <groupId>com.h2database</groupId>
       <artifactId>h2</artifactId>
       <scope>test</scope>
+      <version>${h2.version}</version>
     </dependency>
     <dependency>
       <groupId>org.mockito</groupId>

diff --git a/neverpile-commons-swagger-ui/pom.xml b/neverpile-commons-swagger-ui/pom.xml
@@ -51,7 +51,7 @@
     <dependency>
       <groupId>org.webjars</groupId>
       <artifactId>swagger-ui</artifactId>
-      <version>4.1.3</version>
+      <version>4.18.1</version>
     </dependency>
   </dependencies>
 

diff --git a/pom.xml b/pom.xml
@@ -15,6 +15,7 @@
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
     <spring-boot.version>3.1.5</spring-boot.version>
+    <snakeyaml.version>2.2</snakeyaml.version>
   </properties>
 
   <modules>
@@ -38,6 +39,12 @@
         <type>pom</type>
         <scope>import</scope>
       </dependency>
+<!--      TODO: delete the following dependencies when spring-boot provide a newer version of them without vulnerabilities -->
+      <dependency>
+        <groupId>org.yaml</groupId>
+        <artifactId>snakeyaml</artifactId>
+        <version>${snakeyaml.version}</version>
+      </dependency>
     </dependencies>
   </dependencyManagement>