From e9dd953b4fd098fe325f9be010203b7665e85951 Mon Sep 17 00:00:00 2001
From: SchulzeStTSI <67590336+SchulzeStTSI@users.noreply.github.com>
Date: Thu, 16 Dec 2021 13:31:45 +0100
Subject: [PATCH] Update pom.xml (#68)

* Update pom.xml

* Update pom.xml

* Update pom.xml

* Update pom.xml

* Update pom.xml

* Update pom.xml

Co-authored-by: Simon Laurenz <simon.laurenz@t-systems.com>
---
 owasp/suppressions.xml |  4 +++
 pom.xml                | 59 +++++++++++++++++++++++++-----------------
 2 files changed, 39 insertions(+), 24 deletions(-)

diff --git a/owasp/suppressions.xml b/owasp/suppressions.xml
index a900841..9dd8c28 100644
--- a/owasp/suppressions.xml
+++ b/owasp/suppressions.xml
@@ -28,4 +28,8 @@
     <!--  Vulnerability impacts WebFlux apps only and can be ignored here.  -->
     <cve>CVE-2021-22118</cve>
   </suppress>
+  <suppress>
+    <notes>H2 is only used for Unit Testing. Version 2.x includes major breaking changes.</notes>
+    <cve>CVE-2021-23463</cve>
+  </suppress>
 </suppressions>
diff --git a/pom.xml b/pom.xml
index 8936aef..05e669c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -24,25 +24,26 @@
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
     <!-- dependencies -->
-    <owasp.version>6.1.1</owasp.version>
-    <spring.boot.version>2.5.6</spring.boot.version>
-    <spring.cloud.version>2020.0.4</spring.cloud.version>
-    <spring.cloud.openfeign.version>3.0.5</spring.cloud.openfeign.version>
-    <spring.test.version>5.3.5</spring.test.version>
-    <spring.security.version>5.5.1</spring.security.version>
-    <lombok.version>1.18.20</lombok.version>
-    <liquibase.version>4.3.3</liquibase.version>
-    <springdoc.version>1.5.12</springdoc.version>
+    <owasp.version>6.5.0</owasp.version>
+    <spring.boot.version>2.6.1</spring.boot.version>
+    <spring.cloud.version>2021.0.0</spring.cloud.version>
+    <spring.cloud.openfeign.version>3.1.0</spring.cloud.openfeign.version>
+    <spring.test.version>5.3.12</spring.test.version>
+    <spring.security.version>5.6.0</spring.security.version>
+    <lombok.version>1.18.22</lombok.version>
+    <liquibase.version>4.6.2</liquibase.version>
+    <springdoc.version>1.6.0</springdoc.version>
     <junit.version>5.8.1</junit.version>
-    <junit.vintage.version>5.8.1</junit.vintage.version>
     <pivotal.cfenv.version>2.3.0</pivotal.cfenv.version>
     <mapstruct.version>1.4.2.Final</mapstruct.version>
-    <mockito.version>4.0.0</mockito.version>
-    <bcpkix.version>1.68</bcpkix.version>
+    <mockito.version>4.1.0</mockito.version>
+    <bcpkix.version>1.70</bcpkix.version>
     <okhttp.version>4.9.2</okhttp.version>
-    <shedlock.version>4.29.0</shedlock.version>
-    <dgc.lib.version>1.1.3</dgc.lib.version>
+    <shedlock.version>4.30.0</shedlock.version>
+    <dgc.lib.version>1.1.7</dgc.lib.version>
     <sap.cloud.sdk.version>3.57.0</sap.cloud.sdk.version>
+    <slf4j.version>1.7.32</slf4j.version>
+    <log4j2.version>2.16.0</log4j2.version>   
     <!-- plugins -->
     <plugin.checkstyle.version>3.1.2</plugin.checkstyle.version>
     <plugin.sonar.version>3.6.1.1688</plugin.sonar.version>
@@ -97,6 +98,21 @@
 
   <dependencyManagement>
     <dependencies>
+       <dependency>
+			  <groupId>org.apache.logging.log4j</groupId>
+			  <artifactId>log4j-to-slf4j</artifactId>
+			  <version>${log4j2.version}</version>
+			 </dependency>
+       <dependency>
+        <groupId>org.apache.logging.log4j</groupId>
+        <artifactId>log4j-api</artifactId>
+        <version>${log4j2.version}</version>
+       </dependency>
+       <dependency>
+        <groupId>org.apache.logging.log4j</groupId>
+        <artifactId>log4j-core</artifactId>
+        <version>${log4j2.version}</version>
+      </dependency>
       <dependency>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-dependencies</artifactId>
@@ -105,11 +121,11 @@
         <scope>import</scope>
       </dependency>
       <dependency>
-        <groupId>org.springframework.cloud</groupId>
-        <artifactId>spring-cloud-openfeign-dependencies</artifactId>
-        <version>${spring.cloud.openfeign.version}</version>
-        <type>pom</type>
-        <scope>import</scope>
+          <groupId>org.springframework.cloud</groupId>
+          <artifactId>spring-cloud-openfeign-dependencies</artifactId>
+          <version>${spring.cloud.openfeign.version}</version>
+          <type>pom</type>
+          <scope>import</scope>
       </dependency>
       <dependency>
         <groupId>org.springframework.cloud</groupId>
@@ -184,11 +200,6 @@
       <version>${junit.version}</version>
       <scope>test</scope>
     </dependency>
-    <dependency>
-      <groupId>org.junit.vintage</groupId>
-      <artifactId>junit-vintage-engine</artifactId>
-      <version>${junit.vintage.version}</version>
-    </dependency>
     <dependency>
       <groupId>org.springframework.boot</groupId>
       <artifactId>spring-boot-starter-test</artifactId>