This is an automated email from the ASF dual-hosted git repository.
tzimanyi pushed a commit to branch main
in repository
https://gitbox.apache.org/repos/asf/incubator-kie-kogito-runtimes.git
The following commit(s) were added to refs/heads/main by this push:
new 22d10a71d3 [NO-ISSUE] Update tomcat-embed-core, angus-mail and other
deps. (#4100)
22d10a71d3 is described below
commit 22d10a71d3baaeb7989064c0dcb9c3882a4db8b5
Author: Tibor Zimányi <[email protected]>
AuthorDate: Thu Oct 23 08:47:22 2025 +0200
[NO-ISSUE] Update tomcat-embed-core, angus-mail and other deps. (#4100)
---
kogito-build/kogito-dependencies-bom/pom.xml | 16 +++++++++++++++-
1 file changed, 15 insertions(+), 1 deletion(-)
diff --git a/kogito-build/kogito-dependencies-bom/pom.xml
b/kogito-build/kogito-dependencies-bom/pom.xml
index 2ee2214b4e..ba0d75223d 100644
--- a/kogito-build/kogito-dependencies-bom/pom.xml
+++ b/kogito-build/kogito-dependencies-bom/pom.xml
@@ -34,6 +34,11 @@
<description>Third-party dependencies used by Kogito</description>
<properties>
+ <!-- These versions are overrides for transitive dependencies, to fix
security vulnerabilities.
+ They need to be checked with Quarkus and Spring Boot upgrades and
eventually removed, if they are not needed anymore. -->
+ <version.angus.mail>2.0.5</version.angus.mail>
+ <!-- End of various transitive overrides. -->
+
<!-- this version property is used in plugins but also in dependencies too
-->
<version.io.quarkus>3.20.3</version.io.quarkus>
<version.io.quarkus.quarkus-test>${version.io.quarkus}</version.io.quarkus.quarkus-test>
@@ -163,12 +168,21 @@
<version.com.google.guava>33.0.0-jre</version.com.google.guava>
<version.apache.commons.commons-compress>1.27.1</version.apache.commons.commons-compress>
- <version.tomcat.embed.core>10.1.46</version.tomcat.embed.core>
+ <version.tomcat.embed.core>10.1.48</version.tomcat.embed.core>
</properties>
<dependencyManagement>
<dependencies>
+ <!-- These versions are overrides for transitive dependencies, to fix
security vulnerabilities.
+ They need to be checked with Quarkus and Spring Boot upgrades and
eventually removed, if they are not needed anymore. -->
+ <dependency>
+ <groupId>org.eclipse.angus</groupId>
+ <artifactId>angus-mail</artifactId>
+ <version>${version.angus.mail}</version>
+ </dependency>
+ <!-- End of various transitive overrides. -->
+
<!-- Not directly used, but used to override transitive versions of
Spring dependencies dependencies to fix vulnerabilities -->
<dependency>
<groupId>org.springframework</groupId>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
