From 77710c4661e6b2e459d47c02c6ff6a64f3a34bd8 Mon Sep 17 00:00:00 2001
From: Eduard Schander <66794307+EddeCCC@users.noreply.github.com>
Date: Tue, 19 Sep 2023 09:59:59 +0200
Subject: [PATCH] update dependencies (#47)

* update dependencies

* update okio-jvm

* update boomerang opentelemetry-plugin
---
 build.gradle      | 8 +++++++-
 gradle.properties | 8 ++++++--
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/build.gradle b/build.gradle
index 44b6cf6..21ce6ca 100644
--- a/build.gradle
+++ b/build.gradle
@@ -136,7 +136,7 @@ dependencies {
             "io.opentelemetry:opentelemetry-exporter-jaeger-thrift",
             "io.opentelemetry:opentelemetry-sdk",
             "io.opentelemetry:opentelemetry-proto:${openTelemetryProtoVersion}",
-            
+
             "com.fasterxml.jackson.dataformat:jackson-dataformat-yaml",
 
             "com.google.protobuf:protobuf-java:${protobufVersion}",
@@ -149,7 +149,13 @@ dependencies {
             "org.apache.commons:commons-lang3",
             "org.apache.commons:commons-math3:${commonsMath3Version}",
             "commons-io:commons-io:${commonsIoVersion}",
+
+            // If indluxdb-java is updated, check new version of the transitive dependency okio-jvm
+            // If there is a higher new version, remove the dependency override of okio-jvm
             "org.influxdb:influxdb-java:${influxdbJavaVersion}",
+            // Override transitive dependency with newer version, due to security concerns
+            "com.squareup.okio:okio-jvm:${okioJvmVersion}",
+
             "rocks.inspectit:opencensus-influxdb-exporter:${opencensusInfluxdbExporterVersion}",
     )
 
diff --git a/gradle.properties b/gradle.properties
index eed1d8f..6443b78 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -1,9 +1,9 @@
 # The boomerang version to ship with the EUM server
 boomerangVersion=1.737.0
 # The open-telemetry-boomerang version to ship with the EUM server
-boomerangOpenTelemetryPluginVersion=0.25.0-7
+boomerangOpenTelemetryPluginVersion=0.25.0-8
 # Upgrade to Spring 3.* and Java 17
-springBootVersion=3.1.0
+springBootVersion=3.1.3
 # CVE-2022-1471 was resolved with SnakeYAML 2.0
 snakeYamlVersion=2.0
 # Ensure to adapt the netty version (inspectit-ocelot-core/build.gradle) when changing the OpenCensus version
@@ -20,7 +20,11 @@ geoip2Version=4.0.1
 commonsNetVersion=3.9.0
 commonsMath3Version=3.6.1
 commonsIoVersion=2.11.0
+# If indluxdb-java is updated, check new version of the transitive dependency okio-jvm
+# If there is a higher new version, remove the dependency override of okio-jvm
 influxdbJavaVersion=2.23
+okioJvmVersion=3.5.0
+
 opencensusInfluxdbExporterVersion=1.2
 armeriaVersion=1.23.1
 testContainersVersion=1.18.0