[Snyk] Upgrade: com.auth0:java-jwt, com.auth0:auth0, io.jsonwebtoken:jjwt, org.apache.tomcat.embed:tomcat-embed-core, org.hibernate.validator:hibernate-validator, org.hibernate:hibernate-core, org.postgresql:postgresql, org.projectlombok:lombok, org.springframework.boot:spring-boot-starter, org.springframework.boot:spring-boot-starter-actuator, org.springframework.boot:spring-boot-starter-data-jpa, org.springframework.boot:spring-boot-starter-security, org.springframework.boot:spring-boot-starter-thymeleaf, org.springframework.boot:spring-boot-starter-validation, org.springframework.boot:spring-boot-starter-web, org.springframework.hateoas:spring-hateoas

[andkcode]

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

com.auth0:java-jwt
from 3.18.1 to 3.19.4 | 7 versions ahead of your current version | 2 years ago
on 2023-01-11
com.auth0:auth0
from 2.1.0 to 2.12.0 | 13 versions ahead of your current version | 4 months ago
on 2024-05-29
io.jsonwebtoken:jjwt
from 0.9.1 to 0.12.6 | 7 versions ahead of your current version | 3 months ago
on 2024-06-21
org.apache.tomcat.embed:tomcat-embed-core
from 9.0.31 to 9.0.93 | 52 versions ahead of your current version | a month ago
on 2024-08-02
org.hibernate.validator:hibernate-validator
from 6.2.0.Final to 6.2.5.Final | 5 versions ahead of your current version | 2 years ago
on 2022-09-12
org.hibernate:hibernate-core
from 6.1.1.Final to 6.6.0.Final | 67 versions ahead of your current version | a month ago
on 2024-08-08
org.postgresql:postgresql
from 42.6.0 to 42.7.4 | 7 versions ahead of your current version | 24 days ago
on 2024-08-22
org.projectlombok:lombok
from 1.18.24 to 1.18.34 | 5 versions ahead of your current version | 3 months ago
on 2024-06-28
org.springframework.boot:spring-boot-starter
from 2.7.6 to 2.7.18 | 12 versions ahead of your current version | 10 months ago
on 2023-11-23
org.springframework.boot:spring-boot-starter-actuator
from 2.7.5 to 2.7.18 | 13 versions ahead of your current version | 10 months ago
on 2023-11-23
org.springframework.boot:spring-boot-starter-data-jpa
from 2.7.5 to 2.7.18 | 13 versions ahead of your current version | 10 months ago
on 2023-11-23
org.springframework.boot:spring-boot-starter-security
from 2.5.4 to 2.7.18 | 46 versions ahead of your current version | 10 months ago
on 2023-11-23
org.springframework.boot:spring-boot-starter-thymeleaf
from 2.7.5 to 2.7.18 | 13 versions ahead of your current version | 10 months ago
on 2023-11-23
org.springframework.boot:spring-boot-starter-validation
from 2.7.5 to 2.7.18 | 13 versions ahead of your current version | 10 months ago
on 2023-11-23
org.springframework.boot:spring-boot-starter-web
from 2.7.5 to 2.7.18 | 13 versions ahead of your current version | 10 months ago
on 2023-11-23
org.springframework.hateoas:spring-hateoas
from 1.5.2 to 1.12.11 | 5 versions ahead of your current version | 3 years ago
on 2021-11-11

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Remote Code Execution (RCE) SNYK-JAVA-ORGAPACHETOMCATEMBED-1080637	564	No Known Exploit
	Insufficient Session Expiration SNYK-JAVA-ORGAPACHETOMCATEMBED-7430175	564	No Known Exploit
	SQL Injection SNYK-JAVA-ORGPOSTGRESQL-6252740	564	No Known Exploit
	Remote Code Execution (RCE) SNYK-JAVA-ORGAPACHETOMCATEMBED-570072	564	Mature
	Denial of Service (DoS) SNYK-JAVA-ORGAPACHETOMCATEMBED-5953331	564	Mature
	Denial of Service (DoS) SNYK-JAVA-ORGAPACHETOMCATEMBED-1728264	564	No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-ORGAPACHETOMCATEMBED-1728268	564	Proof of Concept
	Improper Input Validation SNYK-JAVA-ORGAPACHETOMCATEMBED-6092281	564	No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-ORGAPACHETOMCATEMBED-6435948	564	No Known Exploit
	Privilege Escalation SNYK-JAVA-ORGAPACHETOMCATEMBED-2414084	564	No Known Exploit
	Unprotected Transport of Credentials SNYK-JAVA-ORGAPACHETOMCATEMBED-3369687	564	No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-ORGAPACHETOMCATEMBED-584427	564	No Known Exploit
	HTTP Request Smuggling SNYK-JAVA-ORGAPACHETOMCATEMBED-1080638	564	No Known Exploit
	Access Restriction Bypass SNYK-JAVA-ORGAPACHETOMCATEMBED-5862028	564	No Known Exploit
	Improper Input Validation SNYK-JAVA-ORGAPACHETOMCATEMBED-5959654	564	No Known Exploit
	HTTP Request Smuggling SNYK-JAVA-ORGAPACHETOMCATEMBED-1017119	564	No Known Exploit
	Information Exposure SNYK-JAVA-ORGAPACHETOMCATEMBED-1048292	564	Proof of Concept
	Information Disclosure SNYK-JAVA-ORGAPACHETOMCATEMBED-1061939	564	No Known Exploit
	Improper Input Validation SNYK-JAVA-ORGAPACHETOMCATEMBED-1728265	564	No Known Exploit
	Incomplete Cleanup SNYK-JAVA-ORGAPACHETOMCATEMBED-5959972	564	No Known Exploit
	HTTP Request Smuggling SNYK-JAVA-ORGAPACHETOMCATEMBED-1728266	564	No Known Exploit
	Information Exposure SNYK-JAVA-ORGAPACHETOMCATEMBED-6183062	564	No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-ORGAPACHETOMCATEMBED-3326459	564	No Known Exploit
	Information Exposure SNYK-JAVA-ORGAPACHETOMCATEMBED-3035793	564	No Known Exploit
	HTTP Request Smuggling SNYK-JAVA-ORGAPACHETOMCATEMBED-3097829	564	No Known Exploit

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs