From 897b4c079ae732bb1b5d5eafe6eb36adc95b7bc0 Mon Sep 17 00:00:00 2001
From: "lineaje-autofix[bot]" <lineaje-autofix@lineaje.com>
Date: Fri, 10 Oct 2025 06:01:55 +0000
Subject: [PATCH 1/6] [lineaje] Update org.springframework:spring-core:5.3.9 to
 5.3.14

Fixes CVEs - CVE-2021-22060,CVE-2021-22096
---
 pom.xml | 12 +++---------
 1 file changed, 3 insertions(+), 9 deletions(-)

diff --git a/pom.xml b/pom.xml
index 7f8c9c7..3451eba 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1,17 +1,12 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0"
-         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+<?xml version="1.0" encoding="UTF-8"?><project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
-
     <groupId>com.example</groupId>
     <artifactId>my-app</artifactId>
     <version>1.0-SNAPSHOT</version>
-
     <properties>
         <maven.compiler.source>1.8</maven.compiler.source>
         <maven.compiler.target>1.8</maven.compiler.target>
     </properties>
-
     <dependencies>
         <dependency>
             <groupId>junit</groupId>
@@ -22,7 +17,7 @@
         <dependency>
             <groupId>org.springframework</groupId>
             <artifactId>spring-core</artifactId>
-            <version>5.3.9</version>
+            <version>5.3.14</version>
         </dependency>
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
@@ -170,7 +165,6 @@
             <version>3.1</version>
         </dependency>
     </dependencies>
-
     <build>
         <plugins>
             <plugin>
@@ -184,4 +178,4 @@
             </plugin>
         </plugins>
     </build>
-</project>
+</project>
\ No newline at end of file

From 7c83db26273c696b629dff6d08006a290a11ec1d Mon Sep 17 00:00:00 2001
From: "lineaje-autofix[bot]" <lineaje-autofix@lineaje.com>
Date: Fri, 10 Oct 2025 06:03:31 +0000
Subject: [PATCH 2/6] [lineaje] Update org.apache.santuario:xmlsec:2.2.1 to
 2.2.3

Fixes CVEs - CVE-2021-40690,CVE-2023-44483
---
 pom.xml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pom.xml b/pom.xml
index 3451eba..2e00e81 100644
--- a/pom.xml
+++ b/pom.xml
@@ -164,6 +164,11 @@
             <artifactId>commons-jexl3</artifactId>
             <version>3.1</version>
         </dependency>
+        <dependency>
+            <groupId>org.apache.santuario</groupId>
+            <artifactId>xmlsec</artifactId>
+            <version>2.3.4</version>
+        </dependency>
     </dependencies>
     <build>
         <plugins>

From 0a99942e3b53aa5b5cf50045eb03ab9c49aa0192 Mon Sep 17 00:00:00 2001
From: "lineaje-autofix[bot]" <lineaje-autofix@lineaje.com>
Date: Fri, 10 Oct 2025 06:05:06 +0000
Subject: [PATCH 3/6] [lineaje] Update xalan:xalan:2.7.2 to 2.7.3

Fixes CVEs - CVE-2022-34169
---
 pom.xml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pom.xml b/pom.xml
index 2e00e81..3e7614c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -169,6 +169,11 @@
             <artifactId>xmlsec</artifactId>
             <version>2.3.4</version>
         </dependency>
+        <dependency>
+            <groupId>xalan</groupId>
+            <artifactId>xalan</artifactId>
+            <version>2.7.3</version>
+        </dependency>
     </dependencies>
     <build>
         <plugins>

From fe1a10fd6e2ad0646c5534db1546c73c821ec9d4 Mon Sep 17 00:00:00 2001
From: "lineaje-autofix[bot]" <lineaje-autofix@lineaje.com>
Date: Fri, 10 Oct 2025 06:06:42 +0000
Subject: [PATCH 4/6] [lineaje] Update org.apache.pdfbox:pdfbox:2.0.22 to
 2.0.24

Fixes CVEs - CVE-2021-27807,CVE-2021-27906,CVE-2021-31811,CVE-2021-31812
---
 pom.xml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pom.xml b/pom.xml
index 3e7614c..8743786 100644
--- a/pom.xml
+++ b/pom.xml
@@ -174,6 +174,11 @@
             <artifactId>xalan</artifactId>
             <version>2.7.3</version>
         </dependency>
+        <dependency>
+            <groupId>org.apache.pdfbox</groupId>
+            <artifactId>pdfbox</artifactId>
+            <version>2.0.24</version>
+        </dependency>
     </dependencies>
     <build>
         <plugins>

From b76d59b876fa370cb45e4e3999ac35fa473537f6 Mon Sep 17 00:00:00 2001
From: "lineaje-autofix[bot]" <lineaje-autofix@lineaje.com>
Date: Fri, 10 Oct 2025 06:08:19 +0000
Subject: [PATCH 5/6] [lineaje] Update
 com.fasterxml.jackson.core:jackson-databind:2.12.3 to 2.12.7.1

Fixes CVEs - CVE-2020-36518,CVE-2021-46877,CVE-2022-42003,CVE-2022-42004,GHSA-57J2-W4CX-62H2
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 8743786..2bb963b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -22,7 +22,7 @@
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-databind</artifactId>
-            <version>2.12.3</version>
+            <version>2.13.2.1</version>
         </dependency>
         <dependency>
             <groupId>org.apache.commons</groupId>

From edc65027d29bd60be0c2d7ec7da701d18536418d Mon Sep 17 00:00:00 2001
From: "lineaje-autofix[bot]" <lineaje-autofix@lineaje.com>
Date: Fri, 10 Oct 2025 06:09:55 +0000
Subject: [PATCH 6/6] [lineaje] Update
 org.apache.logging.log4j:log4j-core:2.14.1 to 2.12.4

Fixes CVEs - CVE-2021-44228,CVE-2021-44832,CVE-2021-45046,CVE-2021-45105
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 2bb963b..7271a2c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -32,7 +32,7 @@
         <dependency>
             <groupId>org.apache.logging.log4j</groupId>
             <artifactId>log4j-core</artifactId>
-            <version>2.14.1</version>
+            <version>2.17.1</version>
         </dependency>
         <dependency>
             <groupId>org.apache.logging.log4j</groupId>