[Snyk] Upgrade org.springframework.boot:spring-boot-starter-json from 3.3.2 to 3.5.9

[tcheeric]

Snyk has created this PR to upgrade org.springframework.boot:spring-boot-starter-json from 3.3.2 to 3.5.9.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 35 versions ahead of your current version.

• The recommended version was released 2 months ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Relative Path Traversal SNYK-JAVA-ORGSPRINGFRAMEWORK-12008931	329	No Known Exploit
	Incorrect Authorization SNYK-JAVA-ORGSPRINGFRAMEWORK-12817817	329	No Known Exploit
	HTTP Response Splitting SNYK-JAVA-ORGSPRINGFRAMEWORK-10345766	329	No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-ORGSPRINGFRAMEWORK-7687447	329	No Known Exploit
	Improper Handling of Case Sensitivity SNYK-JAVA-ORGSPRINGFRAMEWORK-8230365	329	No Known Exploit
	Improper Handling of Case Sensitivity SNYK-JAVA-ORGSPRINGFRAMEWORK-8230366	329	No Known Exploit

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• Snyk has automatically assigned this pull request, set who gets assigned.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 👩‍💻 Set who automatically gets assigned
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[github-actions]

Qodana for JVM

79 new problems were found

Inspection name	Severity	Problems
Vulnerable declared dependency	🔴 Failure	5
Vulnerable declared dependency	🔶 Warning	27
Invalid properties configuration	🔶 Warning	10
Vulnerable declared dependency	◽️ Notice	37

☁️ View the detailed Qodana report

Detected 134 dependencies

Third-party software list

This page lists the third-party software dependencies used in project

Dependency	Version	Licenses
accessors-smart	2.5.0	Apache-2.0
accessors-smart	2.5.1	Apache-2.0
accessors-smart	2.5.2	Apache-2.0
android-json	0.0.20131108.vaadin1	Apache-2.0
angus-activation	2.0.0	BSD-3-Clause
antlr4-runtime	4.13.0	BSD-3-Clause
apiguardian-api	1.1.2	Apache-2.0
asm	9.3	BSD-3-Clause
asm	9.6	BSD-3-Clause
asm	9.7.1	BSD-3-Clause
aspectjweaver	1.9.22.1	Apache-2.0
assertj-core	3.27.3	Apache-2.0
awaitility	4.3.0	Apache-2.0
checker-qual	3.42.0	MIT
classmate	1.5.1	Apache-2.0
commons-configuration2	2.11.0	Apache-2.0
commons-lang3	3.14.0	Apache-2.0
commons-logging	1.3.2	Apache-2.0
commons-text	1.12.0	Apache-2.0
evo-inflector	1.3	Apache-2.0
hamcrest	3.0	BSD-3-Clause
hdrhistogram	2.2.2	BSD-2-Clause
hikaricp	5.1.0	Apache-2.0
istack-commons-runtime	4.1.1	BSD-3-Clause
jackson-annotations	2.17.2	Apache-2.0
jackson-annotations	2.18.1	Apache-2.0
jackson-core	2.17.2	Apache-2.0
jackson-core	2.18.1	Apache-2.0
jackson-core	2.20.0	Apache-2.0
jackson-databind	2.17.2	Apache-2.0
jackson-databind	2.18.1	Apache-2.0
jackson-databind	2.19.4	Apache-2.0
jackson-databind	2.20.0	Apache-2.0
jackson-dataformat-cbor	2.20.0	Apache-2.0
jackson-datatype-jdk8	2.18.1	Apache-2.0
jackson-datatype-jdk8	2.19.4	Apache-2.0
jackson-datatype-jsr310	2.17.2	Apache-2.0
jackson-datatype-jsr310	2.18.1	Apache-2.0
jackson-module-parameter-names	2.18.1	Apache-2.0
jackson-module-parameter-names	2.19.4	Apache-2.0
jakarta.activation-api	2.1.3	BSD-3-Clause
jakarta.annotation-api	2.1.1	Classpath-exception-2.0 EPL-2.0 GPL-2.0-only
jakarta.inject-api	2.0.1	Apache-2.0
jakarta.persistence-api	3.1.0	BSD-3-Clause EPL-2.0
jakarta.servlet-api	6.0.0	EPL-2.0 GPL-1.0-or-later
jakarta.transaction-api	2.0.1	Classpath-exception-2.0 EPL-2.0 GPL-2.0-only
jakarta.validation-api	3.0.2	Apache-2.0
jakarta.xml.bind-api	4.0.0	BSD-3-Clause
jakarta.xml.bind-api	4.0.2	BSD-3-Clause
jandex	3.2.0	Apache-2.0
jaxb-core	4.0.2	BSD-3-Clause
jaxb-runtime	4.0.2	BSD-3-Clause
jboss-logging	3.5.0.final	Apache-2.0
json-path	2.9.0	Apache-2.0
json-smart	2.5.0	Apache-2.0
json-smart	2.5.1	Apache-2.0
json-smart	2.5.2	Apache-2.0
jsonassert	1.5.3	Apache-2.0
jul-to-slf4j	2.0.16	MIT
jul-to-slf4j	2.0.17	MIT
junit-jupiter-params	5.12.2	EPL-2.0
junit-jupiter	5.12.2	EPL-2.0
latencyutils	2.0.3	CC0-1.0
log4j-api	2.24.1	Apache-2.0
log4j-api	2.24.3	Apache-2.0
log4j-to-slf4j	2.24.1	Apache-2.0
log4j-to-slf4j	2.24.3	Apache-2.0
logback-classic	1.5.12	EPL-1.0 LGPL-2.0-or-later
logback-core	1.5.12	EPL-1.0 LGPL-2.0-or-later
lombok	1.18.36	BSD-3-CLAUSE-NO-TRADEMARK MIT
micrometer-commons	1.14.1	Apache-2.0
micrometer-core	1.14.1	Apache-2.0
micrometer-jakarta9	1.14.1	Apache-2.0
micrometer-observation	1.14.1	Apache-2.0
postgresql	42.7.3	BSD-2-Clause
postgresql	42.7.4	BSD-2-Clause
slf4j-api	2.0.13	MIT
slf4j-api	2.0.15	MIT
slf4j-api	2.0.16	MIT
slf4j-api	2.0.17	MIT
snakeyaml	2.3	Apache-2.0
snakeyaml	2.4	Apache-2.0
spring-aop	6.2.0	Apache-2.0
spring-aspects	6.2.0	Apache-2.0
spring-beans	6.2.0	Apache-2.0
spring-beans	6.2.15	Apache-2.0
spring-boot-actuator-autoconfigure	3.4.0	Apache-2.0
spring-boot-actuator	3.4.0	Apache-2.0
spring-boot-autoconfigure	3.4.0	Apache-2.0
spring-boot-autoconfigure	3.5.0	Apache-2.0
spring-boot-autoconfigure	3.5.9	Apache-2.0
spring-boot-starter-actuator	3.4.0	Apache-2.0
spring-boot-starter-data-jpa	3.4.0	Apache-2.0
spring-boot-starter-data-rest	3.4.0	Apache-2.0
spring-boot-starter-jdbc	3.4.0	Apache-2.0
spring-boot-starter-json	3.4.0	Apache-2.0
spring-boot-starter-json	3.5.9	Apache-2.0
spring-boot-starter-logging	3.4.0	Apache-2.0
spring-boot-starter-logging	3.5.0	Apache-2.0
spring-boot-starter-logging	3.5.9	Apache-2.0
spring-boot-starter-test	3.5.0	Apache-2.0
spring-boot-starter-tomcat	3.4.0	Apache-2.0
spring-boot-starter-validation	3.4.0	Apache-2.0
spring-boot-starter-web	3.4.0	Apache-2.0
spring-boot-starter	3.4.0	Apache-2.0
spring-boot-starter	3.5.0	Apache-2.0
spring-boot-starter	3.5.9	Apache-2.0
spring-boot-test-autoconfigure	3.5.0	Apache-2.0
spring-boot-test	3.5.0	Apache-2.0
spring-boot	3.4.0	Apache-2.0
spring-boot	3.5.0	Apache-2.0
spring-boot	3.5.9	Apache-2.0
spring-context	6.2.0	Apache-2.0
spring-core	6.2.0	Apache-2.0
spring-core	6.2.15	Apache-2.0
spring-core	6.2.7	Apache-2.0
spring-data-commons	3.4.0	Apache-2.0
spring-data-jpa	3.4.0	Apache-2.0
spring-data-rest-core	4.4.0	Apache-2.0
spring-data-rest-webmvc	4.4.0	Apache-2.0
spring-expression	6.2.0	Apache-2.0
spring-hateoas	2.4.0	Apache-2.0
spring-jdbc	6.2.0	Apache-2.0
spring-orm	6.2.0	Apache-2.0
spring-plugin-core	3.0.0	Apache-2.0
spring-tx	6.2.0	Apache-2.0
spring-web	6.2.0	Apache-2.0
spring-web	6.2.15	Apache-2.0
spring-webmvc	6.2.0	Apache-2.0
tomcat-embed-core	10.1.33	Apache-2.0 CDDL-1.0 PROPRIETARY-LICENSE
tomcat-embed-el	10.1.33	Apache-2.0
tomcat-embed-websocket	10.1.33	Apache-2.0
txw2	4.0.2	BSD-3-Clause
xmlunit-core	2.10.1	Apache-2.0

Contact Qodana team

Contact us at qodana-support@jetbrains.com

• Or via our issue tracker: https://jb.gg/qodana-issue
• Or share your feedback: https://jb.gg/qodana-discussions