[Snyk] Upgrade org.springframework.boot:spring-boot-starter-jdbc from 3.4.0 to 3.5.9

[tcheeric]

Snyk has created this PR to upgrade org.springframework.boot:spring-boot-starter-jdbc from 3.4.0 to 3.5.9.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 23 versions ahead of your current version.

• The recommended version was released a month ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Allocation of Resources Without Limits or Throttling SNYK-JAVA-ORGAPACHETOMCATEMBED-10365122	529	No Known Exploit
	Integer Overflow or Wraparound SNYK-JAVA-ORGAPACHETOMCATEMBED-10674391	529	No Known Exploit
	Allocation of Resources Without Limits or Throttling SNYK-JAVA-ORGAPACHETOMCATEMBED-10676855	529	No Known Exploit
	Improper Resource Shutdown or Release SNYK-JAVA-ORGAPACHETOMCATEMBED-11799152	529	No Known Exploit
	Relative Path Traversal SNYK-JAVA-ORGAPACHETOMCATEMBED-13733966	529	Proof of Concept
	Untrusted Search Path SNYK-JAVA-ORGAPACHETOMCATEMBED-13746602	529	No Known Exploit
	Path Equivalence SNYK-JAVA-ORGAPACHETOMCATEMBED-9396739	529	Mature
	Improper Cleanup on Thrown Exception SNYK-JAVA-ORGAPACHETOMCATEMBED-9905132	529	Mature
	Relative Path Traversal SNYK-JAVA-ORGSPRINGFRAMEWORK-12008931	529	No Known Exploit
	Incorrect Authorization SNYK-JAVA-ORGSPRINGFRAMEWORK-12817817	529	No Known Exploit
	Improper Handling of Case Sensitivity SNYK-JAVA-ORGAPACHETOMCATEMBED-10264469	529	No Known Exploit
	Authentication Bypass Using an Alternate Path or Channel SNYK-JAVA-ORGAPACHETOMCATEMBED-10365310	529	No Known Exploit
	Session Fixation SNYK-JAVA-ORGAPACHETOMCATEMBED-11798986	529	No Known Exploit
	Improper Resource Shutdown or Release SNYK-JAVA-ORGAPACHETOMCATEMBED-13723930	529	No Known Exploit
	Time-of-check Time-of-use (TOCTOU) Race Condition SNYK-JAVA-ORGAPACHETOMCATEMBED-8523186	529	Proof of Concept
	Time-of-check Time-of-use (TOCTOU) Race Condition SNYK-JAVA-ORGAPACHETOMCATEMBED-8547999	529	No Known Exploit
	Improper Neutralization SNYK-JAVA-ORGAPACHETOMCATEMBED-9905136	529	Proof of Concept
	HTTP Response Splitting SNYK-JAVA-ORGSPRINGFRAMEWORK-10345766	529	No Known Exploit
	Improper Handling of Case Sensitivity SNYK-JAVA-ORGSPRINGFRAMEWORK-10176071	529	No Known Exploit

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• Snyk has automatically assigned this pull request, set who gets assigned.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 👩‍💻 Set who automatically gets assigned
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[github-actions]

Qodana for JVM

60 new problems were found

Inspection name	Severity	Problems
Vulnerable declared dependency	🔴 Failure	1
Vulnerable declared dependency	🔶 Warning	24
Invalid properties configuration	🔶 Warning	10
Vulnerable declared dependency	◽️ Notice	25

☁️ View the detailed Qodana report

Detected 163 dependencies

Third-party software list

This page lists the third-party software dependencies used in project

Dependency	Version	Licenses
accessors-smart	2.5.0	Apache-2.0
accessors-smart	2.5.1	Apache-2.0
accessors-smart	2.5.2	Apache-2.0
android-json	0.0.20131108.vaadin1	Apache-2.0
angus-activation	2.0.0	BSD-3-Clause
antlr4-runtime	4.13.0	BSD-3-Clause
apiguardian-api	1.1.2	Apache-2.0
asm	9.3	BSD-3-Clause
asm	9.6	BSD-3-Clause
asm	9.7.1	BSD-3-Clause
aspectjweaver	1.9.22.1	Apache-2.0
assertj-core	3.27.3	Apache-2.0
awaitility	4.3.0	Apache-2.0
checker-qual	3.42.0	MIT
classmate	1.5.1	Apache-2.0
commons-configuration2	2.11.0	Apache-2.0
commons-lang3	3.14.0	Apache-2.0
commons-logging	1.3.2	Apache-2.0
commons-text	1.12.0	Apache-2.0
evo-inflector	1.3	Apache-2.0
hamcrest	3.0	BSD-3-Clause
hdrhistogram	2.2.2	BSD-2-Clause
hibernate-validator	8.0.3.final	Apache-2.0
hikaricp	6.3.3	Apache-2.0
istack-commons-runtime	4.1.1	BSD-3-Clause
jackson-annotations	2.17.2	Apache-2.0
jackson-annotations	2.18.1	Apache-2.0
jackson-core	2.17.2	Apache-2.0
jackson-core	2.18.1	Apache-2.0
jackson-core	2.20.0	Apache-2.0
jackson-databind	2.17.2	Apache-2.0
jackson-databind	2.18.1	Apache-2.0
jackson-databind	2.19.4	Apache-2.0
jackson-databind	2.20.0	Apache-2.0
jackson-dataformat-cbor	2.20.0	Apache-2.0
jackson-datatype-jdk8	2.17.2	Apache-2.0
jackson-datatype-jdk8	2.18.1	Apache-2.0
jackson-datatype-jdk8	2.19.4	Apache-2.0
jackson-datatype-jsr310	2.17.2	Apache-2.0
jackson-datatype-jsr310	2.18.1	Apache-2.0
jackson-module-parameter-names	2.17.2	Apache-2.0
jackson-module-parameter-names	2.18.1	Apache-2.0
jackson-module-parameter-names	2.19.4	Apache-2.0
jakarta.activation-api	2.1.3	BSD-3-Clause
jakarta.annotation-api	2.1.1	Classpath-exception-2.0 EPL-2.0 GPL-2.0-only
jakarta.inject-api	2.0.1	Apache-2.0
jakarta.persistence-api	3.1.0	BSD-3-Clause EPL-2.0
jakarta.servlet-api	6.0.0	EPL-2.0 GPL-1.0-or-later
jakarta.transaction-api	2.0.1	Classpath-exception-2.0 EPL-2.0 GPL-2.0-only
jakarta.validation-api	3.0.2	Apache-2.0
jakarta.xml.bind-api	4.0.0	BSD-3-Clause
jakarta.xml.bind-api	4.0.2	BSD-3-Clause
jandex	3.2.0	Apache-2.0
jaxb-core	4.0.2	BSD-3-Clause
jaxb-runtime	4.0.2	BSD-3-Clause
jboss-logging	3.5.0.final	Apache-2.0
json-path	2.9.0	Apache-2.0
json-smart	2.5.0	Apache-2.0
json-smart	2.5.1	Apache-2.0
json-smart	2.5.2	Apache-2.0
jsonassert	1.5.3	Apache-2.0
jul-to-slf4j	2.0.13	MIT
jul-to-slf4j	2.0.16	MIT
jul-to-slf4j	2.0.17	MIT
junit-jupiter-params	5.12.2	EPL-2.0
junit-jupiter	5.12.2	EPL-2.0
latencyutils	2.0.3	CC0-1.0
log4j-api	2.23.1	Apache-2.0
log4j-api	2.24.1	Apache-2.0
log4j-api	2.24.3	Apache-2.0
log4j-to-slf4j	2.23.1	Apache-2.0
log4j-to-slf4j	2.24.1	Apache-2.0
log4j-to-slf4j	2.24.3	Apache-2.0
logback-classic	1.5.12	EPL-1.0 LGPL-2.0-or-later
logback-core	1.5.12	EPL-1.0 LGPL-2.0-or-later
lombok	1.18.36	BSD-3-CLAUSE-NO-TRADEMARK MIT
micrometer-commons	1.14.1	Apache-2.0
micrometer-core	1.14.1	Apache-2.0
micrometer-jakarta9	1.14.1	Apache-2.0
micrometer-observation	1.14.1	Apache-2.0
postgresql	42.7.3	BSD-2-Clause
postgresql	42.7.4	BSD-2-Clause
slf4j-api	2.0.13	MIT
slf4j-api	2.0.15	MIT
slf4j-api	2.0.16	MIT
slf4j-api	2.0.17	MIT
snakeyaml	2.2	Apache-2.0
snakeyaml	2.3	Apache-2.0
snakeyaml	2.4	Apache-2.0
spring-aop	6.2.0	Apache-2.0
spring-aop	6.2.15	Apache-2.0
spring-aspects	6.2.15	Apache-2.0
spring-beans	6.1.11	Apache-2.0
spring-beans	6.2.0	Apache-2.0
spring-beans	6.2.15	Apache-2.0
spring-boot-actuator-autoconfigure	3.4.0	Apache-2.0
spring-boot-actuator	3.4.0	Apache-2.0
spring-boot-autoconfigure	3.3.2	Apache-2.0
spring-boot-autoconfigure	3.4.0	Apache-2.0
spring-boot-autoconfigure	3.5.0	Apache-2.0
spring-boot-autoconfigure	3.5.9	Apache-2.0
spring-boot-starter-actuator	3.4.0	Apache-2.0
spring-boot-starter-data-jpa	3.5.9	Apache-2.0
spring-boot-starter-data-rest	3.4.0	Apache-2.0
spring-boot-starter-data-rest	3.5.9	Apache-2.0
spring-boot-starter-jdbc	3.5.9	Apache-2.0
spring-boot-starter-json	3.3.2	Apache-2.0
spring-boot-starter-json	3.4.0	Apache-2.0
spring-boot-starter-json	3.5.9	Apache-2.0
spring-boot-starter-logging	3.3.2	Apache-2.0
spring-boot-starter-logging	3.4.0	Apache-2.0
spring-boot-starter-logging	3.5.0	Apache-2.0
spring-boot-starter-logging	3.5.9	Apache-2.0
spring-boot-starter-test	3.5.0	Apache-2.0
spring-boot-starter-tomcat	3.4.0	Apache-2.0
spring-boot-starter-tomcat	3.5.9	Apache-2.0
spring-boot-starter-validation	3.5.9	Apache-2.0
spring-boot-starter-web	3.4.0	Apache-2.0
spring-boot-starter-web	3.5.9	Apache-2.0
spring-boot-starter	3.3.2	Apache-2.0
spring-boot-starter	3.4.0	Apache-2.0
spring-boot-starter	3.5.0	Apache-2.0
spring-boot-starter	3.5.9	Apache-2.0
spring-boot-test-autoconfigure	3.5.0	Apache-2.0
spring-boot-test	3.5.0	Apache-2.0
spring-boot	3.3.2	Apache-2.0
spring-boot	3.4.0	Apache-2.0
spring-boot	3.5.0	Apache-2.0
spring-boot	3.5.9	Apache-2.0
spring-context	6.2.0	Apache-2.0
spring-context	6.2.15	Apache-2.0
spring-core	6.1.11	Apache-2.0
spring-core	6.2.0	Apache-2.0
spring-core	6.2.15	Apache-2.0
spring-core	6.2.7	Apache-2.0
spring-data-commons	3.4.0	Apache-2.0
spring-data-commons	3.5.7	Apache-2.0
spring-data-jpa	3.5.7	Apache-2.0
spring-data-rest-core	4.4.0	Apache-2.0
spring-data-rest-core	4.5.7	Apache-2.0
spring-data-rest-webmvc	4.4.0	Apache-2.0
spring-data-rest-webmvc	4.5.7	Apache-2.0
spring-expression	6.2.15	Apache-2.0
spring-hateoas	2.4.0	Apache-2.0
spring-hateoas	2.5.1	Apache-2.0
spring-jdbc	6.2.15	Apache-2.0
spring-orm	6.2.15	Apache-2.0
spring-plugin-core	3.0.0	Apache-2.0
spring-tx	6.2.0	Apache-2.0
spring-tx	6.2.15	Apache-2.0
spring-web	6.1.11	Apache-2.0
spring-web	6.2.0	Apache-2.0
spring-web	6.2.15	Apache-2.0
spring-webmvc	6.2.0	Apache-2.0
spring-webmvc	6.2.15	Apache-2.0
tomcat-embed-core	10.1.33	Apache-2.0 CDDL-1.0 PROPRIETARY-LICENSE
tomcat-embed-core	10.1.50	Apache-2.0 CDDL-1.0 PROPRIETARY-LICENSE
tomcat-embed-el	10.1.33	Apache-2.0
tomcat-embed-el	10.1.50	Apache-2.0
tomcat-embed-websocket	10.1.33	Apache-2.0
tomcat-embed-websocket	10.1.50	Apache-2.0
txw2	4.0.2	BSD-3-Clause
xmlunit-core	2.10.1	Apache-2.0

Contact Qodana team

Contact us at qodana-support@jetbrains.com

• Or via our issue tracker: https://jb.gg/qodana-issue
• Or share your feedback: https://jb.gg/qodana-discussions