[Snyk] Upgrade: com.alibaba:fastjson, commons-fileupload:commons-fileupload, io.github.openfeign.form:feign-form, io.github.openfeign.form:feign-form-spring, io.springfox:springfox-swagger-ui, io.springfox:springfox-swagger2, mysql:mysql-connector-java, org.apache.logging.log4j:log4j-core, org.apache.velocity:velocity, org.projectlombok:lombok, org.springframework.boot:spring-boot-devtools, org.springframework.boot:spring-boot-starter, org.springframework.boot:spring-boot-starter-actuator, org.springframework.boot:spring-boot-starter-data-jpa, org.springframework.boot:spring-boot-starter-data-mongodb, org.springframework.boot:spring-boot-starter-data-redis, org.springframework.boot:spring-boot-starter-web, org.springframework.cloud:spring-cloud-starter-netflix-eureka-client, org.springframework.cloud:spring-cloud-starter-netflix-hystrix, org.springframework.cloud:spring-cloud-starter-openfeign, org.springframework.cloud:spring-cloud-starter-zipkin

[tt9133github]

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

com.alibaba:fastjson
from 1.2.12 to 1.2.83_noneautotype | 124 versions ahead of your current version | 2 years ago
on 2022-06-13
commons-fileupload:commons-fileupload
from 1.3.3 to 1.5 | 2 versions ahead of your current version | 2 years ago
on 2023-02-01
io.github.openfeign.form:feign-form
from 3.0.3 to 3.8.0 | 8 versions ahead of your current version | 5 years ago
on 2019-03-29
io.github.openfeign.form:feign-form-spring
from 3.0.3 to 3.8.0 | 8 versions ahead of your current version | 5 years ago
on 2019-03-29
io.springfox:springfox-swagger-ui
from 2.6.1 to 2.10.5 | 10 versions ahead of your current version | 4 years ago
on 2020-06-23
io.springfox:springfox-swagger2
from 2.6.1 to 2.10.5 | 10 versions ahead of your current version | 4 years ago
on 2020-06-23
mysql:mysql-connector-java
from 5.1.17 to 5.1.49 | 32 versions ahead of your current version | 4 years ago
on 2020-04-20
org.apache.logging.log4j:log4j-core
from 2.10.0 to 2.23.1 | 28 versions ahead of your current version | 6 months ago
on 2024-03-06
org.apache.velocity:velocity
from 1.6.4 to 1.7 | 2 versions ahead of your current version | 14 years ago
on 2010-11-29
org.projectlombok:lombok
from 1.18.0 to 1.18.34 | 17 versions ahead of your current version | 2 months ago
on 2024-06-28
org.springframework.boot:spring-boot-devtools
from 2.0.6.RELEASE to 2.7.18 | 114 versions ahead of your current version | 9 months ago
on 2023-11-23
org.springframework.boot:spring-boot-starter
from 2.0.6.RELEASE to 2.7.18 | 114 versions ahead of your current version | 9 months ago
on 2023-11-23
org.springframework.boot:spring-boot-starter-actuator
from 2.0.6.RELEASE to 2.7.18 | 114 versions ahead of your current version | 9 months ago
on 2023-11-23
org.springframework.boot:spring-boot-starter-data-jpa
from 2.0.6.RELEASE to 2.7.18 | 114 versions ahead of your current version | 9 months ago
on 2023-11-23
org.springframework.boot:spring-boot-starter-data-mongodb
from 2.0.6.RELEASE to 2.7.18 | 114 versions ahead of your current version | 9 months ago
on 2023-11-23
org.springframework.boot:spring-boot-starter-data-redis
from 2.0.6.RELEASE to 2.7.18 | 114 versions ahead of your current version | 9 months ago
on 2023-11-23
org.springframework.boot:spring-boot-starter-web
from 2.0.6.RELEASE to 2.7.18 | 114 versions ahead of your current version | 9 months ago
on 2023-11-23
org.springframework.cloud:spring-cloud-starter-netflix-eureka-client
from 2.0.1.RELEASE to 2.2.10.RELEASE | 21 versions ahead of your current version | 3 years ago
on 2021-11-17
org.springframework.cloud:spring-cloud-starter-netflix-hystrix
from 2.0.1.RELEASE to 2.2.10.RELEASE | 21 versions ahead of your current version | 3 years ago
on 2021-11-17
org.springframework.cloud:spring-cloud-starter-openfeign
from 2.0.1.RELEASE to 2.2.10.RELEASE | 20 versions ahead of your current version | 3 years ago
on 2021-10-21
org.springframework.cloud:spring-cloud-starter-zipkin
from 2.0.1.RELEASE to 2.2.8.RELEASE | 20 versions ahead of your current version | 3 years ago
on 2021-04-21

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Deserialization of Untrusted Data SNYK-JAVA-COMALIBABA-2859222	726	Proof of Concept
	Deserialization of Untrusted Data SNYK-JAVA-COMALIBABA-570967	726	No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-COMMONSFILEUPLOAD-3326457	726	No Known Exploit
	Directory Traversal SNYK-JAVA-COMMONSIO-1277109	726	Mature
	Remote Code Execution (RCE) SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2314720	726	Mature
	Remote Code Execution (RCE) SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2320014	726	Mature
	Denial of Service (DoS) SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2321524	726	Proof of Concept
	Arbitrary Code Execution SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2327339	726	Proof of Concept
	Remote Code Execution SNYK-JAVA-COMALIBABA-73578	726	Mature
	Man-in-the-Middle (MitM) SNYK-JAVA-ORGAPACHELOGGINGLOG4J-567761	726	No Known Exploit

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs