From fe8736cc01e5309eb7c2faff29842c26a58e8328 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Sat, 7 Sep 2024 02:48:23 +0000
Subject: [PATCH] fix: upgrade multiple dependencies with Snyk

Snyk has created this PR to upgrade:
  - com.alibaba:fastjson from 1.2.12 to 1.2.83_noneautotype.
    See this package in maven: https://mvnrepository.com/artifact/com.alibaba/fastjson/
  - commons-fileupload:commons-fileupload from 1.3.3 to 1.5.
    See this package in maven: https://mvnrepository.com/artifact/commons-fileupload/commons-fileupload/
  - io.github.openfeign.form:feign-form from 3.0.3 to 3.8.0.
    See this package in maven: https://mvnrepository.com/artifact/io.github.openfeign.form/feign-form/
  - io.github.openfeign.form:feign-form-spring from 3.0.3 to 3.8.0.
    See this package in maven: https://mvnrepository.com/artifact/io.github.openfeign.form/feign-form-spring/
  - io.springfox:springfox-swagger-ui from 2.6.1 to 2.10.5.
    See this package in maven: https://mvnrepository.com/artifact/io.springfox/springfox-swagger-ui/
  - io.springfox:springfox-swagger2 from 2.6.1 to 2.10.5.
    See this package in maven: https://mvnrepository.com/artifact/io.springfox/springfox-swagger2/
  - mysql:mysql-connector-java from 5.1.17 to 5.1.49.
    See this package in maven: https://mvnrepository.com/artifact/mysql/mysql-connector-java/
  - org.apache.logging.log4j:log4j-core from 2.10.0 to 2.23.1.
    See this package in maven: https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-core/
  - org.apache.velocity:velocity from 1.6.4 to 1.7.
    See this package in maven: https://mvnrepository.com/artifact/org.apache.velocity/velocity/
  - org.projectlombok:lombok from 1.18.0 to 1.18.34.
    See this package in maven: https://mvnrepository.com/artifact/org.projectlombok/lombok/
  - org.springframework.boot:spring-boot-devtools from 2.0.6.RELEASE to 2.7.18.
    See this package in maven: https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-devtools/
  - org.springframework.boot:spring-boot-starter from 2.0.6.RELEASE to 2.7.18.
    See this package in maven: https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter/
  - org.springframework.boot:spring-boot-starter-actuator from 2.0.6.RELEASE to 2.7.18.
    See this package in maven: https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-actuator/
  - org.springframework.boot:spring-boot-starter-data-jpa from 2.0.6.RELEASE to 2.7.18.
    See this package in maven: https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-data-jpa/
  - org.springframework.boot:spring-boot-starter-data-mongodb from 2.0.6.RELEASE to 2.7.18.
    See this package in maven: https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-data-mongodb/
  - org.springframework.boot:spring-boot-starter-data-redis from 2.0.6.RELEASE to 2.7.18.
    See this package in maven: https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-data-redis/
  - org.springframework.boot:spring-boot-starter-web from 2.0.6.RELEASE to 2.7.18.
    See this package in maven: https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-web/
  - org.springframework.cloud:spring-cloud-starter-netflix-eureka-client from 2.0.1.RELEASE to 2.2.10.RELEASE.
    See this package in maven: https://mvnrepository.com/artifact/org.springframework.cloud/spring-cloud-starter-netflix-eureka-client/
  - org.springframework.cloud:spring-cloud-starter-netflix-hystrix from 2.0.1.RELEASE to 2.2.10.RELEASE.
    See this package in maven: https://mvnrepository.com/artifact/org.springframework.cloud/spring-cloud-starter-netflix-hystrix/
  - org.springframework.cloud:spring-cloud-starter-openfeign from 2.0.1.RELEASE to 2.2.10.RELEASE.
    See this package in maven: https://mvnrepository.com/artifact/org.springframework.cloud/spring-cloud-starter-openfeign/
  - org.springframework.cloud:spring-cloud-starter-zipkin from 2.0.1.RELEASE to 2.2.8.RELEASE.
    See this package in maven: https://mvnrepository.com/artifact/org.springframework.cloud/spring-cloud-starter-zipkin/

See this project in Snyk:
https://app.snyk.io/org/t438879/project/8251b969-d2c4-48a6-935c-c0914417c8c0?utm_source=github&utm_medium=referral&page=upgrade-pr
---
 mall-backend/backend-parser/pom.xml | 12 ++++++------
 pom.xml                             |  4 ++--
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/mall-backend/backend-parser/pom.xml b/mall-backend/backend-parser/pom.xml
index f7cd2bc8..c94c7476 100644
--- a/mall-backend/backend-parser/pom.xml
+++ b/mall-backend/backend-parser/pom.xml
@@ -32,7 +32,7 @@
 		<modelmapper.version>1.1.2</modelmapper.version>
 		<eventbus.version>3.1.1</eventbus.version>
 		<org.json.version>20180130</org.json.version>
-		<velocity.version>1.6.4</velocity.version>
+		<velocity.version>1.7</velocity.version>
 	</properties>
 
 	<dependencies>
@@ -49,7 +49,7 @@
 		<dependency>
 			<groupId>com.alibaba</groupId>
 			<artifactId>fastjson</artifactId>
-			<version>1.2.12</version>
+			<version>1.2.83_noneautotype</version>
 		</dependency>
 		<dependency>
 			<groupId>mysql</groupId>
@@ -67,7 +67,7 @@
         <dependency>
             <groupId>org.apache.logging.log4j</groupId>
             <artifactId>log4j-core</artifactId>
-            <version>2.10.0</version>
+            <version>2.23.1</version>
             <scope>compile</scope>
         </dependency>
 		<dependency>
@@ -79,17 +79,17 @@
 		<dependency>
 			<groupId>io.github.openfeign.form</groupId>
 			<artifactId>feign-form</artifactId>
-			<version>3.0.3</version>
+			<version>3.8.0</version>
 		</dependency>
 		<dependency>
 			<groupId>io.github.openfeign.form</groupId>
 			<artifactId>feign-form-spring</artifactId>
-			<version>3.0.3</version>
+			<version>3.8.0</version>
 		</dependency>
 		<dependency>
 			<groupId>commons-fileupload</groupId>
 			<artifactId>commons-fileupload</artifactId>
-			<version>1.3.3</version>
+			<version>1.5</version>
 		</dependency>
 	</dependencies>
 
diff --git a/pom.xml b/pom.xml
index 9bb25cf9..8f5da3bc 100644
--- a/pom.xml
+++ b/pom.xml
@@ -28,10 +28,10 @@
         <spring-cloud.version>Finchley.SR1</spring-cloud.version>
         <spring-boot.version>2.0.6.RELEASE</spring-boot.version>
 
-        <lombok.version>1.18.0</lombok.version>
+        <lombok.version>1.18.34</lombok.version>
         <mysql.version>5.1.43</mysql.version>
         <okhttp.version>3.12.0</okhttp.version>
-        <swagger2.version>2.9.2</swagger2.version>
+        <swagger2.version>2.10.5</swagger2.version>
         <druid.version>1.0.28</druid.version>
         <fastjson.version>1.2.31</fastjson.version>
         <org.mapstruct.version>1.1.0.Final</org.mapstruct.version>