[Snyk] Upgrade: com.alibaba:fastjson, javax.mail:mail, javax.xml.bind:jaxb-api, junit:junit, mysql:mysql-connector-java, org.apache.httpcomponents:httpclient, org.freemarker:freemarker, org.apache.struts:struts2-core, org.junit.jupiter:junit-jupiter-api, org.springframework.boot:spring-boot-devtools, org.springframework.boot:spring-boot-starter-amqp, org.springframework.boot:spring-boot-starter-data-jpa, org.springframework.boot:spring-boot-starter-data-mongodb, org.springframework.boot:spring-boot-starter-web, org.springframework.boot:spring-boot-test

[tt9133github]

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

com.alibaba:fastjson
from 1.2.25 to 1.2.83_noneautotype | 105 versions ahead of your current version | 2 years ago
on 2022-06-13
javax.mail:mail
from 1.4 to 1.4.7 | 11 versions ahead of your current version | 11 years ago
on 2013-03-09
javax.xml.bind:jaxb-api
from 2.3.0 to 2.3.1 | 1 version ahead of your current version | 6 years ago
on 2018-09-12
junit:junit
from 4.12 to 4.13.2 | 8 versions ahead of your current version | 4 years ago
on 2021-02-13
mysql:mysql-connector-java
from 8.0.16 to 8.0.33 | 17 versions ahead of your current version | a year ago
on 2023-03-07
org.apache.httpcomponents:httpclient
from 4.5.3 to 4.5.14 | 11 versions ahead of your current version | 2 years ago
on 2022-11-30
org.freemarker:freemarker
from 2.3.23 to 2.3.33 | 10 versions ahead of your current version | 4 months ago
on 2024-05-08
org.apache.struts:struts2-core
from 2.3.37 to 2.5.33 | 31 versions ahead of your current version | 9 months ago
on 2023-12-05
org.junit.jupiter:junit-jupiter-api
from 5.1.1 to 5.11.0 | 53 versions ahead of your current version | 24 days ago
on 2024-08-14
org.springframework.boot:spring-boot-devtools
from 2.0.4.RELEASE to 2.7.18 | 116 versions ahead of your current version | 9 months ago
on 2023-11-23
org.springframework.boot:spring-boot-starter-amqp
from 2.0.4.RELEASE to 2.7.18 | 116 versions ahead of your current version | 9 months ago
on 2023-11-23
org.springframework.boot:spring-boot-starter-data-jpa
from 2.0.4.RELEASE to 2.7.18 | 116 versions ahead of your current version | 9 months ago
on 2023-11-23
org.springframework.boot:spring-boot-starter-data-mongodb
from 2.0.4.RELEASE to 2.7.18 | 116 versions ahead of your current version | 9 months ago
on 2023-11-23
org.springframework.boot:spring-boot-starter-web
from 2.0.4.RELEASE to 2.7.18 | 116 versions ahead of your current version | 9 months ago
on 2023-11-23
org.springframework.boot:spring-boot-test
from 2.0.4.RELEASE to 2.7.18 | 116 versions ahead of your current version | 9 months ago
on 2023-11-23

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Improper Input Validation SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-1048058	479	No Known Exploit
	Remote Code Execution (RCE) SNYK-JAVA-ORGAPACHESTRUTS-1049003	479	Mature
	Remote Code Execution (RCE) SNYK-JAVA-ORGAPACHESTRUTS-2635340	479	Proof of Concept
	Denial of Service (DoS) SNYK-JAVA-COMGOOGLEPROTOBUF-2331703	479	No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-COMGOOGLEPROTOBUF-3167772	479	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMALIBABA-2859222	479	Proof of Concept
	Deserialization of Untrusted Data SNYK-JAVA-COMALIBABA-570967	479	No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-ORGAPACHESTRUTS-608098	479	Proof of Concept
	Unrestricted Upload of File with Dangerous Type SNYK-JAVA-ORGAPACHESTRUTS-609765	479	No Known Exploit
	Server-side Template Injection (SSTI) SNYK-JAVA-ORGFREEMARKER-1076795	479	Proof of Concept
	Denial of Service (DoS) SNYK-JAVA-COMGOOGLEPROTOBUF-3040284	479	No Known Exploit
	XML External Entity (XXE) Injection SNYK-JAVA-MYSQL-1766958	479	Proof of Concept
	Improper Authorization SNYK-JAVA-MYSQL-2386864	479	No Known Exploit
	Allocation of Resources Without Limits or Throttling SNYK-JAVA-ORGAPACHESTRUTS-5707101	479	No Known Exploit
	Remote Code Execution (RCE) SNYK-JAVA-ORGAPACHESTRUTS-608097	479	Mature
	Denial of Service SNYK-JAVA-ORGAPACHESTRUTS-6100744	479	No Known Exploit
	Remote Code Execution (RCE) SNYK-JAVA-ORGAPACHESTRUTS-6102825	479	Mature

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs