From a212d5d4c33fb03b4ac7167d0c86c5eedbf5ace3 Mon Sep 17 00:00:00 2001
From: "snyk-io[bot]" <141718529+snyk-io[bot]@users.noreply.github.com>
Date: Wed, 20 Nov 2024 13:03:10 +0000
Subject: [PATCH] fix: threadfix-sonar-plugin/pom.xml to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8230364
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8230365
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8230366
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8230368
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8230373
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-8399269
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-8399273
---
 threadfix-sonar-plugin/pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/threadfix-sonar-plugin/pom.xml b/threadfix-sonar-plugin/pom.xml
index 93c8a20a98..e239ce4ba7 100644
--- a/threadfix-sonar-plugin/pom.xml
+++ b/threadfix-sonar-plugin/pom.xml
@@ -151,7 +151,7 @@
         <!-- This means we must use a compatible version of hibernate -->
         <hibernate.version>3.3.2.GA</hibernate.version>
         <!-- Unfortunately Spring 4 only supports hibernate 3.6+. This is the most recent 3.x release -->
-        <spring.version>3.2.13.RELEASE</spring.version>
+        <spring.version>6.1.14</spring.version>
     </properties>
 
     <modelVersion>4.0.0</modelVersion>