Merge pull request #56 from conjurdemos/update-spring-boot-2.7.5

Update Spring Boot to v2.7.5

CHANGELOG.md

@@ -6,6 +6,9 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [Unreleased]
 ### Security
+- Updated Spring boot to 2.7.5 to pull in fixes for jackson-databind for
+   CVE-2022-42003 and CVE-2022-42004
+   [conjurdemos/pet-store-demo#56](https://github.com/conjurdemos/pet-store-demo/pull/56)
 - Updated all dependency versions in pom.xml and added maven-enforcer-plugin
   [conjurdemos/pet-store-demo#54](https://github.com/conjurdemos/pet-store-demo/pull/54)
 - Upgraded Postgres to 42.4.1 to resolve CVE-2022-31197

pom.xml

@@ -7,18 +7,17 @@
   <artifactId>petstore</artifactId>
   <version>0.1.0</version>
 
-  <!-- TODO: When updating Spring Boot to 2.7.4 or higher, remove the entry for CVE-2022-25857 from .trivyignore -->
   <parent>
     <groupId>org.springframework.boot</groupId>
     <artifactId>spring-boot-starter-parent</artifactId>
-    <version>2.7.3</version>
+    <version>2.7.5</version>
   </parent>
 
   <dependencies>
     <dependency>
       <groupId>org.springframework.boot</groupId>
       <artifactId>spring-boot-starter-web</artifactId>
-      <version>2.7.3</version>
+      <version>2.7.5</version>
     </dependency>
     <dependency>
       <groupId>org.postgresql</groupId>
@@ -42,7 +41,7 @@
     <dependency>
       <groupId>org.springframework.boot</groupId>
       <artifactId>spring-boot-starter-data-jpa</artifactId>
-      <version>2.7.3</version>
+      <version>2.7.5</version>
     </dependency>
     <dependency>
       <groupId>javax.xml.bind</groupId>
@@ -52,7 +51,7 @@
     <dependency>
       <groupId>org.springframework.boot</groupId>
       <artifactId>spring-boot-starter-validation</artifactId>
-      <version>2.7.3</version>
+      <version>2.7.5</version>
     </dependency>
  </dependencies>