From d5d459ad21e203a00212289d0cbfbb1396cd5733 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Fri, 21 Oct 2022 08:55:14 +0000
Subject: [PATCH] Update dependency org.apache.struts:struts2-core to v6

---
 gradle/build.gradle | 2 +-
 maven/pom.xml       | 2 +-
 scala/build.sbt     | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/gradle/build.gradle b/gradle/build.gradle
index 2635603..bb37da3 100644
--- a/gradle/build.gradle
+++ b/gradle/build.gradle
@@ -24,7 +24,7 @@ buildscript {
 dependencies {
     implementation 'com.google.guava:guava:31.1-jre'
     implementation "joda-time:joda-time:2.12.0"
-    implementation "org.apache.struts:struts2-core:2.3.8"
+    implementation "org.apache.struts:struts2-core:6.0.3"
     // testImplementation "org.apache.struts:struts2-core:2.3.8"
     testImplementation "junit:junit:4.13.2"
 }
diff --git a/maven/pom.xml b/maven/pom.xml
index d02a669..7d4037a 100644
--- a/maven/pom.xml
+++ b/maven/pom.xml
@@ -25,7 +25,7 @@
             <!-- <version>6.0.0</version> -->
             <!-- <scope>test</scope> -->
             <!-- This breaks CVE scanning, assuming the suppression file doesn't include this version/CVEs ; see ../allow-list.xml -->
-            <version>2.3.8</version>
+            <version>6.0.3</version>
         </dependency>
     </dependencies>
        
diff --git a/scala/build.sbt b/scala/build.sbt
index 851186e..5e86ce0 100644
--- a/scala/build.sbt
+++ b/scala/build.sbt
@@ -5,7 +5,7 @@ lazy val root = (project in file(".")).
       val _ = (g8Test in Test).toTask("").value
     },
     // Introduces a CVE, leading to a potential build fail
-    libraryDependencies += "org.apache.struts" % "struts2-core" % "2.3.8",
+    libraryDependencies += "org.apache.struts" % "struts2-core" % "6.0.3",
     dependencyCheckFailBuildOnCVSS := 5,
     // Add a suppression file, to test false positive suppression
     dependencyCheckSuppressionFiles ++= List(file("../allow-list.xml")),