From 7af2f389b4a856ec0144eb693268134418c35e07 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Thu, 29 Jan 2026 01:27:40 +0000
Subject: [PATCH] fix: pom.xml & spring-jpa/pom.xml to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-ORGASSERTJ-15102413
- https://snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-15062482
---
 pom.xml            | 2 +-
 spring-jpa/pom.xml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index b9186f93042d..e593b38bbd89 100644
--- a/pom.xml
+++ b/pom.xml
@@ -21,7 +21,7 @@
         <mockito.version>2.8.9</mockito.version>
         <!-- logging -->
         <org.slf4j.version>1.7.21</org.slf4j.version>
-        <logback.version>1.1.7</logback.version>
+        <logback.version>1.5.25</logback.version>
         <!-- plugins -->
         <maven-surefire-plugin.version>2.19.1</maven-surefire-plugin.version>
         <maven-compiler-plugin.version>3.6.0</maven-compiler-plugin.version>
diff --git a/spring-jpa/pom.xml b/spring-jpa/pom.xml
index 960dcbc588a5..af4141ca4cca 100644
--- a/spring-jpa/pom.xml
+++ b/spring-jpa/pom.xml
@@ -185,7 +185,7 @@
 		<!-- util -->
 		<guava.version>21.0</guava.version>
 		<commons-lang3.version>3.5</commons-lang3.version>
-		<assertj.version>3.8.0</assertj.version>
+		<assertj.version>3.27.7</assertj.version>
 
 		<httpcore.version>4.4.5</httpcore.version>
 		<httpclient.version>4.5.2</httpclient.version>