Home Original page

feat(dependencies): update dependencies for security by halibobo1205 · Pull Request #6400 · tronprotocol/java-tron

  1. Bump commons-io from 2.11.0 to 2.18.0 to fix CVE-2024-47554.
  2. Bump jackson-databind from 2.13.4.2 to 2.18.3 to fix CVE-2023-35116, CVE-2025-52999.
  3. Bump java-util from 1.8.0 to 3.2.0 to fix CVE-2023-34610.
  4. Bump libp2p from 2.2.5 to 2.2.6.
  5. Bump jetty from 9.4.53 to 9.4.57 to fix CVE-2024-8184.
  6. Bump spring from 5.3.18 to 5.3.39 to fix CVE-2023-20863, CVE-2024-38820, CVE-2022-22968, CVE-2022-22970.
  7. Remove spring-tx, spring-web, hamcrest-junit, guice, java-sizeof, vavr.