From 9a54e08a1b37087879d0c1ac07c0b5ac69cf02d1 Mon Sep 17 00:00:00 2001
From: Shailesh Mishra <mshaileshr@gmail.com>
Date: Fri, 15 Sep 2023 21:56:25 +0530
Subject: [PATCH 1/6] * Updated all dependencies to the latest one. * Few of
 them contains transitive vulnerability. that we are keeping track

---
 pom.xml | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/pom.xml b/pom.xml
index 3546ec2..0e21327 100644
--- a/pom.xml
+++ b/pom.xml
@@ -15,36 +15,42 @@
 	</parent>
 
 	<properties>
-	  <java.version>1.8</java.version>
+		<java.version>1.8</java.version>
+		<spring-boot.version>3.1.3</spring-boot.version>
+		<json-smart.version>5.2.2</json-smart.version>
+		<contentstack.version>1.12.2</contentstack.version>
 	</properties>
 
 	<dependencies>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-web</artifactId>
+			<version>${spring-boot.version}</version>
 		</dependency>
  		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-freemarker</artifactId>
+			<version>${spring-boot.version}</version>
 		</dependency>
 		<dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-thymeleaf</artifactId>
+			<version>${spring-boot.version}</version>
         </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter</artifactId>
+			<version>${spring-boot.version}</version>
         </dependency>
         <dependency>
             <groupId>com.contentstack.sdk</groupId>
             <artifactId>java</artifactId>
-            <version>1.5.3</version>
+            <version>1.12.2</version>
         </dependency>
-
 		<dependency>
 			<groupId>io.github.cdimascio</groupId>
 			<artifactId>java-dotenv</artifactId>
-			<version>5.2.2</version>
+			<version>${json-smart.version}</version>
 		</dependency>
 
 	</dependencies>

From 0326878af069371f25dc81100979002934d11aff Mon Sep 17 00:00:00 2001
From: Shailesh Mishra <mshaileshr@gmail.com>
Date: Fri, 15 Sep 2023 21:56:44 +0530
Subject: [PATCH 2/6] * Updated all dependencies to the latest one. * Few of
 them contains transitive vulnerability. that we are keeping track

---
 .github/workflows/sast-scan.yml    | 11 -----------
 .github/workflows/sca-scan.yml     | 15 ---------------
 .github/workflows/secrets-scan.yml | 11 -----------
 3 files changed, 37 deletions(-)
 delete mode 100644 .github/workflows/sast-scan.yml
 delete mode 100644 .github/workflows/sca-scan.yml
 delete mode 100644 .github/workflows/secrets-scan.yml

diff --git a/.github/workflows/sast-scan.yml b/.github/workflows/sast-scan.yml
deleted file mode 100644
index f931630..0000000
--- a/.github/workflows/sast-scan.yml
+++ /dev/null
@@ -1,11 +0,0 @@
-name: SAST Scan
-on:
-  pull_request:
-    types: [opened, synchronize, reopened]
-jobs:
-  security:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - name: Horusec Scan
-        run: docker run -v /var/run/docker.sock:/var/run/docker.sock -v $(pwd):/src horuszup/horusec-cli:latest horusec start -p /src -P $(pwd)
\ No newline at end of file
diff --git a/.github/workflows/sca-scan.yml b/.github/workflows/sca-scan.yml
deleted file mode 100644
index bf9c1eb..0000000
--- a/.github/workflows/sca-scan.yml
+++ /dev/null
@@ -1,15 +0,0 @@
-name: Source Composition Analysis Scan
-on:
-  pull_request:
-    types: [opened, synchronize, reopened]
-jobs:
-  security:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@master
-      - name: Run Snyk to check for vulnerabilities
-        uses: snyk/actions/node@master
-        env:
-          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-        with:
-          args: --all-projects --fail-on=all
diff --git a/.github/workflows/secrets-scan.yml b/.github/workflows/secrets-scan.yml
deleted file mode 100644
index 1e8f176..0000000
--- a/.github/workflows/secrets-scan.yml
+++ /dev/null
@@ -1,11 +0,0 @@
-name: Secrets Scan
-on:
-  pull_request:
-    types: [opened, synchronize, reopened]
-jobs:
-  security:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - name: Gittyleaks
-        uses: gupy-io/gittyleaks-action@v0.1
\ No newline at end of file

From 313870aaf48c95b2551e5bd6ace521bfe50b88c4 Mon Sep 17 00:00:00 2001
From: Shailesh Mishra <mshaileshr@gmail.com>
Date: Fri, 15 Sep 2023 22:34:13 +0530
Subject: [PATCH 3/6] * Updated all dependencies to the latest one. * Few of
 them contains transitive vulnerability. that we are keeping track

---
 .github/workflows/codeql-analysis.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 5a9af74..c82f108 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -51,8 +51,8 @@ jobs:
         
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+#    - name: Autobuild
+#      uses: github/codeql-action/autobuild@v2
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun

From 1903328ed9cace2decb93c8fc890888dca8446ab Mon Sep 17 00:00:00 2001
From: Shailesh Mishra <mshaileshr@gmail.com>
Date: Mon, 18 Sep 2023 20:20:25 +0530
Subject: [PATCH 4/6] * Updated all dependencies to the latest one. * Few of
 them contains transitive vulnerability. that we are keeping track

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 0e21327..3682a3c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -11,7 +11,7 @@
 	<parent>
 		<groupId>org.springframework.boot</groupId>
 		<artifactId>spring-boot-starter-parent</artifactId>
-		<version>2.2.2.RELEASE</version>
+		<version>3.1.3</version>
 	</parent>
 
 	<properties>

From b33b4220d82bc879234a56722346ec67b1aff087 Mon Sep 17 00:00:00 2001
From: Shailesh Mishra <mshaileshr@gmail.com>
Date: Mon, 25 Sep 2023 16:14:17 +0530
Subject: [PATCH 5/6] * Updated all dependencies to the latest one. * Few of
 them contains transitive vulnerability. that we are keeping track

---
 .github/workflows/sca-scan.yml | 15 +++++++
 news-webapp.iml                | 63 --------------------------
 pom.xml                        | 81 +++++++++++++++++-----------------
 3 files changed, 56 insertions(+), 103 deletions(-)
 create mode 100644 .github/workflows/sca-scan.yml
 delete mode 100644 news-webapp.iml

diff --git a/.github/workflows/sca-scan.yml b/.github/workflows/sca-scan.yml
new file mode 100644
index 0000000..2de2395
--- /dev/null
+++ b/.github/workflows/sca-scan.yml
@@ -0,0 +1,15 @@
+name: Source Composition Analysis Scan
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+jobs:
+  security:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@master
+      - name: Run Snyk to check for vulnerabilities
+        uses: snyk/actions/maven@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          args: --fail-on=all
diff --git a/news-webapp.iml b/news-webapp.iml
deleted file mode 100644
index a2a2d47..0000000
--- a/news-webapp.iml
+++ /dev/null
@@ -1,63 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<module org.jetbrains.idea.maven.project.MavenProjectsManager.isMavenModule="true" type="JAVA_MODULE" version="4">
-  <component name="NewModuleRootManager" LANGUAGE_LEVEL="JDK_1_8">
-    <output url="file://$MODULE_DIR$/target/classes" />
-    <output-test url="file://$MODULE_DIR$/target/test-classes" />
-    <content url="file://$MODULE_DIR$">
-      <sourceFolder url="file://$MODULE_DIR$/src/main/java" isTestSource="false" />
-      <sourceFolder url="file://$MODULE_DIR$/src/main/resources" type="java-resource" />
-      <excludeFolder url="file://$MODULE_DIR$/target" />
-    </content>
-    <orderEntry type="inheritedJdk" />
-    <orderEntry type="sourceFolder" forTests="false" />
-    <orderEntry type="library" name="Maven: org.springframework.boot:spring-boot-starter-web:2.2.2.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework.boot:spring-boot-starter-json:2.2.2.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: com.fasterxml.jackson.core:jackson-databind:2.10.1" level="project" />
-    <orderEntry type="library" name="Maven: com.fasterxml.jackson.core:jackson-annotations:2.10.1" level="project" />
-    <orderEntry type="library" name="Maven: com.fasterxml.jackson.core:jackson-core:2.10.1" level="project" />
-    <orderEntry type="library" name="Maven: com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.10.1" level="project" />
-    <orderEntry type="library" name="Maven: com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.10.1" level="project" />
-    <orderEntry type="library" name="Maven: com.fasterxml.jackson.module:jackson-module-parameter-names:2.10.1" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework.boot:spring-boot-starter-tomcat:2.2.2.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: org.apache.tomcat.embed:tomcat-embed-core:9.0.29" level="project" />
-    <orderEntry type="library" name="Maven: org.apache.tomcat.embed:tomcat-embed-el:9.0.29" level="project" />
-    <orderEntry type="library" name="Maven: org.apache.tomcat.embed:tomcat-embed-websocket:9.0.29" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework.boot:spring-boot-starter-validation:2.2.2.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: jakarta.validation:jakarta.validation-api:2.0.1" level="project" />
-    <orderEntry type="library" name="Maven: org.hibernate.validator:hibernate-validator:6.0.18.Final" level="project" />
-    <orderEntry type="library" name="Maven: org.jboss.logging:jboss-logging:3.4.1.Final" level="project" />
-    <orderEntry type="library" name="Maven: com.fasterxml:classmate:1.5.1" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework:spring-web:5.2.2.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework:spring-beans:5.2.2.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework:spring-webmvc:5.2.2.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework:spring-aop:5.2.2.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework:spring-context:5.2.2.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework:spring-expression:5.2.2.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework.boot:spring-boot-starter-freemarker:2.2.2.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: org.freemarker:freemarker:2.3.29" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework:spring-context-support:5.2.2.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework.boot:spring-boot-starter-thymeleaf:2.2.2.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: org.thymeleaf:thymeleaf-spring5:3.0.11.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: org.thymeleaf:thymeleaf:3.0.11.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: org.attoparser:attoparser:2.0.5.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: org.unbescape:unbescape:1.1.6.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: org.slf4j:slf4j-api:1.7.29" level="project" />
-    <orderEntry type="library" name="Maven: org.thymeleaf.extras:thymeleaf-extras-java8time:3.0.4.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework.boot:spring-boot-starter:2.2.2.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework.boot:spring-boot:2.2.2.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework.boot:spring-boot-autoconfigure:2.2.2.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework.boot:spring-boot-starter-logging:2.2.2.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: ch.qos.logback:logback-classic:1.2.3" level="project" />
-    <orderEntry type="library" name="Maven: ch.qos.logback:logback-core:1.2.3" level="project" />
-    <orderEntry type="library" name="Maven: org.apache.logging.log4j:log4j-to-slf4j:2.12.1" level="project" />
-    <orderEntry type="library" name="Maven: org.slf4j:jul-to-slf4j:1.7.29" level="project" />
-    <orderEntry type="library" name="Maven: jakarta.annotation:jakarta.annotation-api:1.3.5" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework:spring-core:5.2.2.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework:spring-jcl:5.2.2.RELEASE" level="project" />
-    <orderEntry type="library" scope="RUNTIME" name="Maven: org.yaml:snakeyaml:1.25" level="project" />
-    <orderEntry type="library" name="Maven: com.contentstack.sdk:java:1.5.3" level="project" />
-    <orderEntry type="library" name="Maven: org.json:json:20190722" level="project" />
-    <orderEntry type="library" name="Maven: org.apache.logging.log4j:log4j-api:2.12.1" level="project" />
-    <orderEntry type="library" name="Maven: org.apache.logging.log4j:log4j-core:2.12.1" level="project" />
-  </component>
-</module>
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index 3682a3c..07e24c8 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1,65 +1,66 @@
 <project xmlns="http://maven.apache.org/POM/4.0.0"
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-	<modelVersion>4.0.0</modelVersion>
-	<groupId>com.contentstack.springbootquickstart</groupId>
-	<artifactId>news-webapp</artifactId>
-	<version>0.0.1-SNAPSHOT</version>
-	<name>contentstack-java-webapp-example</name>
-	<description>Example News web app using contentstack java sdk and Spring Boot</description>
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <groupId>com.contentstack.springbootquickstart</groupId>
+    <artifactId>news-webapp</artifactId>
+    <version>0.0.1-SNAPSHOT</version>
+    <name>contentstack-java-webapp-example</name>
+    <description>Example News web app using contentstack java sdk and Spring Boot</description>
 
-	<parent>
-		<groupId>org.springframework.boot</groupId>
-		<artifactId>spring-boot-starter-parent</artifactId>
-		<version>3.1.3</version>
-	</parent>
+    <parent>
+        <groupId>org.springframework.boot</groupId>
+        <artifactId>spring-boot-starter-parent</artifactId>
+        <version>3.1.3</version>
+    </parent>
 
-	<properties>
-		<java.version>1.8</java.version>
-		<spring-boot.version>3.1.3</spring-boot.version>
-		<json-smart.version>5.2.2</json-smart.version>
-		<contentstack.version>1.12.2</contentstack.version>
-	</properties>
+    <properties>
+        <java.version>1.8</java.version>
+        <spring-boot.version>3.1.4</spring-boot.version>
+        <json-smart.version>5.2.2</json-smart.version>
+        <contentstack.version>1.12.2</contentstack.version>
+    </properties>
 
-	<dependencies>
-		<dependency>
-			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-starter-web</artifactId>
-			<version>${spring-boot.version}</version>
-		</dependency>
- 		<dependency>
-			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-starter-freemarker</artifactId>
-			<version>${spring-boot.version}</version>
-		</dependency>
-		<dependency>
+    <dependencies>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+            <version>${spring-boot.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-freemarker</artifactId>
+            <version>${spring-boot.version}</version>
+        </dependency>
+        <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-thymeleaf</artifactId>
-			<version>${spring-boot.version}</version>
+            <version>${spring-boot.version}</version>
         </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter</artifactId>
-			<version>${spring-boot.version}</version>
+            <version>${spring-boot.version}</version>
         </dependency>
         <dependency>
             <groupId>com.contentstack.sdk</groupId>
             <artifactId>java</artifactId>
             <version>1.12.2</version>
         </dependency>
-		<dependency>
-			<groupId>io.github.cdimascio</groupId>
-			<artifactId>java-dotenv</artifactId>
-			<version>${json-smart.version}</version>
-		</dependency>
+        <dependency>
+            <groupId>io.github.cdimascio</groupId>
+            <artifactId>java-dotenv</artifactId>
+            <version>${json-smart.version}</version>
+        </dependency>
 
-	</dependencies>
+    </dependencies>
 
-	<build>
+    <build>
         <plugins>
             <plugin>
                 <groupId>org.springframework.boot</groupId>
                 <artifactId>spring-boot-maven-plugin</artifactId>
+                <version>3.1.4</version>
             </plugin>
         </plugins>
     </build>

From fb65711e0fa8f150a39e87e230f6365f0ffccf93 Mon Sep 17 00:00:00 2001
From: Shailesh Mishra <mshaileshr@gmail.com>
Date: Mon, 25 Sep 2023 18:05:38 +0530
Subject: [PATCH 6/6] * Updated all dependencies to the latest one. * Few of
 them contains transitive vulnerability. that we are keeping track

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 07e24c8..e5955ab 100644
--- a/pom.xml
+++ b/pom.xml
@@ -11,7 +11,7 @@
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>3.1.3</version>
+        <version>3.1.4</version>
     </parent>
 
     <properties>