Bump log4j and testcontainers to avoid log4j CVE (#89)

* fix: pom.xml to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2314720 * Bump testcontainers version to allow tests to pass Co-authored-by: Asaf Mesika <[email protected]>
logzio · Dec 12, 2021 · 0f602c5 · 0f602c5
1 parent 013d231
commit 0f602c5
Showing 1 changed file with 3 additions and 4 deletions.
diff --git a/pom.xml b/pom.xml
@@ -141,11 +141,10 @@
             <version>4.13.1</version>
             <scope>test</scope>
         </dependency>
-        <!-- https://mvnrepository.com/artifact/org.testcontainers/testcontainers -->
         <dependency>
             <groupId>org.testcontainers</groupId>
             <artifactId>testcontainers</artifactId>
-            <version>1.14.3</version>
+            <version>1.16.2</version>
             <scope>test</scope>
         </dependency>
         <dependency>
@@ -164,12 +163,12 @@
         <dependency>
             <groupId>org.apache.logging.log4j</groupId>
             <artifactId>log4j-slf4j-impl</artifactId>
-            <version>2.13.3</version>
+            <version>2.15.0</version>
         </dependency>
         <dependency>
             <groupId>org.apache.logging.log4j</groupId>
             <artifactId>log4j-core</artifactId>
-            <version>2.13.3</version>
+            <version>2.15.0</version>
         </dependency>
         <dependency>
             <groupId>com.jayway.awaitility</groupId>