From c8f58133efc39b4c230f494b6ed04cac4d3a744c Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Mon, 1 Jun 2020 07:25:20 +0000
Subject: [PATCH] fix: pom.xml & todolist-web-struts/pom.xml to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-COMMONSFILEUPLOAD-30082
- https://snyk.io/vuln/SNYK-JAVA-COMMONSFILEUPLOAD-30401
- https://snyk.io/vuln/SNYK-JAVA-COMMONSFILEUPLOAD-31540
- https://snyk.io/vuln/SNYK-JAVA-OGNL-30474
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30060
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30207
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30770
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30771
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30772
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30773
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30774
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30775
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30776
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30777
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30778
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-31495
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-31500
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-31501
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-31502
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-31503
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-32477
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-451610
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-460223
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-30797
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-30798
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-30799
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-30800
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-30801
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-30802
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-30803
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-30804
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-451611
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-474418
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-30163
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-30164
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-30165
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-31325
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-31331
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-467012
- https://snyk.io/vuln/SNYK-JAVA-ORGZEROTURNAROUND-31681
---
 pom.xml                     | 4 ++--
 todolist-web-struts/pom.xml | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/pom.xml b/pom.xml
index e19e7afdd1..21e83f555e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -34,10 +34,10 @@
     <url>https://github.com/snyk/java-goof</url>
 
     <properties>
-        <spring.version>3.2.6.RELEASE</spring.version>
+        <spring.version>3.2.15.RELEASE</spring.version>
         <hibernate.version>4.3.7.Final</hibernate.version>
         <tapestry.version>5.3.8</tapestry.version>
-        <struts2.version>2.3.20</struts2.version>
+        <struts2.version>2.3.37</struts2.version>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     </properties>
 
diff --git a/todolist-web-struts/pom.xml b/todolist-web-struts/pom.xml
index 47702ba073..2e88f59047 100644
--- a/todolist-web-struts/pom.xml
+++ b/todolist-web-struts/pom.xml
@@ -79,7 +79,7 @@
         <dependency>
             <groupId>org.zeroturnaround</groupId>
             <artifactId>zt-zip</artifactId>
-            <version>1.12</version>
+            <version>1.13</version>
             <type>jar</type>
         </dependency>
     </dependencies>