Spring bot master db

.github/workflows/allow-list.xml

@@ -51,7 +51,6 @@
         ]]></notes>
 		<cve>CVE-2023-20863</cve>
 	</suppress>
-
 	<suppress>
 		<notes>
 		This vulnerablity is affect to JDK 17.0.11 and we are using JDK 17.13. so no impact to our application.		
@@ -134,18 +133,6 @@
 		</notes>
 		<cve>CVE-2025-41234</cve>
 	</suppress>
-	<suppress>
-		<notes>
-			We will take in next release, once we will migrate spring-bot version to 3.5*
-		</notes>
-		<cve>CVE-2025-46701</cve>
-	</suppress>
-	<suppress>
-		<notes>
-			We will take in next release, once we will migrate spring-bot version to 3.5*
-		</notes>
-		<cve>CVE-2025-48988</cve>
-	</suppress>
 	<suppress>
 	    <notes>
 	        Won't fix - minor issue in library causing stack overflow
@@ -157,19 +144,103 @@
 	        Won't fix - minor issue in library causing stack overflow
 	    </notes>
 	    <cve>CVE-2025-53864</cve>
+	</suppress>	
+	<suppress>
+	    <notes>
+	        icu4j-77.1.jar this jar is non vulnerable, checked at maven site
+	    </notes>
+	    <cve>CVE-2025-5222</cve>
 	</suppress>
 	<suppress>
 	    <notes>
-	        We will take in next release, once we will migrate spring-bot version to 3.5*
+	        netty-transport-4.1.124.Final.jar this jar is non vulnerable, checked at maven site
 	    </notes>
-	    <cve>CVE-2025-49124</cve>
+	    <cve>CVE-2025-58056</cve>
+		<cve>CVE-2025-58057</cve>
 	</suppress>
 	<suppress>
 	    <notes>
-	        We will take in next release, once we will migrate spring-bot version to 3.5*
+	        reactor-netty-core-1.2.9.jar this jar is non vulnerable, checked at maven site
 	    </notes>
-	    <cve>CVE-2025-49125</cve>
+	    <cve>CVE-2021-43797</cve>
+		<cve>CVE-2024-29025</cve>
+		<cve>CVE-2019-16869</cve>
+		<cve>CVE-2015-2156</cve>
+		<cve>CVE-2021-37136</cve>
+		<cve>CVE-2021-37137</cve>
+		<cve>CVE-2025-25193</cve>
+		<cve>CVE-2019-20445</cve>
+		<cve>CVE-2019-20444</cve>
+		<cve>CVE-2021-21295</cve>
+		<cve>CVE-2023-34462</cve>
+		<cve>CVE-2024-47535</cve>
+		<cve>CVE-2021-21290</cve>
+		<cve>CVE-2023-44487</cve>
+		<cve>CVE-2014-3488</cve>
+		<cve>CVE-2022-24823</cve>
+		<cve>CVE-2022-41881</cve>
+		<cve>CVE-2021-21409</cve>
+		<cve>CVE-2025-55163</cve>
+		<cve>CVE-2025-58056</cve>
+		<cve>CVE-2025-58057</cve>
+	</suppress>	
+	<suppress>
+	    <notes>
+	        icu4j-72.1.jar this jar is non vulnerable, checked at maven site
+	    </notes>
+	    <cve>CVE-2025-5222</cve>
 	</suppress>
-
+	<suppress>
+	    <notes>
+	        netty-transport-classes-epoll-4.1.124.Final.jar this jar is non vulnerable, checked at maven site
+	    </notes>
+	    <cve>CVE-2025-58056</cve>
+		<cve>CVE-2025-58057</cve>
+	</suppress>
+	<suppress>
+	    <notes>
+	        reactor-netty-http-1.2.9.jar this jar is non vulnerable, checked at maven site
+	    </notes>
+	    <cve>CVE-2021-43797</cve>
+		<cve>CVE-2024-29025</cve>
+		<cve>CVE-2019-16869</cve>
+		<cve>CVE-2015-2156</cve>
+		<cve>CVE-2021-37136</cve>
+		<cve>CVE-2021-37137</cve>
+		<cve>CVE-2025-25193</cve>
+		<cve>CVE-2019-20445</cve>
+		<cve>CVE-2019-20444</cve>
+		<cve>CVE-2021-21295</cve>
+		<cve>CVE-2023-34462</cve>
+		<cve>CVE-2021-21290</cve>
+		<cve>CVE-2023-44487</cve>
+		<cve>CVE-2014-3488</cve>
+		<cve>CVE-2022-24823</cve>
+		<cve>CVE-2022-41881</cve>
+		<cve>CVE-2021-21409</cve>
+		<cve>CVE-2025-55163</cve>
+		<cve>CVE-2025-58056</cve>
+		<cve>CVE-2025-58057</cve>
+	</suppress>
+	<suppress>
+	    <notes>
+	        netty-transport-classes-kqueue-4.1.124.Final.jar this jar is non vulnerable, checked at maven site
+	    </notes>
+	    <cve>CVE-2025-58056</cve>
+		<cve>CVE-2025-58057</cve>
+	</suppress>
+	<suppress>
+	    <notes>
+	        netty-transport-native-unix-common-4.1.124.Final.jar this jar is non vulnerable, checked at maven site
+	    </notes>
+	    <cve>CVE-2025-58056</cve>
+		<cve>CVE-2025-58057</cve>
+	</suppress>	
+	<suppress>
+	    <notes>
+	        microsoft:teams this jar is non vulnerable, checked at maven site
+	    </notes>
+	    <cve>CVE-2025-53783</cve>
+	</suppress>			
 </suppressions>
 

demos/claim-bot/pom.xml

@@ -20,7 +20,17 @@
 	</properties>
 
 	<dependencies>
-	    <dependency>
+		<dependency>
+			<groupId>com.ibm.icu</groupId>
+			<artifactId>icu4j</artifactId>
+			<version>${icu4j.version}</version>
+		</dependency>
+		<dependency>
+			<groupId>org.bouncycastle</groupId>
+			<artifactId>bcpkix-jdk18on</artifactId>
+			<version>${bcpkix-jdk18on.version}</version>
+		</dependency>
+		<dependency>
 			<groupId>org.finos.springbot</groupId>
 			<artifactId>symphony-bdk-chat-workflow-spring-boot-starter</artifactId>
 			<version>10.0.2-SNAPSHOT</version>

libs/teams/teams-chat-workflow-spring-boot-starter/pom.xml

@@ -16,12 +16,29 @@
 	<properties>
 		<maven.compiler.source>17</maven.compiler.source>
 		<maven.compiler.target>17</maven.compiler.target>
-		<azure-storage-blob.version>12.25.3</azure-storage-blob.version>
-		<httpclient.version>4.5.13</httpclient.version>
-		<tomcat-embed-core.version>10.1.42</tomcat-embed-core.version>
+		<azure-storage-blob.version>12.31.2</azure-storage-blob.version>
 	</properties>
 
 	<dependencies>
+
+		<dependency>
+			<groupId>io.netty</groupId>
+			<artifactId>netty-codec</artifactId>
+			<version>${netty-codec.version}</version>
+		</dependency>
+
+		<dependency>
+			<groupId>io.netty</groupId>
+			<artifactId>netty-codec-http</artifactId>
+			<version>${netty-codec-http.version}</version>
+		</dependency>
+
+		<dependency>
+			<groupId>org.apache.commons</groupId>
+			<artifactId>commons-lang3</artifactId>
+			<version>${commons-lang3.version}</version>
+		</dependency>
+
 		<dependency>
 			<groupId>org.finos.springbot</groupId>
 			<artifactId>chat-workflow</artifactId>
@@ -33,12 +50,6 @@
 			<artifactId>msal4j</artifactId>
 			<version>${azure-msal4j.version}</version>
 		</dependency>
-
-		<dependency>
-		    <groupId>org.apache.tomcat.embed</groupId>
-		    <artifactId>tomcat-embed-core</artifactId>
-		    <version>${tomcat-embed-core.version}</version>
-		</dependency>
 
 		<!-- teams -->
 		<dependency>

pom.xml

@@ -27,6 +27,7 @@
 
 		<!-- symphony support -->
 		<module>libs/symphony/entities</module>
+
 		<module>libs/symphony-bdk/symphony-bdk-chat-workflow-spring-boot-starter</module>
 
 		<!-- teams support -->
@@ -49,7 +50,7 @@
 
 	<properties>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-		<spring-boot.version>3.4.5</spring-boot.version>
+		<spring-boot.version>3.5.5</spring-boot.version>
 		<maven.compiler.source>17</maven.compiler.source>
 		<maven.compiler.target>17</maven.compiler.target>
 		<java.version>17</java.version>
@@ -61,11 +62,17 @@
 		<jsoup.version>1.17.2</jsoup.version>
 		<graalvm.version>23.0.3</graalvm.version>
 		<symphony-bdk.version>3.0.0</symphony-bdk.version>
-		<azure-core-http-netty.version>1.15.11</azure-core-http-netty.version>	
-		<httpclient.version>4.5.13</httpclient.version>			
+		<azure-core-http-netty.version>1.16.1</azure-core-http-netty.version>	
 		<corenlp.version>4.5.7</corenlp.version>
-		<azure-msal4j.version>1.16.1</azure-msal4j.version>
+		<azure-msal4j.version>1.21.0</azure-msal4j.version>
 		<protonpack.version>1.16</protonpack.version>
+		<httpclient.version>4.5.13</httpclient.version>
+		<icu4j.version>77.1</icu4j.version>
+		<bcpkix-jdk18on.version>1.81</bcpkix-jdk18on.version>
+		<commons-lang3.version>3.18.0</commons-lang3.version>
+		<netty-codec-http.version>4.1.126.Final</netty-codec-http.version>
+		<netty-codec.version>4.1.126.Final</netty-codec.version>
+
 	</properties>
 
 	<licenses>