SCB-2438 Upgrade the spring framework version to 5.2.20

commit: f44a643e93d4ec535530a98cf5e9e7e6b97148a8 [log] [tgz]
author: Willem Jiang <willem.jiang@gmail.com> Sat Apr 02 08:50:06 2022 +0800
committer: Willem Jiang <willem.jiang@gmail.com> Sat Apr 02 08:50:06 2022 +0800
tree: d23b2967b9f71d585e5b8d388f35187cc6d22119
parent: 58ab961be99bdf92d0c67e0567983678075553c3 [diff]
diff --git a/pack-dependencies/pom.xml b/pack-dependencies/pom.xml
index ba7e04a..8b57a99 100644
--- a/pack-dependencies/pom.xml
+++ b/pack-dependencies/pom.xml

@@ -48,6 +48,9 @@
     <spring.cloud.stream.version>3.0.13.RELEASE</spring.cloud.stream.version>
     <spring.cloud.function.version>3.0.14.RELEASE</spring.cloud.function.version>
 
+    <!-- specify the spring-framework version for cve-2022-22965 -->
+    <spring-framework.version>5.2.20.RELEASE</spring-framework.version>
+
     <!-- akka fsm -->
     <akka.version>2.5.32</akka.version>
     <alpakka.version>1.0.5</alpakka.version>
@@ -116,6 +119,13 @@
     <dependencies>
       <!-- import dependencies -->
       <dependency>
+        <groupId>org.springframework</groupId>
+        <artifactId>spring-framework-bom</artifactId>
+        <version>${spring-framework.version}</version>
+        <type>pom</type>
+        <scope>import</scope>
+      </dependency>
+      <dependency>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-dependencies</artifactId>
         <version>${spring.boot.version}</version>
commit	f44a643e93d4ec535530a98cf5e9e7e6b97148a8	[log] [tgz]
author	Willem Jiang <willem.jiang@gmail.com>	Sat Apr 02 08:50:06 2022 +0800
committer	Willem Jiang <willem.jiang@gmail.com>	Sat Apr 02 08:50:06 2022 +0800
tree	d23b2967b9f71d585e5b8d388f35187cc6d22119
parent	58ab961be99bdf92d0c67e0567983678075553c3 [diff]