[Snyk] Fix for 9 vulnerabilities (#1008)

* fix: examples/pom.xml to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-6094942
- https://snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-6094943
- https://snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-6097492
- https://snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-6097493
- https://snyk.io/vuln/SNYK-JAVA-COMJAYWAYJSONPATH-6140361
- https://snyk.io/vuln/SNYK-JAVA-NETMINIDEV-1078499
- https://snyk.io/vuln/SNYK-JAVA-NETMINIDEV-1298655
- https://snyk.io/vuln/SNYK-JAVA-NETMINIDEV-3369748
- https://snyk.io/vuln/SNYK-JAVA-ORGYAML-3152153

Signed-off-by: Artur Souza <[email protected]>

* Fix Examples not to depend on Springboot version for json path.

Signed-off-by: Artur Souza <[email protected]>

* Fix new required dependencies.

Signed-off-by: Artur Souza <[email protected]>

---------

Signed-off-by: Artur Souza <[email protected]>
Co-authored-by: snyk-bot <[email protected]>

Author: artursouza

examples/pom.xml

@@ -24,7 +24,7 @@
     <maven.deploy.skip>true</maven.deploy.skip>
     <spotbugs.fail>false</spotbugs.fail>
     <opentelemetry.version>0.14.0</opentelemetry.version>
-    <springboot.version>3.0.13</springboot.version>
+    <springboot.version>3.2.0</springboot.version>
   </properties>
 
   <dependencies>
@@ -77,7 +77,7 @@
     <dependency>
       <groupId>com.jayway.jsonpath</groupId>
       <artifactId>json-path</artifactId>
-      <version>2.4.0</version>
+      <version>2.9.0</version>
     </dependency>
     <dependency>
       <groupId>io.opentelemetry</groupId>
@@ -140,6 +140,16 @@
       <artifactId>javax.annotation-api</artifactId>
       <version>1.3.2</version>
     </dependency>
+    <dependency>
+      <groupId>org.springframework</groupId>
+      <artifactId>spring-context</artifactId>
+      <version>6.1.1</version>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework</groupId>
+      <artifactId>spring-core</artifactId>
+      <version>6.1.1</version>
+    </dependency>
   </dependencies>
 
   <build>

examples/src/main/java/io/dapr/examples/tracing/Validation.java

@@ -19,16 +19,13 @@
 import com.evanlennick.retry4j.config.RetryConfigBuilder;
 import com.jayway.jsonpath.DocumentContext;
 import com.jayway.jsonpath.JsonPath;
-import net.minidev.json.JSONArray;
 import okhttp3.HttpUrl;
 import okhttp3.OkHttpClient;
 import okhttp3.Request;
 import okhttp3.Response;
 
-import java.text.DateFormat;
-import java.text.SimpleDateFormat;
-import java.util.Calendar;
-import java.util.TimeZone;
+import java.util.List;
+import java.util.Map;
 
 import static java.time.temporal.ChronoUnit.SECONDS;
 
@@ -112,7 +109,7 @@ private static Void doValidate() throws Exception {
   }
 
   private static Object readOne(DocumentContext documentContext, String path) {
-    JSONArray arr = documentContext.read(path);
+    List<Map<String, Object>> arr = documentContext.read(path);
     if (arr.size() == 0) {
       throw new RuntimeException("No record found for " + path);
     }
@@ -121,7 +118,7 @@ private static Object readOne(DocumentContext documentContext, String path) {
   }
 
   private static void assertCount(DocumentContext documentContext, String path, int expectedCount) {
-    JSONArray arr = documentContext.read(path);
+    List<Map<String, Object>> arr = documentContext.read(path);
     if (arr.size() != expectedCount) {
       throw new RuntimeException(
           String.format("Unexpected count %d vs expected %d for %s", arr.size(), expectedCount, path));

pom.xml

@@ -30,7 +30,7 @@
         which conflict with dapr-sdk's jackson dependencies
         https://github.com/microsoft/durabletask-java/blob/main/client/build.gradle#L16
         -->
-    <jackson.version>2.12.3</jackson.version>
+    <jackson.version>2.16.1</jackson.version>
     <gpg.skip>true</gpg.skip>
     <spotbugs.fail>true</spotbugs.fail>
     <spotbugs.exclude.filter.file>../spotbugs-exclude.xml</spotbugs.exclude.filter.file>