From 5ea2dfc803d5162478e72fd386e786806406b826 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Wed, 20 Aug 2025 08:04:48 +0000
Subject: [PATCH] fix: dspace-api/pom.xml & pom.xml to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-12008931
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHECOMMONS-10734078
- https://snyk.io/vuln/SNYK-JAVA-COMMONSBEANUTILS-10259368
- https://snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-11777856
- https://snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-11789705
---
 dspace-api/pom.xml | 2 +-
 pom.xml            | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/dspace-api/pom.xml b/dspace-api/pom.xml
index c1811a9d63a1..047eebdaa8ab 100644
--- a/dspace-api/pom.xml
+++ b/dspace-api/pom.xml
@@ -791,7 +791,7 @@
         <dependency>
             <groupId>com.opencsv</groupId>
             <artifactId>opencsv</artifactId>
-            <version>5.6</version>
+            <version>5.12.0</version>
         </dependency>
 
         <!-- Email templating -->
diff --git a/pom.xml b/pom.xml
index 3d9e6851d1d0..c4c298090d6b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -19,7 +19,7 @@
     <properties>
         <!--=== GENERAL / DSPACE-API DEPENDENCIES ===-->
         <java.version>11</java.version>
-        <spring.version>5.3.20</spring.version>
+        <spring.version>6.2.10</spring.version>
         <spring-boot.version>2.6.8</spring-boot.version>
         <spring-security.version>5.6.5</spring-security.version> <!-- sync with version used by spring-boot-->
         <hibernate.version>5.6.5.Final</hibernate.version>
@@ -42,7 +42,7 @@
         <pdfbox-version>2.0.27</pdfbox-version>
         <rome.version>1.18.0</rome.version>
         <slf4j.version>1.7.25</slf4j.version>
-        <tika.version>2.3.0</tika.version>
+        <tika.version>2.7.0</tika.version>
         <!-- Sync with whatever version Tika uses -->
         <bouncycastle.version>1.70</bouncycastle.version>
 
@@ -115,7 +115,7 @@
                             </goals>
                             <configuration>
                                 <rules>
-                                    <DependencyConvergence />
+                                    <DependencyConvergence/>
                                 </rules>
                             </configuration>
                         </execution>