From 3ebb31d11c0f347ee45b9d39f19e150edf62b08c Mon Sep 17 00:00:00 2001
From: liamfallon <liam.fallon@est.tech>
Date: Thu, 21 Apr 2022 12:52:54 +0100
Subject: [PATCH] Add spring dependencies into dependency management

Some dependencies were missing in oparent and then did not respect the
spring.version parameter for setting the spring version, dragging in the
vulnerable version of spring-beans.

Issue-ID: POLICY-4070
Change-Id: I819062a6165bbec33498414c4f4401cb41475028
Signed-off-by: liamfallon <liam.fallon@est.tech>
---
 .gitignore           |  1 +
 dependencies/pom.xml | 15 +++++++++++++++
 2 files changed, 16 insertions(+)

diff --git a/.gitignore b/.gitignore
index 32edeae..d7497b4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,4 +3,5 @@ target
 .project
 .settings
 .classpath
+**/*.iml
 cia/
diff --git a/dependencies/pom.xml b/dependencies/pom.xml
index f75a7c5..33b10e0 100644
--- a/dependencies/pom.xml
+++ b/dependencies/pom.xml
@@ -67,6 +67,11 @@
         <artifactId>spring-core</artifactId>
         <version>${spring.version}</version>
       </dependency>
+      <dependency>
+        <groupId>org.springframework</groupId>
+        <artifactId>spring-beans</artifactId>
+        <version>${spring.version}</version>
+      </dependency>
       <dependency>
         <groupId>org.springframework</groupId>
         <artifactId>spring-expression</artifactId>
@@ -82,6 +87,16 @@
         <artifactId>spring-webmvc</artifactId>
         <version>${spring.version}</version>
       </dependency>
+      <dependency>
+        <groupId>org.springframework</groupId>
+        <artifactId>spring-jdbc</artifactId>
+        <version>${spring.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>org.springframework</groupId>
+        <artifactId>spring-webflux</artifactId>
+        <version>${spring.version}</version>
+      </dependency>
       <dependency>
         <groupId>commons-beanutils</groupId>
         <artifactId>commons-beanutils</artifactId>
-- 
2.16.6