Merge branch 'main' into dependabot/gradle/junit-jupiter-6.0.2

Author: pboos

gradle/libs.versions.toml

@@ -1,6 +1,6 @@
 [versions]
 java = "21"
-spring-boot = "4.0.0"
+spring-boot = "4.0.2"
 spring-dependency-management = "1.1.7"
 openapi-generator = "7.17.0"
 openapi-tools = "0.2.8"
@@ -17,9 +17,9 @@ checkstyle = "8.44"
 pmd = "7.14.0"
 jacoco = "0.8.13"
 # Testing
-mockito = "5.20.0"
+mockito = "5.21.0"
 junit-jupiter = "6.0.2"
-junit-platform = "6.0.1"
+junit-platform = "6.0.2"
 
 [libraries]
 openapi-tools-jacksonDatabindNullable = { group = "org.openapitools", name = "jackson-databind-nullable", version.ref = "openapi-tools" }

openapi-validation-core/build.gradle

@@ -10,8 +10,8 @@ dependencies {
         implementation(libs.commons.codec) {
             because 'Apache commons-codec before 1.13 is vulnerable to information exposure. See https://devhub.checkmarx.com/cve-details/Cxeb68d52e-5509/'
         }
-        implementation('org.mozilla:rhino:1.7.14.1') {
-            because 'CVE-2025-66453: Rhino before 1.7.14.1 has high CPU usage and potential DoS when passing specific numbers to toFixed() function. See https://github.com/mozilla/rhino/security/advisories/GHSA-3w8q-xq97-5j7x'
+        implementation('org.mozilla:rhino:1.9.0') {
+            because 'CVE-2025-66453: Rhino before 1.9.0 has high CPU usage and potential DoS when passing specific numbers to toFixed() function. See https://github.com/mozilla/rhino/security/advisories/GHSA-3w8q-xq97-5j7x'
         }
 //        implementation('org.yaml:snakeyaml:1.33') {
 //            because 'Vulnerability in 1.33 is not yet fixed. See: https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in' +