From 743754f470607f831f8f7e31ffe3a85d31db7069 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Fri, 23 Jan 2026 10:10:58 +0000
Subject: [PATCH] fix: pom.xml to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-ORGHIBERNATE-15038759
- https://snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-15062482
---
 pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index d035cfe405b1..b44388be5fe7 100644
--- a/pom.xml
+++ b/pom.xml
@@ -25,7 +25,7 @@
     <inceptionYear>2014-2019</inceptionYear>
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-        <hibernate.version>5.2.18.Final</hibernate.version>
+        <hibernate.version>5.3.38.Final</hibernate.version>
         <spring.version>5.0.13.RELEASE</spring.version>
         <spring-boot.version>2.0.9.RELEASE</spring-boot.version>
         <spring-data.version>2.0.14.RELEASE</spring-data.version>
@@ -44,7 +44,7 @@
         <guice.version>4.0</guice.version>
         <mongo-java-driver.version>3.12.1</mongo-java-driver.version>
         <slf4j.version>1.7.30</slf4j.version>
-        <logback.version>1.2.3</logback.version>
+        <logback.version>1.5.25</logback.version>
         <aws-lambda-core.version>1.1.0</aws-lambda-core.version>
         <aws-java-sdk-dynamodb.version>1.11.289</aws-java-sdk-dynamodb.version>
         <aws-lambda-java-events.version>2.0.1</aws-lambda-java-events.version>