From 41c44d62de55b94b32203c5606e687adb33b5e79 Mon Sep 17 00:00:00 2001
From: Yeikel Santana <email@yeikel.com>
Date: Fri, 22 Aug 2025 17:32:05 -0400
Subject: [PATCH] BE: Chore: Bump Spring Boot to 3.5.5

Includes fix for CVE-2025-48989
---
 api/build.gradle          | 2 --
 gradle/libs.versions.toml | 7 +------
 2 files changed, 1 insertion(+), 8 deletions(-)

diff --git a/api/build.gradle b/api/build.gradle
index b6fedb7a5..ca071b806 100644
--- a/api/build.gradle
+++ b/api/build.gradle
@@ -68,8 +68,6 @@ dependencies {
     // CVE Fixes
     implementation libs.apache.commons.compress
     implementation libs.okhttp3.logging.intercepter
-    implementation libs.reactor.netty.http
-    implementation libs.netty.codec.http2
     // CVE Fixes End
 
     implementation libs.modelcontextprotocol.spring.webflux
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index b2636b05a..d938ea0b6 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -1,5 +1,5 @@
 [versions]
-spring-boot = '3.5.3'
+spring-boot = '3.5.5'
 nimbus-jose-jwt = '10.0.2'
 
 aws-msk-auth = '2.3.0'
@@ -149,8 +149,3 @@ prometheus-metrics-textformats = { module = 'io.prometheus:prometheus-metrics-ex
 prometheus-metrics-exporter-pushgateway  = { module = 'io.prometheus:prometheus-metrics-exporter-pushgateway', version.ref = 'prometheus'}
 
 snappy = {module = 'org.xerial.snappy:snappy-java', version = '1.1.10.7'}
-
-# CVE fixes
-reactor-netty-http = {module = 'io.projectreactor.netty:reactor-netty-http', version = '1.2.8'}
-# Fixes https://www.cve.org/CVERecord?id=CVE-2025-55163
-netty-codec-http2 = {module = 'io.netty:netty-codec-http2', version = '4.1.124.Final'}