From dc24931e0a6585138ec02123fab94985adaccef8 Mon Sep 17 00:00:00 2001
From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com>
Date: Tue, 19 Nov 2024 17:29:14 -0800
Subject: [PATCH] thingsboard/3.8.1-r0: cve remediation (#32597)

thingsboard/3.8.1-r0: fix GHSA-c4q5-6c82-3qpw/GHSA-4gc7-5j7h-4qph/

Advisory data:
https://github.com/wolfi-dev/advisories/blob/main/thingsboard.advisories.yaml

Signed-off-by: Mark McCormick <mark.mccormick@chainguard.dev>
Co-authored-by: octo-sts[bot] <157150467+octo-sts@users.noreply.github.com>
Co-authored-by: Mark McCormick <mark.mccormick@chainguard.dev>
---
 thingsboard/pombump-deps.yaml | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/thingsboard/pombump-deps.yaml b/thingsboard/pombump-deps.yaml
index bc38f88de81..64beb83bcf5 100644
--- a/thingsboard/pombump-deps.yaml
+++ b/thingsboard/pombump-deps.yaml
@@ -14,8 +14,8 @@ patches:
     - groupId: com.squareup.wire
       artifactId: wire-schema-jvm
       version: 4.9.9
-    - groupID: com.google.protobuf
-      artifactID: protobuf-java
+    - groupId: ""
+      artifactId: ""
       version: 3.25.5
     - groupId: org.springframework
       artifactId: spring-web
@@ -23,6 +23,9 @@ patches:
     - groupId: org.springframework
       artifactId: spring-context
       version: 6.1.14
+    - groupId: org.springframework.security
+      artifactId: spring-security-web
+      version: 6.2.7
     - groupId: io.netty
       artifactId: netty-common
       version: 4.1.115.Final