I need to update library’s version to the latest because of vulnerability. For example, I have a starter (but it can be related not only to starter, it can be any library that relates on other libraries) in my pom.xml:
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-example</artifactId>
</dependency>
It has 2 libraries that I need to update: library-a and library-b.
For the first library I set version in properties, and it has updated in project:
<properties>
<library-a.version>2.0</library-a.version>
</properties>
But for the second library this way didn’t help. So I excluded this library and imported a newer version:
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-example</artifactId>
<exclusions>
*<exclusion>
<groupId>library-b</groupId>
<artifactId>library-b</artifactId>
</exclusion>
</exclusions>*
</dependency>
<dependency>
<groupId>library-b</groupId>
<artifactId>library-b</artifactId>
<version>**2.0**</version>
</dependency>
Is it the right way to update libraries (especially I am worrying about library-b)? What issues can I face? I am afraid that my application can catch some bugs because of this replacement.
Unit tests passed, the application works locally.