Upgrade transitive dependencies

[brishable]

Upgrade third party dependencies

Our product uses graphql-spring-boot-starter version 12.0.0 but it is being flagged for operational vulnerability in our scans because an old component is coming as a transitive dependency.

This is the dependency tree and the component being flagged is javassist version 3.21.0-GA which was released in 2016.

com.graphql-java-kickstart:graphql-spring-boot-starter:12.0.0 -->
com.graphql-java-kickstart:graphql-spring-boot-autoconfigure:12.0.0 -->
org.reflections:reflections:0.9.11 -->
org.javassist:javassist:3.21.

Could you upgrade this dependency in your next release please?

[oliemansm]

The dependencies of this project are automatically kept up to date using renovate. I see the reflections library has been updated to version 0.10.2 in the meantime, which will be part of release 13.0.0. That should resolve your issue too, provided that in that release of reflections library they addressed the javassist version.