Misalignment of spring-security-oauth2-client versions in spring-cloud-dataflow-server module

[klopfdreh]

Description:
Due to the CVE cve-2022-31690 (https://tanzu.vmware.com/security/cve-2022-31690) we just wanted to upgrade to SCDF 2.10.0.

I just saw that the dependencies spring-cloud-services-starter-config-client and spring-cloud-dataflow-rest-client provide spring-security-oauth2-client in version 5.7.3 but Spring Boot 2.7.6 provides spring-security-oauth2-client 5.7.5

Release versions:
2.10.0

Custom apps:

Steps to reproduce:
Just checkout the project and see the dependency graph.

Screenshots:

Additional context:
As a workaround we excluded spring-security-oauth2-client from those dependency and added it in the right version.

[corneil]

Create PR to update to Spring Boot 2.7.7 spring-attic/spring-cloud-dataflow-build#94

[klopfdreh]

This will not resolve the issue as the outdated dependency is coming from others.

[corneil]

Create PR spring-attic/spring-cloud-dataflow-build#96

[klopfdreh]

Again. This issue is not fixed. I updated to SCDF 2.10.1 and still have this issue.

spring-security-oauth2-client is at version 5.7.3 while all other spring-security dependencies are at 5.7.6