From ade9166f150f80cad03f87eb166483f8c518d87a Mon Sep 17 00:00:00 2001 From: Joe DiPol Date: Tue, 13 Aug 2024 16:21:49 -0700 Subject: [PATCH] 4.x: Ugprade dependency check plugin and clean up suppression file (#9142) * Upgrade dependency check to 10.0.3 * Clean up dependency check suppression file --- etc/dependency-check-suppression.xml | 91 ++-------------------------- pom.xml | 2 +- 2 files changed, 5 insertions(+), 88 deletions(-) diff --git a/etc/dependency-check-suppression.xml b/etc/dependency-check-suppression.xml index 5f64288d05f..87c129b8a5e 100644 --- a/etc/dependency-check-suppression.xml +++ b/etc/dependency-check-suppression.xml @@ -23,65 +23,6 @@ CVE-2022-45868 - - - - ^pkg:maven/com\.squareup\.okhttp3/okhttp@.*$ - CVE-2021-0341 - - - - - - ^pkg:maven/org\.eclipse\.microprofile\.graphql/microprofile\-graphql\-api@.*$ - CVE-2022-37734 - - - - - - ^pkg:maven/com\.graphql\-java/java\-dataloader@.*$ - CVE-2023-28867 - - - - - - ^pkg:maven/jakarta\.resource/jakarta\.resource\-api@.*$ - CVE-2022-45129 - - - - ^pkg:maven/org\.eclipse\.microprofile\.config/microprofile\-config\-api@.*$ - CVE-2022-45129 - - - - ^pkg:maven/org\.eclipse\.microprofile\.jwt/microprofile\-jwt\-auth\-api@.*$ - CVE-2022-45129 - - @@ -92,17 +33,6 @@ CVE-2018-14335 - - - - ^pkg:maven/com\.google\.guava/guava@.*$ - CVE-2020-8908 - - - - - ^pkg:maven/io\.netty/netty\-.*@.*$ - CVE-2023-4586 - - + cpe:/a:mongodb:mongodb - - - + 3.0.1 4.7.3.5 1.12.0 - 10.0.2 + 10.0.3 3.1.0 1.1 2.3