From fa27a4eb5d3b80fc3ca9bfd671f1cb73a0bc6cd7 Mon Sep 17 00:00:00 2001
From: Joe DiPol <joe.dipol@oracle.com>
Date: Mon, 20 Nov 2023 14:10:06 -0800
Subject: [PATCH] 4.x: upgrade owasp depenency check to 8.4.3 (#8035)

* Fix netty suppression
* Upgrade OWASP dependency checker to 8.4.3
---
 etc/dependency-check-suppression.xml | 2 +-
 pom.xml                              | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/etc/dependency-check-suppression.xml b/etc/dependency-check-suppression.xml
index 2e85e8dd952..4414a6ad2d5 100644
--- a/etc/dependency-check-suppression.xml
+++ b/etc/dependency-check-suppression.xml
@@ -154,7 +154,7 @@
    <notes><![CDATA[
    file name: netty-handler-4.1.94.Final.jar
    ]]></notes>
-   <packageUrl regex="true">^pkg:maven/io\.netty/netty\-handler@.*$</packageUrl>
+   <packageUrl regex="true">^pkg:maven/io\.netty/netty\-.*@.*$</packageUrl>
    <vulnerabilityName>CVE-2023-4586</vulnerabilityName>
 </suppress>
 
diff --git a/pom.xml b/pom.xml
index 9e7b0e22096..9fb4f4c8604 100644
--- a/pom.xml
+++ b/pom.xml
@@ -125,7 +125,7 @@
         <version.plugin.source>3.0.1</version.plugin.source>
         <version.plugin.spotbugs>4.7.3.5</version.plugin.spotbugs>
         <version.plugin.findsecbugs>1.12.0</version.plugin.findsecbugs>
-        <version.plugin.dependency-check>8.3.1</version.plugin.dependency-check>
+        <version.plugin.dependency-check>8.4.3</version.plugin.dependency-check>
         <version.plugin.surefire>3.1.0</version.plugin.surefire>
         <version.plugin.toolchains>1.1</version.plugin.toolchains>
         <version.plugin.version-plugin>2.3</version.plugin.version-plugin>