chore: suppress CVE-2016-1000027 OWASP detection in Spring libs (see spring-projects/spring-framework#24434)

deki · deki · commit 67b11b62d47f · 2022-06-03T12:25:52.000+02:00
diff --git a/owasp-suppression.xml b/owasp-suppression.xml
@@ -17,7 +17,7 @@
   ~ specific language governing permissions and limitations
   ~ under the License.
   -->
-<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd">
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
 
     <suppress>
         <notes><![CDATA[ Drupal issues for AWS is not relevant here ]]></notes>
@@ -27,4 +27,9 @@
         <notes><![CDATA[ Drupal issues for AWS is not relevant here ]]></notes>
         <cpe>cpe:/a:restful_web_services_project:restful_web_services:7.x-2.1::~~~drupal~~</cpe>
     </suppress>
+    <suppress>
+        <notes><![CDATA[Ignored since we are not vulnerable, see spring-projects/spring-framework/issues/24434]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring.*$</packageUrl>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
 </suppressions>
diff --git a/pom.xml b/pom.xml
@@ -81,7 +81,7 @@
 
     <properties>
         <jacoco.minCoverage>0.7</jacoco.minCoverage>
-        <dependencyCheck.version>6.5.3</dependencyCheck.version>
+        <dependencyCheck.version>7.1.0</dependencyCheck.version>
         <jackson.version>2.13.3</jackson.version>
         <slf4j.version>1.7.36</slf4j.version>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
