dep updates (#725)

arvindkrishnakumar-okta · web-flow · commit 85ce31ea7e2a · 2022-03-31T07:20:50.000-07:00
diff --git a/pom.xml b/pom.xml
@@ -35,7 +35,7 @@
 
     <properties>
         <swagger-annotations.version>1.5.8</swagger-annotations.version>
-        <jackson.version>2.13.2</jackson.version>
+        <jackson.version>2.13.2.20220328</jackson.version>
         <snakeyaml.version>1.30</snakeyaml.version>
         <bouncycastle.version>1.70</bouncycastle.version>
         <jjwt.version>0.11.1</jjwt.version>
@@ -156,7 +156,7 @@
             <dependency>
                 <groupId>ch.qos.logback</groupId>
                 <artifactId>logback-classic</artifactId>
-                <version>1.2.10</version>
+                <version>1.2.11</version>
             </dependency>
 
             <!-- Bouncy Castle -->
@@ -371,15 +371,15 @@
                 <plugin>
                     <groupId>org.codehaus.mojo</groupId>
                     <artifactId>versions-maven-plugin</artifactId>
-                    <version>2.8.1</version>
+                    <version>2.10.0</version>
                     <configuration>
                         <generateBackupPoms>false</generateBackupPoms>
                     </configuration>
                 </plugin>
                 <plugin>
                     <groupId>com.github.siom79.japicmp</groupId>
                     <artifactId>japicmp-maven-plugin</artifactId>
-                    <version>0.15.4</version>
+                    <version>0.15.7</version>
                     <configuration>
                         <oldVersion>
                             <dependency>
@@ -391,7 +391,7 @@
                         </oldVersion>
                         <parameter>
                             <onlyModified>true</onlyModified>
-                            <breakBuildOnBinaryIncompatibleModifications>false</breakBuildOnBinaryIncompatibleModifications> <!-- TODO: revert to true after 6.0.0 major release -->
+                            <breakBuildOnBinaryIncompatibleModifications>true</breakBuildOnBinaryIncompatibleModifications>
                             <breakBuildBasedOnSemanticVersioning>true</breakBuildBasedOnSemanticVersioning>
                             <postAnalysisScript>${root.dir}/src/japicmp/postAnalysisScript.groovy</postAnalysisScript>
                         </parameter>
diff --git a/src/owasp/owasp-suppression.xml b/src/owasp/owasp-suppression.xml
@@ -37,6 +37,7 @@
         <cve>CVE-2019-16370</cve>
         <cve>CVE-2021-29429</cve>
         <cve>CVE-2021-29428</cve>
+        <cve>CVE-2022-25364</cve>
     </suppress>
 
     <!-- this project does not use the offending method com.google.common.io.Files.createTempDir -->
@@ -46,6 +47,15 @@
         <cve>CVE-2020-8908</cve>
     </suppress>
 
+    <!-- build time dependency brought in by swagger codegen -->
+    <suppress>
+        <notes><![CDATA[ file name: commons-cli-1.2.jar]]></notes>
+        <cve>CVE-2021-38542</cve>
+        <cve>CVE-2021-40110</cve>
+        <cve>CVE-2021-40111</cve>
+        <cve>CVE-2021-40525</cve>
+    </suppress>
+
     <!-- build time dependency (related to npm validator.js which this project does NOT use)  -->
     <suppress>
         <notes><![CDATA[ file name: package.json ]]></notes>
