Skip to content

Commit

Permalink
Merge pull request #583 from hmcts/cve-fixes-010324
Browse files Browse the repository at this point in the history 
Version bumped to resolve CVE
  • Loading branch information
@muhammad-umerji01
muhammad-umerji01 authored Apr 16, 2024
2 parents 8ee0eea + 444121f commit 857dfbe
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 7 deletions.
7 changes: 3 additions & 4 deletions build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -174,11 +174,10 @@ dependencies {
implementation group: 'org.springframework.security', name: 'spring-security-crypto', version: springSecurity

// dependency check
implementation 'org.owasp:dependency-check-gradle'
implementation group: 'org.owasp', name: 'dependency-check-gradle', version: '9.0.9'
constraints {
implementation('org.owasp:dependency-check-gradle:9.0.9') {
}
implementation('org.owasp:dependency-check-core:9.0.9') {
implementation('org.apache.commons:commons-compress:1.26.0') {
because 'Latest version of dependency-check-gradle (9.0.9) brings in commons-compress v1.25.0 which has a CVE'
}
}

Expand Down
6 changes: 3 additions & 3 deletions dependency-check-suppressions.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,10 @@
<suppress>
<notes>Temporary Suppression
CVE-2023-33202 refer [Ticket]
CVE-2024-25710 refer [Ticket]
CVE-2024-26308 refer [Ticket]
CVE-2024-1597 refer [Ticket]
CVE-2024-23686 refer [Ticket]
CVE-2022-45868 refer [Ticket]
CVE-2023-35116 refer [Ticket]
CVE-2023-34053 refer [Ticket]
CVE-2023-34055 refer [Ticket]
CVE-2023-34042 refer [Ticket]
Expand All @@ -13,7 +14,6 @@
CVE-2023-42795 refer [Ticket]
CVE-2023-45648 refer [Ticket]</notes>
<cve>CVE-2023-33202</cve>
<cve>CVE-2024-25710</cve>
<cve>CVE-2024-26308</cve>
<cve>CVE-2024-1597</cve>
<cve>CVE-2023-34053</cve>
Expand Down

0 comments on commit 857dfbe

Please sign in to comment.