From f1df7b745aa3242d7bb1d36c18a591b5a69668cd Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 4 Oct 2021 09:31:22 +0000
Subject: [PATCH 1/2] Bump org.owasp.dependencycheck from 6.2.2 to 6.3.2

Bumps org.owasp.dependencycheck from 6.2.2 to 6.3.2.

---
updated-dependencies:
- dependency-name: org.owasp.dependencycheck
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 build.gradle | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build.gradle b/build.gradle
index 121a60eb..f6ec8819 100644
--- a/build.gradle
+++ b/build.gradle
@@ -2,7 +2,7 @@ plugins {
     id 'checkstyle'
     id 'java'
     id 'maven-publish'
-    id "org.owasp.dependencycheck" version "6.2.2"
+    id "org.owasp.dependencycheck" version "6.3.2"
     id "org.sonarqube" version "3.3"
 }
 

From 3b98147f4df29282f8ae8352af387d2d72b4cacd Mon Sep 17 00:00:00 2001
From: Anton Oellerer <a.oellerer@docu-tools.com>
Date: Mon, 4 Oct 2021 11:46:09 +0200
Subject: [PATCH 2/2] Set OWASP CVSS threshold to 6

Up until now, a CVSS threshold of 9.0 was specified, which meant that it
practically never triggers. Especially with the introduction of dependabot
it is important to keep an eye on vulnerabilities.
---
 build.gradle | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/build.gradle b/build.gradle
index f6ec8819..c8e23d13 100644
--- a/build.gradle
+++ b/build.gradle
@@ -7,7 +7,7 @@ plugins {
 }
 
 group 'com.docu-tools'
-version = '1.2.3'
+version = '1.2.5'
 
 sourceCompatibility = 17
 targetCompatibility = 17
@@ -56,8 +56,8 @@ tasks.withType(Checkstyle) {
 
 dependencyCheck {
     format = 'ALL'
-    junitFailOnCVSS = 7.0
-    failBuildOnCVSS = 9.0
+    junitFailOnCVSS = 6.0
+    failBuildOnCVSS = 6.0
     suppressionFile = 'config/dependency-check/suppression.xml'
 }