Merge pull request #1608 from hmcts/AM-2987_tomcat_upgrade

Am 2987 tomcat upgrade 9.0.82

build.gradle

@@ -45,6 +45,7 @@ def versions = [
         springSecurity : '5.7.10',
         springHystrix  : '2.1.1.RELEASE',
         swagger2Version: '2.10.5',
+        tomcat         : '9.0.82',
         pact_version   : '4.1.41',
         rest_assured   : '3.3.0',
         cucumber       : '5.7.0',
@@ -394,8 +395,8 @@ dependencies {
     //CVE-2021-35515, CVE-2021-35516, CVE-2021-35517, CVE-2021-36090
     // To be cleaned up later
     implementation group: 'org.apache.commons', name: 'commons-compress', version: '1.21'
-    implementation group: 'org.apache.tomcat.embed', name: 'tomcat-embed-websocket', version: '9.0.80'
-    implementation group: 'org.apache.tomcat.embed', name: 'tomcat-embed-core', version: '9.0.80'
+    implementation group: 'org.apache.tomcat.embed', name: 'tomcat-embed-websocket', version: versions.tomcat
+    implementation group: 'org.apache.tomcat.embed', name: 'tomcat-embed-core', version: versions.tomcat
 
     implementation group:'com.fasterxml.jackson.datatype', name:'jackson-datatype-jsr310'
     implementation group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: versions.jacksondata

config/owasp/suppressions.xml

@@ -21,16 +21,4 @@
         <notes>https://tools.hmcts.net/jira/browse/AM-2968 netty</notes>
         <cve>CVE-2023-4586</cve>
     </suppress>
-    <suppress>
-        <notes>https://tools.hmcts.net/jira/browse/AM-2987 tomcat</notes>
-        <cve>CVE-2023-42794</cve>
-    </suppress>
-    <suppress>
-        <notes>https://tools.hmcts.net/jira/browse/AM-2988 tomcat</notes>
-        <cve>CVE-2023-42795</cve>
-    </suppress>
-    <suppress>
-        <notes>https://tools.hmcts.net/jira/browse/AM-2989 tomcat</notes>
-        <cve>CVE-2023-45648</cve>
-    </suppress>
 </suppressions>