SIDM-7509 Dependency check issues (#777)

Co-authored-by: Nikola Naydenov <nikolanaydenov@nikolas-mbp.home>
hmcts · Apr 25, 2022 · 7baf706 · 7baf706
1 parent 609fc37
commit 7baf706
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 15 deletions.
diff --git a/build.gradle b/build.gradle
@@ -6,7 +6,7 @@ plugins {
   id 'io.spring.dependency-management' version '1.0.11.RELEASE' apply false
   id 'org.owasp.dependencycheck' version '6.5.3'
   id 'org.sonarqube' version '2.6.2'
-  id 'org.springframework.boot' version '2.6.6' apply false
+  id 'org.springframework.boot' version '2.6.7' apply false
   id 'com.gorylenko.gradle-git-properties' version '1.4.21'
   id "info.solidsoft.pitest" version "1.6.0"
   id 'application'
@@ -33,9 +33,7 @@ allprojects {
   sourceCompatibility = 11
   targetCompatibility = 11
 
-  def idamBomVersion = '2.8.18'
-  def jackson_version = '2.13.2'
-  def jackson_databind_version = '2.13.2.1'
+  def idamBomVersion = '2.8.21'
 
   configurations.all {
     exclude group: "org.glassfish", module: "jakarta.el"
@@ -87,7 +85,7 @@ allprojects {
     implementation group: 'org.springframework.boot', name: 'spring-boot-starter-oauth2-client'
     implementation group: 'org.springframework.boot', name: 'spring-boot-starter-oauth2-resource-server'
     implementation group: 'org.springframework.boot', name: 'spring-boot-starter-data-redis-reactive'
-    implementation group: 'org.springframework.session', name: 'spring-session-data-redis', version: '2.2.4.RELEASE'
+    implementation group: 'org.springframework.session', name: 'spring-session-data-redis', version: '2.6.3'
     implementation group: 'org.yaml', name: 'snakeyaml'
 
     implementation group: 'io.github.openfeign', name: 'feign-jackson'
@@ -108,16 +106,7 @@ allprojects {
 
     implementation group: 'javax.servlet', name: 'jstl'
     implementation group: 'javax.json', name: 'javax.json-api'
-    compile("com.fasterxml.jackson:jackson-bom") {
-      version {
-        strictly jackson_version
-      }
-    }
-    implementation (group: 'com.fasterxml.jackson.core', name: 'jackson-databind') {
-      version {
-        require jackson_databind_version
-      }
-    }
+    implementation (group: 'com.fasterxml.jackson.core', name: 'jackson-databind')
     implementation group: 'org.apache.httpcomponents', name: 'httpclient'
     implementation group: 'org.apache.httpcomponents', name: 'httpcore'
     implementation group: 'org.apache.commons', name: 'commons-text'

diff --git a/dependency-check-suppressions.xml b/dependency-check-suppressions.xml
@@ -26,6 +26,7 @@
         <cve>CVE-2013-7315</cve>
         <cve>CVE-2014-0054</cve>
         <cve>CVE-2022-22965</cve>
+        <cve>CVE-2022-22968</cve>
         <cve>CVE-2016-1000027</cve>
     </suppress>