From 7baf7061065b0aaf554b506db1ce3ee17efb9310 Mon Sep 17 00:00:00 2001
From: nikola-naydenov-hmcts <nikola.naydenov@hmcts.net>
Date: Mon, 25 Apr 2022 13:23:31 +0100
Subject: [PATCH] SIDM-7509 Dependency check issues (#777)

Co-authored-by: Nikola Naydenov <nikolanaydenov@nikolas-mbp.home>
---
 build.gradle                      | 19 ++++---------------
 dependency-check-suppressions.xml |  1 +
 2 files changed, 5 insertions(+), 15 deletions(-)

diff --git a/build.gradle b/build.gradle
index 94c7e7736..f3ebf5d6d 100644
--- a/build.gradle
+++ b/build.gradle
@@ -6,7 +6,7 @@ plugins {
   id 'io.spring.dependency-management' version '1.0.11.RELEASE' apply false
   id 'org.owasp.dependencycheck' version '6.5.3'
   id 'org.sonarqube' version '2.6.2'
-  id 'org.springframework.boot' version '2.6.6' apply false
+  id 'org.springframework.boot' version '2.6.7' apply false
   id 'com.gorylenko.gradle-git-properties' version '1.4.21'
   id "info.solidsoft.pitest" version "1.6.0"
   id 'application'
@@ -33,9 +33,7 @@ allprojects {
   sourceCompatibility = 11
   targetCompatibility = 11
 
-  def idamBomVersion = '2.8.18'
-  def jackson_version = '2.13.2'
-  def jackson_databind_version = '2.13.2.1'
+  def idamBomVersion = '2.8.21'
 
   configurations.all {
     exclude group: "org.glassfish", module: "jakarta.el"
@@ -87,7 +85,7 @@ allprojects {
     implementation group: 'org.springframework.boot', name: 'spring-boot-starter-oauth2-client'
     implementation group: 'org.springframework.boot', name: 'spring-boot-starter-oauth2-resource-server'
     implementation group: 'org.springframework.boot', name: 'spring-boot-starter-data-redis-reactive'
-    implementation group: 'org.springframework.session', name: 'spring-session-data-redis', version: '2.2.4.RELEASE'
+    implementation group: 'org.springframework.session', name: 'spring-session-data-redis', version: '2.6.3'
     implementation group: 'org.yaml', name: 'snakeyaml'
 
     implementation group: 'io.github.openfeign', name: 'feign-jackson'
@@ -108,16 +106,7 @@ allprojects {
 
     implementation group: 'javax.servlet', name: 'jstl'
     implementation group: 'javax.json', name: 'javax.json-api'
-    compile("com.fasterxml.jackson:jackson-bom") {
-      version {
-        strictly jackson_version
-      }
-    }
-    implementation (group: 'com.fasterxml.jackson.core', name: 'jackson-databind') {
-      version {
-        require jackson_databind_version
-      }
-    }
+    implementation (group: 'com.fasterxml.jackson.core', name: 'jackson-databind')
     implementation group: 'org.apache.httpcomponents', name: 'httpclient'
     implementation group: 'org.apache.httpcomponents', name: 'httpcore'
     implementation group: 'org.apache.commons', name: 'commons-text'
diff --git a/dependency-check-suppressions.xml b/dependency-check-suppressions.xml
index 09aa463d4..1a9e1e3d1 100644
--- a/dependency-check-suppressions.xml
+++ b/dependency-check-suppressions.xml
@@ -26,6 +26,7 @@
         <cve>CVE-2013-7315</cve>
         <cve>CVE-2014-0054</cve>
         <cve>CVE-2022-22965</cve>
+        <cve>CVE-2022-22968</cve>
         <cve>CVE-2016-1000027</cve>
     </suppress>