Upgrade OWASP dependency plugin version. (#506)

* Upgrade OWASP dependency plugin version. * Upgrade SpringBoot to resolve a dependency vulnerability. * Suppress an old CVE. * Revert "Upgrade SpringBoot to resolve a dependency vulnerability." This reverts commit 44fb7ec.
hmcts · Oct 13, 2020 · c534d3c · c534d3c
1 parent b7a5cfa
commit c534d3c
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/build.gradle b/build.gradle
@@ -4,7 +4,7 @@ plugins {
   id 'java'
   id 'jacoco'
   id 'io.spring.dependency-management' version '1.0.9.RELEASE' apply false
-  id 'org.owasp.dependencycheck' version '5.3.2.1'
+  id 'org.owasp.dependencycheck' version '6.0.2'
   id 'org.sonarqube' version '2.6.2'
   id 'org.springframework.boot' version '2.2.10.RELEASE' apply false
   id 'com.gorylenko.gradle-git-properties' version '1.4.21'

diff --git a/dependency-check-suppressions.xml b/dependency-check-suppressions.xml
@@ -362,4 +362,11 @@
         <cve>CVE-2020-10518</cve>
         <cve>CVE-2020-10517</cve>
     </suppress>
+
+    <!-- This vulnerability exists since 2007 and has no fix as it is a design flaw. -->
+    <suppress>
+        <gav regex="true">^com\.nimbusds:oauth2-oidc-sdk:.*$</gav>
+        <cve>CVE-2007-1651</cve>
+        <cve>CVE-2007-1652</cve>
+    </suppress>
 </suppressions>