From 7744350e4dad617ca4930b2dd3bdb335e384bba2 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Wed, 30 Aug 2023 09:28:47 +0200
Subject: [PATCH] Update dependency org.owasp:dependency-check-maven to v8
 (#963)

* Update dependency org.owasp:dependency-check-maven to v8

* add suppression for jackson dependency

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Benjamin Otto <benjamin.otto@style-systems.de>
---
 pom.xml          | 2 +-
 suppressions.xml | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index c4d1e9b0..2b9d73a6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -129,7 +129,7 @@
 			<plugin>
 				<groupId>org.owasp</groupId>
 				<artifactId>dependency-check-maven</artifactId>
-				<version>7.4.4</version>
+				<version>8.4.0</version>
 				<executions>
 					<execution>
 						<phase>verify</phase>
diff --git a/suppressions.xml b/suppressions.xml
index 695070c0..dd55ab6f 100644
--- a/suppressions.xml
+++ b/suppressions.xml
@@ -10,4 +10,8 @@
         <notes>We're not using XML here, and also there is no updated jackson-core yet, so that we cannot avoid the transitive dependency.</notes>
         <cve>CVE-2022-45688</cve>
     </suppress>
+    <suppress>
+        <notes>CVE is being considered by the community a false positive. See https://github.com/FasterXML/jackson-databind/issues/3972.</notes>
+        <cve>CVE-2023-35116</cve>
+    </suppress>
 </suppressions>