Merge branch 'master' into RDCC-6421-renovate.json-update

hmcts · Mar 6, 2023 · 5e48e02 · 5e48e02
2 parents c935b9e + 8c98c2b
commit 5e48e02
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 3 deletions.
diff --git a/build.gradle b/build.gradle
@@ -1,6 +1,6 @@
 buildscript {
   dependencies {
-    classpath("net.serenity-bdd:serenity-gradle-plugin:2.3.6")
+    classpath("net.serenity-bdd:serenity-gradle-plugin:2.4.34")
   }
 }
 plugins {
@@ -283,6 +283,10 @@ dependencyManagement {
       entry 'tomcat-embed-el'
       entry 'tomcat-embed-websocket'
     }
+    //CVE-2023-24998
+    dependencySet(group: 'commons-fileupload', version: '1.5') {
+      entry 'commons-fileupload'
+    }
     // CVE-2021-22060, CVE-2022-22965, CVE-2022-22950, CVE-2022-22971, CVE-2022-22968, CVE-2022-22970
     dependency(group: 'org.springframework', name: 'spring-corespring-core', version: '5.3.22') //remove this line after spring boot upgrade to 2.7.7 and spring frame work to 6.0
   }

diff --git a/config/owasp/suppressions.xml b/config/owasp/suppressions.xml
@@ -45,7 +45,6 @@
     <cve>CVE-2021-4235</cve>
     <cve>CVE-2022-3064</cve>
   </suppress>
-
   <suppress>
     <notes>CVE-2022-22978 suppression (false positive), because spring security already at (5.7.5) this is higher than the vulnerable versions
       (5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4)
@@ -65,5 +64,7 @@
     <cve>CVE-2022-31692</cve>
     <cve>CVE-2022-31690</cve>
   </suppress>
-
+  <suppress>
+    <cve>CVE-2022-45688</cve>
+  </suppress>
 </suppressions>