Update dependency-check plugin and exclude false positive

(cherry picked from commit ebcd0adf78)
2024-11-23 03:59:51 +00:00 · 2022-12-07 14:17:42 +01:00 · 2022-12-07 14:17:42 +01:00 · 8e902877a3
commit 8e902877a3
parent fd76c89393
2 changed files with 4 additions and 2 deletions
--- a/pom.xml
+++ b/pom.xml
@ -58,7 +58,7 @@

 		<!-- build-time dependencies -->
 		<jetbrains.annotations.version>23.0.0</jetbrains.annotations.version>
-		<dependency-check.version>7.2.1</dependency-check.version>
+		<dependency-check.version>7.4.0</dependency-check.version>
 		<jacoco.version>0.8.8</jacoco.version>
 	</properties>

--- a/suppression.xml
+++ b/suppression.xml
@ -35,13 +35,15 @@
 		<cve>CVE-2022-25366</cve>
 	</suppress>

+	<!-- Apache Commons-cli false positives below -->
 	<suppress>
 		<notes><![CDATA[
 			False positive for commons-cli due, see https://github.com/jeremylong/DependencyCheck/pull/4148
 		]]></notes>
 		<gav regex="true">^commons\-cli:commons\-cli:.*$</gav>
 		<cpe>cpe:/a:apache:james</cpe>
-		<!-- while we are at it exclude also this fp -->
+		<!-- while we are at it exclude also these fp -->
 		<cpe>cpe:/a:spirit-project:spirit</cpe>
+		<cpe>cpe:/a:apache:commons_net</cpe>
 	</suppress>
 </suppressions>