Update dependencies and suppress CVEs

SelahattinSert · SelahattinSert · commit ebee12f83a0e · 2025-09-25T19:41:13.000+03:00
diff --git a/owasp-suppressions.xml b/owasp-suppressions.xml
@@ -1,95 +1,42 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
     <!-- azure-identity-1.13.1 -->
-    <!-- com.azure.spring:spring-cloud-azure-starter@5.15.0 -->
+    <!-- com.azure.spring:spring-cloud-azure-starter@5.18.0 -->
     <suppress>
         <cve>CVE-2023-36415</cve>
+    </suppress>
+    <suppress>
         <cve>CVE-2024-35255</cve>
     </suppress>
     <!-- commons-lang3-3.14.0.jar -->
     <!-- org.liquibase:liquibase-core@4.27.0 -->
     <suppress>
         <cve>CVE-2025-48924</cve>
     </suppress>
-    <!-- json-smart-2.5.1 -->
-    <!-- org.springframework.boot:spring-boot-starter-test@3.3.1 -->
-    <suppress>
-        <cve>CVE-2024-57699</cve>
-    </suppress>
-    <!-- logback-core-1.5.6 -->
-    <!-- org.springframework.boot:spring-boot-starter-logging@3.3.1 -->
-    <suppress>
-        <cve>CVE-2024-12798</cve>
-        <cve>CVE-2024-12801</cve>
-    </suppress>
-    <!-- msal4j-1.16.1 -->
-    <!-- com.azure.spring:spring-cloud-azure-starter@5.15.0 -->
-    <suppress>
-        <cve>CVE-2024-35255</cve>
-    </suppress>
     <!-- netty-transport-4.1.111.Final.jar -->
     <suppress>
         <cve>CVE-2025-55163</cve>
         <cve>CVE-2025-58056</cve>
         <cve>CVE-2025-58057</cve>
     </suppress>
-    <!-- netty-common-4.1.111.Final -->
-    <!-- com.azure:azure-storage-blob@12.27.1 -->
-    <suppress>
-        <cve>CVE-2024-47535</cve>
-    </suppress>
     <!-- netty-handler-4.1.111.Final -->
     <!-- com.azure:azure-storage-blob@12.27.1 -->
     <suppress>
         <cve>CVE-2025-24970</cve>
     </suppress>
-    <!-- nimbus-jose-jwt-9.37.3.jar (shaded: com.google.code.gson:gson:2.10.1) -->
-    <suppress>
-        <cve>CVE-2025-53864</cve>
-    </suppress>
-    <!-- reactor-netty-http-1.1.20.jar -->
-    <!-- com.azure:azure-storage-blob@12.27.1 -->
-    <suppress>
-        <cve>CVE-2025-22227</cve>
-    </suppress>
-    <!-- spring-cloud-azure-starter-storage-queue-5.15.0 -->
-    <!-- com.azure.spring:spring-cloud-azure-starter-storage@5.15.0 -->
+    <!-- spring-cloud-azure-starter-storage-queue-5.18.0 -->
+    <!-- com.azure.spring:spring-cloud-azure-starter-storage@5.18.0 -->
     <suppress>
         <cve>CVE-2022-30187</cve>
         <cve>CVE-2025-25193</cve>
     </suppress>
-    <!-- spring-context-6.1.10.jar -->
-    <!-- org.springframework.boot:spring-boot-starter-web@3.3.1 -->
-    <suppress>
-        <cve>CVE-2025-22233</cve>
-    </suppress>
-    <!-- spring-core-6.1.10 -->
-    <!-- org.springframework.boot:spring-boot-starter-test@3.3.1 -->
-    <suppress>
-        <cve>CVE-2024-38820</cve>
-        <cve>CVE-2025-41249</cve>
-        <cve>CVE-2025-41242</cve>
-    </suppress>
-    <!-- spring-web-6.1.10.jar -->
-    <!-- org.springframework.boot:spring-boot-starter-web@3.3.1 -->
-    <suppress>
-        <cve>CVE-2024-38809</cve>
-        <cve>CVE-2024-38820</cve>
-        <cve>CVE-2025-41234</cve>
-    </suppress>
-    <!-- spring-webmvc-6.1.10 -->
-    <!-- org.springframework.boot:spring-boot-starter-web@3.3.1 -->
-    <suppress>
-        <cve>CVE-2024-38816</cve>
-        <cve>CVE-2024-38820</cve>
-    </suppress>
     <!-- swagger-ui-5.17.14 (DOMPurify@3.1.4) -->
     <!-- org.springdoc:springdoc-openapi-starter-webmvc-ui@2.6.0 -->
     <suppress>
         <cve>CVE-2025-26791</cve>
     </suppress>
     <!-- tomcat-embed-core-10.1.25.jar -->
-    <!-- org.springframework.boot:spring-boot-starter-web@3.3.1 -->
+    <!-- org.springframework.boot:spring-boot-starter-web@3.3.8 -->
     <suppress>
         <cve>CVE-2024-50379</cve>
         <cve>CVE-2024-52316</cve>
@@ -107,8 +54,4 @@
         <cve>CVE-2025-55668</cve>
         <cve>CVE-2025-48989</cve>
     </suppress>
-    <!-- spring-boot-starter-actuator -->
-    <suppress>
-        <cve>CVE-2025-22235</cve>
-    </suppress>
 </suppressions>
diff --git a/pom.xml b/pom.xml
@@ -5,7 +5,7 @@
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>3.3.1</version>
+        <version>3.3.8</version>
         <relativePath/> <!-- lookup parent from repository -->
     </parent>
     <groupId>com.onboarding.camera</groupId>
@@ -16,7 +16,7 @@
 
     <properties>
         <java.version>21</java.version>
-        <spring-cloud-azure.version>5.15.0</spring-cloud-azure.version>
+        <spring-cloud-azure.version>5.18.0</spring-cloud-azure.version>
     </properties>
 
     <dependencies>
@@ -50,6 +50,7 @@
         <dependency>
             <groupId>org.projectlombok</groupId>
             <artifactId>lombok</artifactId>
+            <version>1.18.38</version>
             <optional>true</optional>
         </dependency>
 
@@ -61,7 +62,6 @@
         <dependency>
             <groupId>com.azure</groupId>
             <artifactId>azure-storage-blob</artifactId>
-            <version>12.27.1</version>
         </dependency>
 
         <dependency>
@@ -188,8 +188,9 @@
             <plugin>
                 <groupId>org.owasp</groupId>
                 <artifactId>dependency-check-maven</artifactId>
-                <version>12.1.0</version>
+                <version>12.1.5</version>
                 <configuration>
+                    <ossindexAnalyzerEnabled>false</ossindexAnalyzerEnabled>
                     <suppressionFile>${project.basedir}/owasp-suppressions.xml</suppressionFile>
                     <knownExploitedEnabled>false</knownExploitedEnabled>
                     <failBuildOnCVSS>0</failBuildOnCVSS>
