Upgrading dependency check and suppress jquery upload

2025-02-21 01:15:08 +00:00 · 2021-01-04 15:20:36 +01:00 · 2021-01-04 15:20:36 +01:00 · ee45f7b29f
commit ee45f7b29f
parent cae70e823b
2 changed files with 10 additions and 1 deletions
--- a/archiva-modules/archiva-web/archiva-webapp/pom.xml
+++ b/archiva-modules/archiva-web/archiva-webapp/pom.xml
@ -935,7 +935,7 @@
      <plugin>
        <groupId>org.owasp</groupId>
        <artifactId>dependency-check-maven</artifactId>
-        <version>5.3.2</version>
+        <version>6.0.4</version>
        <configuration>
          <skipProvidedScope>true</skipProvidedScope>
          <failBuildOnCVSS>8</failBuildOnCVSS>
--- a/archiva-modules/archiva-web/archiva-webapp/src/main/resources/META-INF/owasp/cve-suppressions.xml
+++ b/archiva-modules/archiva-web/archiva-webapp/src/main/resources/META-INF/owasp/cve-suppressions.xml
@ -64,4 +64,13 @@
    <vulnerabilityName>CVE-2019-20444</vulnerabilityName>
  </suppress>

+
+  <suppress>
+    <notes><![CDATA[
+   file name: jquery-file-upload-9.10.1.jar is part of deprecated Web UI.
+   ]]></notes>
+    <packageUrl regex="true">^pkg:maven/org\.webjars/jquery\-file\-upload@.*$</packageUrl>
+    <cpe>cpe:/a:jquery_file_upload_project:jquery_file_upload</cpe>
+  </suppress>
+
 </suppressions>