finos
diff --git a/‎.github/workflows/cve-scanning.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/cve-scanning.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎RELEASE.md‎
Lines changed: 23 additions & 1 deletion b/‎RELEASE.md‎
Lines changed: 23 additions & 1 deletion
diff --git a/‎pom.xml‎
Lines changed: 11 additions & 11 deletions b/‎pom.xml‎
Lines changed: 11 additions & 11 deletions
@@ -17,7 +17,6 @@ on:
 
 jobs:
   depcheck:
-
     runs-on: ubuntu-latest
 
     steps:
@@ -26,7 +25,7 @@ jobs:
       with:
         run-tests: false
     - name: CVE scanning
-      uses: dependency-check/Dependency-Check_Action@1.1.0
+      uses: dependency-check/Dependency-Check_Action@main
       env:
         JAVA_HOME: /opt/jdk
       with:
@@ -38,6 +37,7 @@ jobs:
           --suppression allow-list.xml
           --failOnCVSS 7
           --disableOssIndex
+          --centralUrl https://central.sonatype.com/solrsearch/select # remove when https://search.maven.org/solrsearch/select is back online
     - name: Upload results
       uses: actions/upload-artifact@v4
       with:
 
@@ -1,4 +1,4 @@
-## Event Model - Empty Value Handling Updates
+# _Event Model - `empty` Value Handling Updates_
 
 *Background*
 
@@ -14,3 +14,25 @@ The following types have been updated:
 *Review Directions*
 
 Changes can be reviewed in PR: [#4235](https://github.com/finos/common-domain-model/pull/4235)
+
+# _Infrastructure - Dependency Update_
+
+_What is being released?_
+
+This release updates the `DSL` dependency, and third-party software libraries updated to comply with the “Common Vulnerabilities and Exposures” standard (CVE, https://www.cve.org/).
+
+Version updates include:
+- `DSL` `9.68.1` Duplicate name detection. See DSL release notes: [DSL 9.68.1](https://github.com/finos/rune-dsl/releases/tag/9.68.1)
+- `DSL` `9.69.0` Bug fix related to accessing enum values. See DSL release notes: [DSL 9.69.0](https://github.com/finos/rune-dsl/releases/tag/9.69.0)
+- `DSL` `9.69.1` Fixed issue to do with overriding `ruleReference` annotations with `empty`. See DSL release notes: [DSL 9.69.1](https://github.com/finos/rune-dsl/releases/tag/9.69.1)
+- `DSL` `9.70.0` Fixed validation null pointer. See DSL release notes: [DSL 9.70.0](https://github.com/finos/rune-dsl/releases/tag/9.70.0)
+
+No expectations are updated as part of this release.
+
+Third-party software library updates:
+- `npm/axios` upgraded from version 0.30.1 to 1.12.0, see [GHSA-4hjh-wcwx-xvwj](https://github.com/advisories/GHSA-4hjh-wcwx-xvwj) for further details
+- `npm/docusaurus` upgraded from version 2.4.1 to 3.8.1 to remove a transitive dependency on axios 0.7.0.
+
+_Review Directions_
+
+The changes can be reviewed in PR: [#4295](https://github.com/finos/common-domain-model/pull/4295)
@@ -81,9 +81,10 @@
         <java.enforced.version>[21,22)</java.enforced.version>
         <!-- release version is overridden in rosetta-source -->
         <maven.compiler.release>11</maven.compiler.release>
-        <rosetta.bundle.version>11.89.3</rosetta.bundle.version>
+
+        <rosetta.dsl.version>9.70.0</rosetta.dsl.version>
+        <rosetta.bundle.version>11.96.0</rosetta.bundle.version>
         <rosetta.code-gen.version>${rosetta.bundle.version}</rosetta.code-gen.version>
-        <rosetta.dsl.version>9.68.0</rosetta.dsl.version>
 
         <xtext.version>2.38.0</xtext.version>
         <guice.version>6.0.0</guice.version>
@@ -106,8 +107,8 @@
         <maven-dependency-plugin.version>3.6.1</maven-dependency-plugin.version>
         <maven-assembly-plugin.version>3.1.0</maven-assembly-plugin.version>
         <maven-compiler-plugin.version>3.8.0</maven-compiler-plugin.version>
-        <maven-failsafe-plugin.version>3.0.0-M5</maven-failsafe-plugin.version>
-        <maven-surefire-plugin.version>3.0.0-M5</maven-surefire-plugin.version>
+        <maven-failsafe-plugin.version>3.5.4</maven-failsafe-plugin.version>
+        <maven-surefire-plugin.version>3.5.4</maven-surefire-plugin.version>
         <versions-maven-plugin.version>2.10.0</versions-maven-plugin.version>
         <maven-clean-plugin.version>3.1.0</maven-clean-plugin.version>
         <maven-resources-plugin.version>3.1.0</maven-resources-plugin.version>
@@ -177,13 +178,6 @@
         </profile>
     </profiles>
 
-    <dependencies>
-        <dependency>
-            <groupId>com.regnosys.rosetta</groupId>
-            <artifactId>com.regnosys.rosetta</artifactId>
-        </dependency>
-    </dependencies>
-
     <build>
         <pluginManagement>
             <plugins>
@@ -477,6 +471,11 @@
                 <artifactId>hamcrest</artifactId>
                 <version>${hamcrest.version}</version>
             </dependency>
+            <dependency>
+                <groupId>org.hamcrest</groupId>
+                <artifactId>hamcrest-core</artifactId>
+                <version>${hamcrest.version}</version>
+            </dependency>
             <!-- plugins START -->
             <dependency>
                 <groupId>com.regnosys.rosetta</groupId>
@@ -551,6 +550,7 @@
             <!-- plugins END -->
         </dependencies>
     </dependencyManagement>
+
     <repositories>
         <repository>
             <name>Central Portal Snapshots</name>