Update dependency versions

Jonathan Knight · Jonathan Knight · commit bd2c931742e3 · 2025-09-09T09:45:02.000-05:00
(merge 15.1.1-0 -&gt; ce/15.1.1-0 118550)

[git-p4: depot-paths = "//dev/coherence-ce/release/coherence-ce-v15.1.1.0/": change = 118551]
diff --git a/prj/coherence-dependencies/pom.xml b/prj/coherence-dependencies/pom.xml
@@ -233,8 +233,8 @@
     <javax.cache.version>1.1.1</javax.cache.version>
     <javax.cache.tck.version>1.1.1</javax.cache.tck.version>
     <!-- NOTE: this version should ideally be in sync' with that used by Helidon -->
-    <jaxb-core.version>4.0.3</jaxb-core.version>
-    <jaxb-impl.version>4.0.3</jaxb-impl.version>
+    <jaxb-core.version>4.0.5</jaxb-core.version>
+    <jaxb-impl.version>4.0.5</jaxb-impl.version>
     <!-- NOTE: this version should ideally be in sync' with that used by Helidon
          This is not always possible if we need to bump versions for CVE's -->
     <jersey.version>3.1.10</jersey.version>
diff --git a/prj/etc/dependency-check-suppression.xml b/prj/etc/dependency-check-suppression.xml
@@ -523,9 +523,30 @@
     <cve>CVE-2022-33879</cve>
   </suppress>
 
-  <!-- Added for poi-ooxml-5.3.0.jar which is a 4th party dependency of
-  dev.langchain4j:langchain4j-document-parser-apache-tika:jar:1.0.0-beta2
-  used in examples -->
+    <!-- Added for bcpkix-jdk18on-1.78.1.jar which is a 4th party dependency of
+    Helidon which brings in an older version of Lanchain4J
+    -->
+    <suppress>
+      <notes><![CDATA[
+      file name: bcpkix-jdk18on-1.78.1.jar
+      ]]></notes>
+      <packageUrl regex="true">^pkg:maven/org\.bouncycastle/bcpkix-jdk18on@.*$</packageUrl>
+      <vulnerabilityName>CVE-2025-8916</vulnerabilityName>
+    </suppress>
+    <!-- Added for tika-core-3.0.0.jar which is a 4th party dependency of
+    Helidon which brings in an older version of Lanchain4J
+    -->
+    <suppress>
+      <notes><![CDATA[
+      file name: tika-core-3.0.0.jar
+      ]]></notes>
+      <packageUrl regex="true">^pkg:maven/org\.apache\.tika/tika-core@.*$</packageUrl>
+      <cve>CVE-2025-54988</cve>
+    </suppress>
+
+    <!-- Added for poi-ooxml-5.3.0.jar which is a 4th party dependency of
+    dev.langchain4j:langchain4j-document-parser-apache-tika:jar:1.0.0-beta2
+    used in examples -->
   <suppress>
     <notes><![CDATA[
     file name: poi-ooxml-5.3.0.jar
