add CVE suppressions for the lateset spring version (this CVE has not been fixed yet)

zeitlinger · zeitlinger · commit e7a8dc746d6a · 2022-10-13T15:59:14.000+02:00
diff --git a/cve-suppressions.xml b/cve-suppressions.xml
@@ -1,4 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd">
-
+    <suppress>
+        <filePath regex="true">spring-.*-5\.3\.23\.jar</filePath>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
 </suppressions>
diff --git a/pom.xml b/pom.xml
@@ -63,7 +63,7 @@
         <maven.compiler.target>11</maven.compiler.target>
         <spring.version>5.3.23</spring.version>
         <postgresql.version>42.5.0</postgresql.version>
-        <dependency-check-maven.version>6.3.1</dependency-check-maven.version>
+        <dependency-check-maven.version>7.2.1</dependency-check-maven.version>
     </properties>
 
     <dependencies>
