Upgrading dependency check and suppress jquery upload

diff --git a/archiva-modules/archiva-web/archiva-webapp/pom.xml b/archiva-modules/archiva-web/archiva-webapp/pom.xml
index 1a73bb4205843c220c7042cb0c2eb980a8fb6449..6e869f701917c174f53c28b502425c795f957138 100644 (file)
--- a/archiva-modules/archiva-web/archiva-webapp/pom.xml
+++ b/archiva-modules/archiva-web/archiva-webapp/pom.xml
@@ -935,7 +935,7 @@
       <plugin>
         <groupId>org.owasp</groupId>
         <artifactId>dependency-check-maven</artifactId>
-        <version>5.3.2</version>
+        <version>6.0.4</version>
         <configuration>
           <skipProvidedScope>true</skipProvidedScope>
           <failBuildOnCVSS>8</failBuildOnCVSS>

diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/resources/META-INF/owasp/cve-suppressions.xml b/archiva-modules/archiva-web/archiva-webapp/src/main/resources/META-INF/owasp/cve-suppressions.xml
index 420e6a55e5988296d970961f1922ed09addc7141..2a3f08f775ca6ebd18697aa66ed49ef8671ce52c 100644 (file)
--- a/archiva-modules/archiva-web/archiva-webapp/src/main/resources/META-INF/owasp/cve-suppressions.xml
+++ b/archiva-modules/archiva-web/archiva-webapp/src/main/resources/META-INF/owasp/cve-suppressions.xml
@@ -64,4 +64,13 @@
     <vulnerabilityName>CVE-2019-20444</vulnerabilityName>
   </suppress>
 
+
+  <suppress>
+    <notes><![CDATA[
+   file name: jquery-file-upload-9.10.1.jar is part of deprecated Web UI.
+   ]]></notes>
+    <packageUrl regex="true">^pkg:maven/org\.webjars/jquery\-file\-upload@.*$</packageUrl>
+    <cpe>cpe:/a:jquery_file_upload_project:jquery_file_upload</cpe>
+  </suppress>
+
 </suppressions>