From 580860dfb2efab3aace39dd828499160bb07ab8c Mon Sep 17 00:00:00 2001 From: ian Date: Thu, 20 Feb 2025 15:40:09 -0800 Subject: [PATCH 1/2] Bump dependency checker --- gradle.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle.properties b/gradle.properties index f1db888c3b..b752bc297e 100644 --- a/gradle.properties +++ b/gradle.properties @@ -60,7 +60,7 @@ windowsProteomicsBinariesVersion=1.0 artifactoryPluginVersion=5.2.5 gradleNodePluginVersion=7.1.0 gradlePluginsVersion=6.1.0 -owaspDependencyCheckPluginVersion=11.1.0 +owaspDependencyCheckPluginVersion=12.1.0 versioningPluginVersion=1.1.2 # Versions of node and npm to use during the build. If set, these versions From d35feea2b7a04f4414dbc19a83cb3234efc5af9a Mon Sep 17 00:00:00 2001 From: Adam Rauch Date: Fri, 21 Feb 2025 10:35:51 -0800 Subject: [PATCH 2/2] Suppress erroneous labkey-client-api "CVEs" --- dependencyCheckSuppression.xml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/dependencyCheckSuppression.xml b/dependencyCheckSuppression.xml index 3f5d0b287c..6682f78b73 100644 --- a/dependencyCheckSuppression.xml +++ b/dependencyCheckSuppression.xml @@ -160,4 +160,29 @@ ^pkg:maven/org\.apache\.tomcat/tomcat-catalina@.*$ CVE-2024-56337 + + + + + ^pkg:maven/org\.labkey\.api/labkey-client-api@.*$ + CVE-2019-3911 + + + + ^pkg:maven/org\.labkey\.api/labkey-client-api@.*$ + CVE-2019-3912 + + + + ^pkg:maven/org\.labkey\.api/labkey-client-api@.*$ + CVE-2019-3913 +