From 430c55a0db8eefd645264691dcf84ccbc62fc06c Mon Sep 17 00:00:00 2001
From: Trey Chadick <tchad@labkey.com>
Date: Wed, 28 May 2025 14:00:28 -0700
Subject: [PATCH 1/2] Suppress dependency check false-positives for mxparser
 (#1074)

---
 dependencyCheckSuppression.xml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/dependencyCheckSuppression.xml b/dependencyCheckSuppression.xml
index 6682f78b73..5f8f9d157b 100644
--- a/dependencyCheckSuppression.xml
+++ b/dependencyCheckSuppression.xml
@@ -185,4 +185,14 @@
         <packageUrl regex="true">^pkg:maven/org\.labkey\.api/labkey-client-api@.*$</packageUrl>
         <cve>CVE-2019-3913</cve>
     </suppress>
+
+    <!-- False positive - mxparser is not XStream -->
+    <suppress>
+        <notes><![CDATA[
+    file name: mxparser-1.2.2.jar
+    ]]></notes>
+        <packageUrl regex="true">^pkg:maven/io\.github\.x-stream/mxparser@.*$</packageUrl>
+        <cpe>cpe:/a:xstream:xstream</cpe>
+    </suppress>
+
 </suppressions>

From 9ab5164f6a56a3b1cf19ba5d4de7d6ef01d05da8 Mon Sep 17 00:00:00 2001
From: Trey Chadick <tchad@labkey.com>
Date: Mon, 2 Jun 2025 08:22:25 -0700
Subject: [PATCH 2/2] Update Apache-Commons BeanUtils to 1.11.0 (#1077)

---
 gradle.properties | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gradle.properties b/gradle.properties
index f708a5f695..d08eea9569 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -121,7 +121,7 @@ commonmarkVersion=0.24.0
 
 # the beanutils version is not the default version brought from commons-validator and/or commons-digester
 # in the :server:api module but is required for some of our code to compile
-commonsBeanutilsVersion=1.10.0
+commonsBeanutilsVersion=1.11.0
 commonsCodecVersion=1.17.1
 commonsCollections4Version=4.4
 commonsCollectionsVersion=3.2.2