refactor: update vulnerabilities (#186)

SrikarMannepalli · web-flow · commit a3c26d3325b0 · 2023-06-19T11:38:15.000+05:30
* refactor: update vulnerabilities

* add suppression
diff --git a/.snyk b/.snyk
diff --git a/build.gradle.kts b/build.gradle.kts
@@ -5,7 +5,7 @@ plugins {
   id("org.hypertrace.docker-java-application-plugin") version "0.9.5" apply false
   id("org.hypertrace.docker-publish-plugin") version "0.9.5" apply false
   id("org.hypertrace.code-style-plugin") version "1.1.2" apply false
-  id("org.owasp.dependencycheck") version "8.1.2"
+  id("org.owasp.dependencycheck") version "8.2.1"
 }
 
 subprojects {
diff --git a/hypertrace-core-graphql b/hypertrace-core-graphql
@@ -1 +1 @@
-Subproject commit 3e90c7a0f4343c8bbd6d4cf37b6de7719804aca7
+Subproject commit eb6dc3ed32c1b1f508a59f3e456a073ad20576ac
diff --git a/hypertrace-graphql-service/build.gradle.kts b/hypertrace-graphql-service/build.gradle.kts
@@ -7,10 +7,10 @@ plugins {
 
 dependencies {
   implementation("com.typesafe:config")
-  implementation("org.hypertrace.core.serviceframework:platform-service-framework:0.1.50")
+  implementation("org.hypertrace.core.serviceframework:platform-service-framework:0.1.52")
   implementation("org.slf4j:slf4j-api")
 
-  implementation("org.hypertrace.core.serviceframework:platform-http-service-framework:0.1.50")
+  implementation("org.hypertrace.core.serviceframework:platform-http-service-framework:0.1.52")
 
   implementation("com.graphql-java-kickstart:graphql-java-servlet")
   implementation(project(":hypertrace-graphql-impl"))
diff --git a/owasp-suppressions.xml b/owasp-suppressions.xml
@@ -16,4 +16,11 @@
     <packageUrl regex="true">^pkg:maven/io\.github\.graphql\-java/graphql\-java\-annotations@.*$</packageUrl>
     <cpe>cpe:/a:graphql-java:graphql-java</cpe>
   </suppress>
+  <suppress until="2023-06-29Z">
+    <notes><![CDATA[
+   file name: jackson-databind-2.15.2.jar
+   ]]></notes>
+    <packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$</packageUrl>
+    <cve>CVE-2023-35116</cve>
+  </suppress>
 </suppressions> 

Original file line number	Diff line number	Diff line change
`@@ -5,7 +5,7 @@ plugins {`
`5`	`5`	`id("org.hypertrace.docker-java-application-plugin") version "0.9.5" apply false`
`6`	`6`	`id("org.hypertrace.docker-publish-plugin") version "0.9.5" apply false`
`7`	`7`	`id("org.hypertrace.code-style-plugin") version "1.1.2" apply false`
`8`		`- id("org.owasp.dependencycheck") version "8.1.2"`
	`8`	`+ id("org.owasp.dependencycheck") version "8.2.1"`
`9`	`9`	`}`
`10`	`10`
`11`	`11`	`subprojects {`