From ae1e3822747389c0f0e9c3899fdd402b4db97447 Mon Sep 17 00:00:00 2001
From: Gordon Grund <gordon.grund@t-systems.com>
Date: Thu, 15 Jun 2023 11:30:27 +0200
Subject: [PATCH 1/3] update dependencies

---
 .gitignore                                    |  1 +
 pom.xml                                       | 20 +++++++++----------
 .../ec/dgc/DgcLibAutoConfiguration.java       |  1 -
 3 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/.gitignore b/.gitignore
index 6f2dcc0..1af24cc 100644
--- a/.gitignore
+++ b/.gitignore
@@ -41,3 +41,4 @@ build/
 /tools/*
 !/tools/*.bat
 !/tools/*.sh
+pom.xml.versionsBackup
diff --git a/pom.xml b/pom.xml
index 9270a25..126c52a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1,7 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project xmlns="http://maven.apache.org/POM/4.0.0"
-         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
 
     <parent>
@@ -30,17 +29,18 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <!-- dependencies -->
+
         <owasp.version>8.0.2</owasp.version>
-        <bcpkix.version>1.72</bcpkix.version>
-        <lombok.version>1.18.24</lombok.version>
-        <mapstruct.version>1.5.3.Final</mapstruct.version>
-        <commonsio.version>2.11.0</commonsio.version>
+        <bcpkix.version>1.74</bcpkix.version>
+        <lombok.version>1.18.28</lombok.version>
+        <mapstruct.version>1.5.5.Final</mapstruct.version>
+        <commonsio.version>2.13.0</commonsio.version>
         <cbor.version>4.5.2</cbor.version>
-        <mockwebserver.version>4.10.0</mockwebserver.version>
-        <plugin.checkstyle.version>3.2.1</plugin.checkstyle.version>
+        <mockwebserver.version>5.0.0-alpha.11</mockwebserver.version>
+        <plugin.checkstyle.version>3.3.0</plugin.checkstyle.version>
         <plugin.sonar.version>3.9.1.2184</plugin.sonar.version>
-        <plugin.surefire.version>3.0.0-M8</plugin.surefire.version>
-        <plugin.jacoco.version>0.8.8</plugin.jacoco.version>
+        <plugin.surefire.version>3.1.2</plugin.surefire.version>
+        <plugin.jacoco.version>0.8.10</plugin.jacoco.version>
 
         <!-- license -->
         <license.projectName>EU Digital Green Certificate Gateway Service / dgc-lib</license.projectName>
diff --git a/src/main/java/eu/europa/ec/dgc/DgcLibAutoConfiguration.java b/src/main/java/eu/europa/ec/dgc/DgcLibAutoConfiguration.java
index 605ea32..f410a36 100644
--- a/src/main/java/eu/europa/ec/dgc/DgcLibAutoConfiguration.java
+++ b/src/main/java/eu/europa/ec/dgc/DgcLibAutoConfiguration.java
@@ -23,7 +23,6 @@
 import org.springframework.boot.autoconfigure.AutoConfiguration;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.context.annotation.ComponentScan;
-import org.springframework.context.annotation.Configuration;
 
 @AutoConfiguration
 @ComponentScan("eu.europa.ec.dgc")

From 6d7cf0dff00012f34c8a30f4b01495b799c725c4 Mon Sep 17 00:00:00 2001
From: Gordon Grund <gordon.grund@t-systems.com>
Date: Mon, 19 Jun 2023 11:45:36 +0200
Subject: [PATCH 2/3] update pom

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 126c52a..e60a8b3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.springframework.cloud</groupId>
         <artifactId>spring-cloud-starter-parent</artifactId>
-        <version>2022.0.1</version>
+        <version>2022.0.3</version>
         <relativePath/>
     </parent>
 

From 25bf7bd4e51e8260e3274251bbd4c8fd1c9af7ae Mon Sep 17 00:00:00 2001
From: Felix Dittrich <Felix.Dittrich@t-systems.com>
Date: Mon, 19 Jun 2023 12:07:03 +0200
Subject: [PATCH 3/3] Update Jackson

---
 owasp/suppressions.xml |  8 ++++++++
 pom.xml                | 23 +++++++++++++++++++++++
 2 files changed, 31 insertions(+)

diff --git a/owasp/suppressions.xml b/owasp/suppressions.xml
index 3fd8b02..5ff56ad 100644
--- a/owasp/suppressions.xml
+++ b/owasp/suppressions.xml
@@ -4,4 +4,12 @@
     <notes>no YAML content from users is parsed within this service</notes>
     <cve>CVE-2022-1471</cve>
   </suppress>
+  <suppress>
+    <notes>False positive</notes>
+    <cve>CVE-2022-45688</cve>
+  </suppress>
+  <suppress>
+    <notes>No fix available, still analyzed</notes>
+    <cve>CVE-2023-35116</cve>
+  </suppress>
 </suppressions>
diff --git a/pom.xml b/pom.xml
index e60a8b3..77878df 100644
--- a/pom.xml
+++ b/pom.xml
@@ -87,6 +87,17 @@
         <dependency>
             <groupId>org.springframework.cloud</groupId>
             <artifactId>spring-cloud-starter-openfeign</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>commons-fileupload</groupId>
+                    <artifactId>commons-fileupload</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>commons-fileupload</groupId>
+            <artifactId>commons-fileupload</artifactId>
+            <version>1.5</version>
         </dependency>
         <dependency>
             <groupId>io.github.openfeign</groupId>
@@ -120,10 +131,22 @@
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-databind</artifactId>
+            <version>2.15.2</version>
+        </dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-core</artifactId>
+            <version>2.15.2</version>
         </dependency>
         <dependency>
             <groupId>com.fasterxml.jackson.datatype</groupId>
             <artifactId>jackson-datatype-jsr310</artifactId>
+            <version>2.15.2</version>
+        </dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-annotations</artifactId>
+            <version>2.15.2</version>
         </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>