From 8fefa558c9ce2a3c8c6da6296a7c8988be9e4361 Mon Sep 17 00:00:00 2001
From: GarethLancaster <31533575+Gareth40342@users.noreply.github.com>
Date: Wed, 6 Nov 2024 15:52:17 +0000
Subject: [PATCH] Bump spring mvc and commons-io

---
 build.gradle                  | 4 ++--
 config/owasp/suppressions.xml | 1 +
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/build.gradle b/build.gradle
index 92d623f0..0f44e5b7 100644
--- a/build.gradle
+++ b/build.gradle
@@ -155,7 +155,7 @@ dependencies {
 
   implementation 'org.springframework:spring-expression:5.3.39'
   implementation 'org.springframework:spring-web:5.3.39'
-  implementation 'org.springframework:spring-webmvc:6.1.13'
+  implementation 'org.springframework:spring-webmvc:6.1.14'
 
   implementation group: 'org.springframework.cloud', name: 'spring-cloud-starter-openfeign', version: '4.0.2'
   implementation group: 'org.springframework.cloud', name: 'spring-cloud-openfeign-core', version: '4.0.2'
@@ -165,7 +165,7 @@ dependencies {
   implementation group: 'com.sendgrid', name: 'sendgrid-java', version: '4.9.3'
   implementation group: 'com.github.hmcts', name: 'ccd-client', version: '4.9.1'
 
-  implementation group: 'commons-io', name: 'commons-io', version: '2.11.0'
+  implementation group: 'commons-io', name: 'commons-io', version: '2.17.0'
   implementation group: 'org.apache.commons', name: 'commons-lang3', version: '3.12.0'
 
   implementation group: 'uk.gov.service.notify', name: 'notifications-java-client', version: '5.0.0-RELEASE'
diff --git a/config/owasp/suppressions.xml b/config/owasp/suppressions.xml
index a1ec2405..2489b051 100644
--- a/config/owasp/suppressions.xml
+++ b/config/owasp/suppressions.xml
@@ -27,5 +27,6 @@
     <cve>CVE-2023-5072</cve>
     <cve>CVE-2024-22262</cve>
     <cve>CVE-2024-34447</cve>
+    <cve>CVE-2024-38820</cve>
   </suppress>
 </suppressions>