DPO-1916 DependencyCheckin löydösten läpikäynti

owasp-suppressions.xml

@@ -5,28 +5,28 @@
         Temporary suppressions, check and update these periodically
     -->
 
-    <suppress until="2024-11-01">
+    <!-- From spring-cloud-starter-aws-secrets-manager-config -->
+    <suppress until="2024-12-01">
         <notes><![CDATA[file name: ion-java-1.0.2.jar]]></notes>
         <packageUrl regex="true">^pkg:maven/software\.amazon\.ion/ion\-java@.*$</packageUrl>
         <!-- we're not using ion-java -->
         <cve>CVE-2024-21634</cve>
     </suppress>
-
-    <suppress until="2024-11-01">
+    <!-- From dice-fairlink -->
+    <suppress until="2024-12-01">
         <notes><![CDATA[file name: aws-java-sdk-rds-1.11.251.jar]]></notes>
         <packageUrl regex="true">^pkg:maven/com\.amazonaws/aws\-java\-sdk\-rds@.*$</packageUrl>
         <!-- We are not using S3 -->
         <cve>CVE-2022-31159</cve>
     </suppress>
-
-    <suppress until="2024-11-01">
+    <!-- From dice-fairlink -->
+    <suppress until="2024-12-01">
         <notes><![CDATA[file name: jmespath-java-1.11.251.jar]]></notes>
         <packageUrl regex="true">^pkg:maven/com\.amazonaws/jmespath\-java@.*$</packageUrl>
         <!-- We are not using S3 -->
         <cve>CVE-2022-31159</cve>
     </suppress>
 
-
     <!--
         Permanent suppressions
     -->

pom.xml

@@ -17,7 +17,7 @@
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>3.3.3</version>
+        <version>3.3.5</version>
         <relativePath/>
     </parent>
 
@@ -170,6 +170,12 @@
             <version>3.17.0</version>
         </dependency>
 
+        <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-collections4</artifactId>
+            <version>4.4</version>
+        </dependency>
+
         <dependency>
             <groupId>io.swagger.core.v3</groupId>
             <artifactId>swagger-annotations</artifactId>