From 964f6a3fcc06671818d350731b5ea1f0df249a32 Mon Sep 17 00:00:00 2001 From: "Marvin \"Morphyum\" Schwabe" Date: Wed, 15 Mar 2023 11:48:32 +0100 Subject: [PATCH] Feat/springdocs upgrade (#15) * Migration to Springdoc 2 * Migration to Springdoc 2 * Explicit import of newer version of fileupload to fix CVE-2023-24998 * Added another h2 CVE suppression since still only used for testing * Added false positive for guava * Removed version since it's managed at parent * Moved version since it's managed at parent --- feign/pom.xml | 6 ++++++ owasp/suppressions.xml | 6 ++++++ pom.xml | 9 +++++++-- spring-boot/pom.xml | 2 +- 4 files changed, 20 insertions(+), 3 deletions(-) diff --git a/feign/pom.xml b/feign/pom.xml index 0eacc00..a42cf4e 100644 --- a/feign/pom.xml +++ b/feign/pom.xml @@ -27,9 +27,15 @@ org.springframework.cloud spring-cloud-starter-openfeign + io.github.openfeign feign-httpclient + + + commons-fileupload + commons-fileupload + diff --git a/owasp/suppressions.xml b/owasp/suppressions.xml index bb3e06e..dfa3c52 100644 --- a/owasp/suppressions.xml +++ b/owasp/suppressions.xml @@ -14,6 +14,7 @@ H2 is only used for testing, not production CVE-2022-45868 + CVE-2018-14335 @@ -21,4 +22,9 @@ CVE-2022-45688 + + False positive. guava version is higher than 30.0 and this CVE should not match + CVE-2020-8908 + + diff --git a/pom.xml b/pom.xml index 5e7c6c8..00bab8a 100644 --- a/pom.xml +++ b/pom.xml @@ -80,8 +80,8 @@ org.springdoc - springdoc-openapi-ui - 1.6.14 + springdoc-openapi-starter-webmvc-ui + 2.0.4 @@ -117,6 +117,11 @@ 3.6.1 compile + + commons-fileupload + commons-fileupload + 1.5 + diff --git a/spring-boot/pom.xml b/spring-boot/pom.xml index dec0746..ad3f380 100644 --- a/spring-boot/pom.xml +++ b/spring-boot/pom.xml @@ -73,7 +73,7 @@ org.springdoc - springdoc-openapi-ui + springdoc-openapi-starter-webmvc-ui