aktuelle Versionen der Bibliotheken

owasp-suppressions.xml

@@ -4,4 +4,8 @@
     <notes>According to the description of the vulnerability, only Spring up to version 5.3.16 is affected. But we use at least version 5.3.20.</notes>
     <cve>CVE-2016-1000027</cve>
   </suppress>
+  <suppress>
+    <notes>No YAML modifiable to the user is read.</notes>
+    <cve>CVE-2022-1471</cve>
+  </suppress>
 </suppressions>

pom.xml

@@ -4,7 +4,7 @@
   <parent>
     <groupId>org.springframework.boot</groupId>
     <artifactId>spring-boot-starter-parent</artifactId>
-    <version>2.7.3</version>
+    <version>2.7.7</version>
     <relativePath />
   </parent>
   <groupId>de.landsh.opendata</groupId>
@@ -14,7 +14,7 @@
   <description>DCAT catalog proxy</description>
   <properties>
     <java.version>1.8</java.version>
-    <jena.version>4.6.1</jena.version>
+    <jena.version>4.7.0</jena.version>
   </properties>
   <dependencies>
     <dependency>
@@ -61,13 +61,13 @@
     <dependency>
       <groupId>org.mock-server</groupId>
       <artifactId>mockserver-netty</artifactId>
-      <version>5.14.0</version>
+      <version>5.15.0</version>
       <scope>test</scope>
     </dependency>
     <dependency>
       <groupId>org.mock-server</groupId>
       <artifactId>mockserver-client-java</artifactId>
-      <version>5.14.0</version>
+      <version>5.15.0</version>
       <scope>test</scope>
     </dependency>
   </dependencies>
@@ -155,7 +155,7 @@
       <plugin>
         <groupId>org.owasp</groupId>
         <artifactId>dependency-check-maven</artifactId>
-        <version>7.1.0</version>
+        <version>7.4.4</version>
         <configuration>
           <suppressionFiles>
             <suppressionFile>owasp-suppressions.xml</suppressionFile>
@@ -172,6 +172,14 @@
           </execution>
         </executions>
       </plugin>
+      <plugin>
+        <groupId>org.codehaus.mojo</groupId>
+        <artifactId>versions-maven-plugin</artifactId>
+        <version>2.14.2</version>
+        <configuration>
+          <rulesUri>file:///${project.basedir}/rules.xml</rulesUri>
+        </configuration>
+      </plugin>
       <plugin>
         <groupId>com.github.spotbugs</groupId>
         <artifactId>spotbugs-maven-plugin</artifactId>

rules.xml

+<?xml version="1.0" encoding="utf-8"?>
+<ruleset xmlns="http://mojo.codehaus.org/versions-maven-plugin/rule/2.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" comparisonMethod="maven" xsi:schemaLocation="http://mojo.codehaus.org/versions-maven-plugin/rule/2.0.0 http://mojo.codehaus.org/versions-maven-plugin/xsd/rule-2.0.0.xsd">
+  <ignoreVersions>
+    <!-- Ignore Alpha's, Beta's, release candidates and milestones -->
+    <ignoreVersion type="regex">(?i).*Alpha(?:-?\d+)?</ignoreVersion>
+    <ignoreVersion type="regex">(?i).*a(?:-?\d+)?</ignoreVersion>
+    <ignoreVersion type="regex">(?i).*Beta(?:-?\d+)?</ignoreVersion>
+    <ignoreVersion type="regex">(?i).*-B(?:-?\d+)?</ignoreVersion>
+    <ignoreVersion type="regex">(?i).*RC(?:-?\d+)?</ignoreVersion>
+    <ignoreVersion type="regex">(?i).*CR(?:-?\d+)?</ignoreVersion>
+    <ignoreVersion type="regex">(?i).*M(?:-?\d+)?</ignoreVersion>
+  </ignoreVersions>
+  <rules>
+    <rule groupId="org.springframework.boot" comparisonMethod="maven">
+      <ignoreVersions>
+        <ignoreVersion type="regex">3.*</ignoreVersion>
+      </ignoreVersions>
+    </rule>
+    <rule groupId="org.springframework.security" comparisonMethod="maven">
+      <ignoreVersions>
+        <ignoreVersion type="regex">6.*</ignoreVersion>
+      </ignoreVersions>
+    </rule>
+    <rule groupId="org.springframework.ws" comparisonMethod="maven">
+      <ignoreVersions>
+        <ignoreVersion type="regex">4.*</ignoreVersion>
+      </ignoreVersions>
+    </rule>
+    <rule groupId="org.apache.cxf" comparisonMethod="maven">
+      <ignoreVersions>
+        <ignoreVersion type="regex">4.*</ignoreVersion>
+      </ignoreVersions>
+    </rule>
+    <rule groupId="org.elasticsearch" comparisonMethod="maven">
+      <ignoreVersions>
+        <ignoreVersion type="regex">[78].*</ignoreVersion>
+      </ignoreVersions>
+    </rule>
+    <rule groupId="org.elasticsearch.client" comparisonMethod="maven">
+      <ignoreVersions>
+        <ignoreVersion type="regex">[78].*</ignoreVersion>
+      </ignoreVersions>
+    </rule>
+    <rule groupId="org.thymeleaf.extras" comparisonMethod="maven">
+      <ignoreVersions>
+        <ignoreVersion type="regex">3.1.*</ignoreVersion>
+      </ignoreVersions>
+    </rule>
+  </rules>
+</ruleset>