address cves and bump testng

pom.xml

@@ -20,7 +20,7 @@
     <parent>
         <groupId>com.okta</groupId>
         <artifactId>okta-parent</artifactId>
-        <version>25</version>
+        <version>26</version>
         <relativePath>../okta-java-parent</relativePath>
     </parent>
 
@@ -81,6 +81,7 @@
         <dependency>
             <groupId>org.testng</groupId>
             <artifactId>testng</artifactId>
+            <version>7.7.1</version>
             <scope>compile</scope>
             <exclusions>
                 <exclusion>
@@ -160,6 +161,7 @@
                 <plugin>
                     <groupId>org.owasp</groupId>
                     <artifactId>dependency-check-maven</artifactId>
+                    <version>8.0.0</version>
                     <configuration>
                         <!-- no way to exclude some of these issues, and this is only a test lib -->
                         <retireJsAnalyzerEnabled>false</retireJsAnalyzerEnabled>

src/owasp/owasp-suppression.xml

@@ -17,7 +17,7 @@
   ~ specific language governing permissions and limitations
   ~ under the License.
   -->
-<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd">
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
 
     <suppress>
        <notes><![CDATA[file name: groovy-*.jar - wrong GAV match ]]></notes>
@@ -108,4 +108,11 @@
         <cpe>cpe:/a:processing:processing</cpe>
     </suppress>
 
-</suppressions>
+    <!-- See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in -->
+    <suppress>
+        <notes><![CDATA[Ignored since it is deemed "won't fix" by the library authors.]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.yaml/snakeyaml.*$</packageUrl>
+        <cve>CVE-2022-1471</cve>
+    </suppress>
+
+</suppressions>