From 12dd8ce73a80cbabaa666a302c79b2428caaa6d0 Mon Sep 17 00:00:00 2001
From: Arvind Krishnakumar <arvind.krishnakumar@okta.com>
Date: Wed, 18 Jan 2023 11:53:03 -0600
Subject: [PATCH] address cves and bump testng

---
 pom.xml                         |  4 +++-
 src/owasp/owasp-suppression.xml | 11 +++++++++--
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/pom.xml b/pom.xml
index 662bf93..82f7131 100644
--- a/pom.xml
+++ b/pom.xml
@@ -20,7 +20,7 @@
     <parent>
         <groupId>com.okta</groupId>
         <artifactId>okta-parent</artifactId>
-        <version>25</version>
+        <version>26</version>
         <relativePath>../okta-java-parent</relativePath>
     </parent>
 
@@ -81,6 +81,7 @@
         <dependency>
             <groupId>org.testng</groupId>
             <artifactId>testng</artifactId>
+            <version>7.7.1</version>
             <scope>compile</scope>
             <exclusions>
                 <exclusion>
@@ -160,6 +161,7 @@
                 <plugin>
                     <groupId>org.owasp</groupId>
                     <artifactId>dependency-check-maven</artifactId>
+                    <version>8.0.0</version>
                     <configuration>
                         <!-- no way to exclude some of these issues, and this is only a test lib -->
                         <retireJsAnalyzerEnabled>false</retireJsAnalyzerEnabled>
diff --git a/src/owasp/owasp-suppression.xml b/src/owasp/owasp-suppression.xml
index f2dbe19..3a31ded 100644
--- a/src/owasp/owasp-suppression.xml
+++ b/src/owasp/owasp-suppression.xml
@@ -17,7 +17,7 @@
   ~ specific language governing permissions and limitations
   ~ under the License.
   -->
-<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd">
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
 
     <suppress>
        <notes><![CDATA[file name: groovy-*.jar - wrong GAV match ]]></notes>
@@ -108,4 +108,11 @@
         <cpe>cpe:/a:processing:processing</cpe>
     </suppress>
 
-</suppressions>
\ No newline at end of file
+    <!-- See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in -->
+    <suppress>
+        <notes><![CDATA[Ignored since it is deemed "won't fix" by the library authors.]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.yaml/snakeyaml.*$</packageUrl>
+        <cve>CVE-2022-1471</cve>
+    </suppress>
+
+</suppressions>