update list of OWASP checks and upgrade spring boot

Motivation: Some reported vulnerabilities of the dependencies by OWASP make the pipeline broken. Modification: - upgrade spring boot starter parent version from 2.3.5.RELEASE to 2.3.12.RELEASE - update list of OWASP check and supress some false positive alarms Result: Build pipeline succeeds. Target: master

update list of OWASP checks and upgrade spring boot
Motivation: Some reported vulnerabilities of the dependencies by OWASP make the pipeline broken. Modification: - upgrade spring boot starter parent version from 2.3.5.RELEASE to 2.3.12.RELEASE - update list of OWASP check and supress some false positive alarms Result: Build pipeline succeeds. Target: master
b40ae6a0 · femiadeyemi · 96c990e3 · b40ae6a0 · b40ae6a0
Commit b40ae6a0 authored Jun 24, 2021 by femiadeyemi
--- a/dependency-check-suppressions.xml
+++ b/dependency-check-suppressions.xml
@@ -262,4 +262,46 @@
        <packageUrl regex="true">^pkg:maven/org\.eclipse\.jetty/jetty\-continuation@.*$</packageUrl>
        <cve>CVE-2019-17638</cve>
    </suppress>
+    <suppress>
+        <notes><![CDATA[
+   file name: accessors-smart-1.2.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/net\.minidev/accessors\-smart@.*$</packageUrl>
+        <cpe>cpe:/a:json-smart_project:json-smart-v1</cpe>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[
+   file name: accessors-smart-1.2.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/net\.minidev/accessors\-smart@.*$</packageUrl>
+        <cpe>cpe:/a:json_smart_project:json_smart</cpe>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[
+   file name: json-smart-2.3.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/net\.minidev/json\-smart@.*$</packageUrl>
+        <cve>CVE-2021-27568</cve>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[
+   file name: spring-core-5.2.14.RELEASE.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-core@.*$</packageUrl>
+        <cve>CVE-2021-22118</cve>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[
+   file name: websocket-client-9.4.39.v20210325.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.eclipse\.jetty\.websocket/websocket\-client@.*$</packageUrl>
+        <cve>CVE-2021-28169</cve>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[
+   file name: websocket-server-9.4.39.v20210325.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.eclipse\.jetty\.websocket/websocket\-server@.*$</packageUrl>
+        <cve>CVE-2021-28169</cve>
+    </suppress>
 </suppressions>
--- a/pom.xml
+++ b/pom.xml
@@ -5,7 +5,7 @@
 	<parent>
 		<groupId>org.springframework.boot</groupId>
 		<artifactId>spring-boot-starter-parent</artifactId>
-		<version>2.3.5.RELEASE</version>
+		<version>2.3.12.RELEASE</version>
 		<relativePath/> <!-- lookup parent from repository -->
 	</parent>
 	<groupId>de.helmholtz.marketplace</groupId>