From 4d57324b58386b8dfc8611a03ff8e4ac74865d4e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 23 Oct 2024 08:52:07 +0200
Subject: [PATCH] Bump org.owasp:dependency-check-maven from 10.0.4 to 11.0.0
 (#184)

* Bump org.owasp:dependency-check-maven from 10.0.4 to 11.0.0

Bumps [org.owasp:dependency-check-maven](https://github.com/jeremylong/DependencyCheck) from 10.0.4 to 11.0.0.
- [Release notes](https://github.com/jeremylong/DependencyCheck/releases)
- [Changelog](https://github.com/jeremylong/DependencyCheck/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jeremylong/DependencyCheck/compare/v10.0.4...v11.0.0)

---
updated-dependencies:
- dependency-name: org.owasp:dependency-check-maven
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* fixes CVE-2024-38819

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Michael Jacoby <michael.jacoby@iosb.fraunhofer.de>
---
 core/pom.xml | 11 +++++++++++
 pom.xml      |  2 +-
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/core/pom.xml b/core/pom.xml
index 4b40e47..31372ab 100644
--- a/core/pom.xml
+++ b/core/pom.xml
@@ -25,6 +25,12 @@
             <artifactId>spring-web</artifactId>
             <version>${spring.web.version}</version>
         </dependency>
+        <!-- Fixes CVE-2024-38819. Can be removed once org.springframework.boot:spring-boot-starter-web >= 3.3.5 is used -->
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-webmvc</artifactId>
+            <version>${spring.web.version}</version>
+        </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter</artifactId>
@@ -45,6 +51,11 @@
                     <groupId>org.yaml</groupId>
                     <artifactId>snakeyaml</artifactId>
                 </exclusion>
+                <!-- Fixes CVE-2024-38819. Can be removed once org.springframework.boot:spring-boot-starter-web >= 3.3.5 is used -->
+                <exclusion>
+                    <groupId>org.springframework</groupId>
+                    <artifactId>spring-webmvc</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
         <dependency>
diff --git a/pom.xml b/pom.xml
index 3d61371..9df61da 100644
--- a/pom.xml
+++ b/pom.xml
@@ -82,7 +82,7 @@
         <maven.plugin.jar.version>3.4.2</maven.plugin.jar.version>
         <maven.plugin.javadoc.version>3.10.1</maven.plugin.javadoc.version>
         <maven.plugin.nexus-staging.version>1.7.0</maven.plugin.nexus-staging.version>
-        <maven.plugin.owasp.version>10.0.4</maven.plugin.owasp.version>
+        <maven.plugin.owasp.version>11.0.0</maven.plugin.owasp.version>
         <maven.plugin.picocli.version>4.7.6</maven.plugin.picocli.version>
         <maven.plugin.shade.version>3.6.0</maven.plugin.shade.version>
         <maven.plugin.source.version>3.3.1</maven.plugin.source.version>