diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index da8434c32b6..00c39c7c5f0 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -186,10 +186,11 @@ jobs:
draft: false
body: |
### Changes
- - The maven plugin now includes pnpm and yarn lock files in the scan by default (#4753).
- - If a suppression rule is no longer used a log entry will be written (#4685).
- - Several bug fixes made and suppression rules added.
- - See the full listing of [changes](https://github.com/jeremylong/DependencyCheck/milestone/47?closed=1).
+ - Add support for Bazel's pinned `maven_install.json` (#4772).
+ - Fixed bug preventing the use of custom report templates (#4800).
+ - Updated several dependencies including upgrades for dependencies with CVEs.
+ - Several bug fixes made and suppression rules were added.
+ - See the full listing of [changes](https://github.com/jeremylong/DependencyCheck/milestone/48?closed=1).
- name: Upload CLI
id: upload-release-cli
diff --git a/ant/pom.xml b/ant/pom.xml
index a4d77d1ef94..6f694af4f40 100644
--- a/ant/pom.xml
+++ b/ant/pom.xml
@@ -20,7 +20,7 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved.
org.owasp
dependency-check-parent
- 7.1.3-SNAPSHOT
+ 7.2.1-SNAPSHOT
dependency-check-ant
diff --git a/archetype/pom.xml b/archetype/pom.xml
index eeceba5affe..d06e1b29908 100644
--- a/archetype/pom.xml
+++ b/archetype/pom.xml
@@ -20,7 +20,7 @@ Copyright (c) 2017 Jeremy Long. All Rights Reserved.
org.owasp
dependency-check-parent
- 7.1.3-SNAPSHOT
+ 7.2.1-SNAPSHOT
dependency-check-plugin
Dependency-Check Plugin Archetype
diff --git a/cli/pom.xml b/cli/pom.xml
index c185c5fd193..5ae7db0e316 100644
--- a/cli/pom.xml
+++ b/cli/pom.xml
@@ -20,7 +20,7 @@ Copyright (c) 2012 - Jeremy Long. All Rights Reserved.
org.owasp
dependency-check-parent
- 7.1.3-SNAPSHOT
+ 7.2.1-SNAPSHOT
dependency-check-cli
diff --git a/core/pom.xml b/core/pom.xml
index 46877193cf2..0fbc34ba9d3 100644
--- a/core/pom.xml
+++ b/core/pom.xml
@@ -20,7 +20,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
org.owasp
dependency-check-parent
- 7.1.3-SNAPSHOT
+ 7.2.1-SNAPSHOT
dependency-check-core
@@ -268,10 +268,12 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
com.fasterxml.jackson.core
jackson-databind
+ ${jackson.version}
com.fasterxml.jackson.module
jackson-module-afterburner
+ ${jackson.version}
com.h3xstream.retirejs
diff --git a/core/src/main/resources/dependencycheck-base-suppression.xml b/core/src/main/resources/dependencycheck-base-suppression.xml
index 8600a016ffb..03fa310df14 100644
--- a/core/src/main/resources/dependencycheck-base-suppression.xml
+++ b/core/src/main/resources/dependencycheck-base-suppression.xml
@@ -1,5 +1,40 @@
+
+
+ ^pkg:maven/commons\-cli/commons\-cli@.*$
+ cpe:/a:spirit-project:spirit
+
+
+
+ ^pkg:maven/javax\.xml\.bind/jaxb\-api@.*$
+ cpe:/a:oracle:java_se
+
+
+
+ ^pkg:maven/joda\-time/joda\-time@.*$
+ cpe:/a:time_project:time
+
+
+
+ ^pkg:maven/javax\.ws\.rs/javax\.ws\.rs\-api@.*$
+ cpe:/a:oracle:web_services
+
+
+
+ ^pkg:maven/org\.sonatype\.ossindex/ossindex\-service\-api@.*$
+ cpe:/a:service_project:service
+
cpe:/a:oracle:projects
-
- ^pkg:maven/org\.aspectj/aspectj.*@.*$
- cpe:/a:vmware:tools
+ ^pkg:maven/org\.aspectj/aspectj.*@.*$
+ cpe:/a:vmware:tools
-
- ^pkg:maven/org\.apache\.kafka/kafka-log4j-appender@.*$
- cpe:/a:apache:log4j
- cpe:/a:apache:kafka
+ ^pkg:maven/org\.apache\.kafka/kafka-log4j-appender@.*$
+ cpe:/a:apache:log4j
+ cpe:/a:apache:kafka
-
- ^pkg:maven/com\.lightbend\.akka\.management/akka-management-cluster-bootstrap_2\.13@.*$
- cpe:/a:akka:akka
+ ^pkg:maven/com\.lightbend\.akka\.management/akka-management-cluster-bootstrap_2\.13@.*$
+ cpe:/a:akka:akka
-
- ^pkg:maven/io\.netty/netty-tcnative-boringssl-static@.*$
- cpe:/a:chromium:chromium
+ ^pkg:maven/io\.netty/netty-tcnative-boringssl-static@.*$
+ cpe:/a:chromium:chromium
- ^pkg:maven/.*async.*@.*$
- cpe:/a:async_project:async
+ ^pkg:maven/.*async.*@.*$
+ cpe:/a:async_project:async
org.owasp
dependency-check-parent
- 7.1.3-SNAPSHOT
+ 7.2.1-SNAPSHOT
dependency-check-maven
maven-plugin
diff --git a/pom.xml b/pom.xml
index 49259389ecd..60a15eab96d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -20,7 +20,7 @@ Copyright (c) 2012 - Jeremy Long
org.owasp
dependency-check-parent
- 7.1.3-SNAPSHOT
+ 7.2.1-SNAPSHOT
pom
@@ -165,7 +165,7 @@ Copyright (c) 2012 - Jeremy Long
2.4.21
1.13.1
3.0.3
-
+ 2.13.4
@@ -1096,7 +1096,7 @@ Copyright (c) 2012 - Jeremy Long
com.fasterxml.jackson
jackson-bom
- 2.13.4
+ ${jackson.version}
pom
import
diff --git a/utils/pom.xml b/utils/pom.xml
index c5e4b309826..9a9aa911993 100644
--- a/utils/pom.xml
+++ b/utils/pom.xml
@@ -20,7 +20,7 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved.
org.owasp
dependency-check-parent
- 7.1.3-SNAPSHOT
+ 7.2.1-SNAPSHOT
dependency-check-utils
@@ -52,6 +52,7 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved.
com.fasterxml.jackson.core
jackson-databind
+ ${jackson.version}
commons-codec