update dependency scanner

.circleci/config.yml

@@ -54,7 +54,7 @@ jobs:
       - run:
           name: Scan dependencies
           command: |
-            cd $CIRCLE_WORKING_DIRECTORY && mvn -s .circleci.settings.xml clean dependency-check:aggregate
+            cd $CIRCLE_WORKING_DIRECTORY && mvn -s .circleci.settings.xml clean dependency-check:aggregate -DnvdApiKey="$nvdApiKey"
       - store_artifacts:
           path: $CIRCLE_WORKING_DIRECTORY/target/dependency-check-report.html
   test-and-deploy-full:

owasp_fp.xml

@@ -20,28 +20,32 @@
   -->
 
 <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
-   <suppress>
-      <notes><![CDATA[
+    <suppress>
+        <notes><![CDATA[
       file name: opennlp-chunk-models-1.5.jar from edu.washington.cs.knowitall:opennlp-chunk-models:1.5
       ]]></notes>
-<!--      <packageUrl regex="true">^pkg:maven/edu\.washington\.cs\.knowitall/opennlp-postag-models@.*$</packageUrl>-->
-      <sha1>8aaad30ce180b30d5a43dc7bc896e7a6cb09c973</sha1>
-      <cve>CVE-2017-12620</cve>
-   </suppress>
-   <suppress>
-      <notes><![CDATA[
+        <!--      <packageUrl regex="true">^pkg:maven/edu\.washington\.cs\.knowitall/opennlp-postag-models@.*$</packageUrl>-->
+        <sha1>8aaad30ce180b30d5a43dc7bc896e7a6cb09c973</sha1>
+        <cve>CVE-2017-12620</cve>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[
       file name: opennlp-postag-models-1.5.jar from edu.washington.cs.knowitall:opennlp-postag-models:1.5
       ]]></notes>
-<!--      <packageUrl regex="true">^pkg:maven/edu\.washington\.cs\.knowitall/opennlp-postag-models@.*$</packageUrl>-->
-      <sha1>f6d1b602dd918a59809344a0d2d952970b2e0cbf</sha1>
-      <cve>CVE-2017-12620</cve>
-   </suppress>
-   <suppress>
-      <notes><![CDATA[
+        <!--      <packageUrl regex="true">^pkg:maven/edu\.washington\.cs\.knowitall/opennlp-postag-models@.*$</packageUrl>-->
+        <sha1>f6d1b602dd918a59809344a0d2d952970b2e0cbf</sha1>
+        <cve>CVE-2017-12620</cve>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[
       file name: opennlp-tokenize-models-1.5.jar from edu.washington.cs.knowitall:opennlp-tokenize-models:1.5
       ]]></notes>
-<!--      <packageUrl regex="true">^pkg:maven/edu\.washington\.cs\.knowitall/opennlp-postag-models@.*$</packageUrl>-->
-      <sha1>6dad86c15c48ea7e6588bbb00fcf34199574b0a3</sha1>
-      <cve>CVE-2017-12620</cve>
-   </suppress>
+        <!--      <packageUrl regex="true">^pkg:maven/edu\.washington\.cs\.knowitall/opennlp-postag-models@.*$</packageUrl>-->
+        <sha1>6dad86c15c48ea7e6588bbb00fcf34199574b0a3</sha1>
+        <cve>CVE-2017-12620</cve>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[Temporary suppression for CVE-2024-45772 (lucene-core 5.5).]]></notes>
+        <cve>CVE-2024-45772</cve>
+    </suppress>
 </suppressions>

pom.xml

@@ -131,7 +131,7 @@
         <!-- grpc related plugins check for updates if grpc is updated -->
         <kr.motd.maven.os-maven-plugin.version>1.7.1</kr.motd.maven.os-maven-plugin.version>
         <protobuf-maven-plugin.version>0.6.1</protobuf-maven-plugin.version>
-        <dependency-check-maven.pluging.version>10.0.3</dependency-check-maven.pluging.version>
+        <dependency-check-maven.pluging.version>12.1.0</dependency-check-maven.pluging.version>
         <flatten.version>1.6.0</flatten.version>
         <sortpom-maven.plugin.version>3.2.1</sortpom-maven.plugin.version>
         <!-- Dependency Versions -->