Fix other false positives from dependency-check

kwin · joerghoh · commit 927efd5fcf85 · 2025-10-08T14:06:32.000+02:00
Update dependency-check to 12.1.6 to include dependency-check/DependencyCheck#7963.
diff --git a/parent/pom.xml b/parent/pom.xml
@@ -269,7 +269,7 @@ Bundle-Category: jackrabbit
                 <plugin>
                     <groupId>org.owasp</groupId>
                     <artifactId>dependency-check-maven</artifactId>
-                    <version>12.1.0</version>
+                    <version>12.1.6</version>
                     <executions>
                         <execution>
                             <goals>
diff --git a/suppressions.xml b/suppressions.xml
@@ -82,7 +82,7 @@
        <notes><![CDATA[
        file name: jackrabbit-jcr-commons-2.20.17.jar with JNDI usage, not used in FileVault
        ]]></notes>
-       <packageUrl regex="true">^pkg:maven/org\.apache\.jackrabbit/jackrabbit-jcr-commons@.*$</packageUrl>
-       <vulnerabilityName>CVE-2025-58782</vulnerabilityName>
+       <packageUrl regex="true">^pkg:maven/org\.apache\.jackrabbit/jackrabbit-.*$</packageUrl>
+       <cve>CVE-2025-58782</cve>
     </suppress>
 </suppressions>
