diff --git a/build.gradle b/build.gradle
index eee62192200..9df240a7433 100644
--- a/build.gradle
+++ b/build.gradle
@@ -39,6 +39,9 @@ plugins {
id 'org.nosphere.apache.rat' version "0.8.1"
id "io.swagger.core.v3.swagger-gradle-plugin" version "${swaggerVersion}"
+ // When updating the spotbugs gradle plugin, check if it already
+ // includes spotbugs version 4.7.4, in which case CVE-2022-42920 can
+ // be dropped from gradle/resources/dependencycheck-suppressions.xml
id "com.github.spotbugs" version '5.1.3' apply false
id 'org.scoverage' version '7.0.1' apply false
id 'com.github.johnrengelman.shadow' version '8.1.1' apply false
@@ -757,6 +760,7 @@ subprojects {
dependencyCheck {
suppressionFile = "$rootDir/gradle/resources/dependencycheck-suppressions.xml"
+ skipProjects = [ ":jmh-benchmarks", ":trogdor" ]
}
}
diff --git a/gradle/dependencies.gradle b/gradle/dependencies.gradle
index 5ea6aac47cb..9c1db35e6f4 100644
--- a/gradle/dependencies.gradle
+++ b/gradle/dependencies.gradle
@@ -93,6 +93,9 @@ versions += [
argparse4j: "0.7.0",
bcpkix: "1.75",
caffeine: "2.9.3", // 3.x supports JDK 11 and above
+ // when updating checkstyle, check whether the exclusion of
+ // CVE-2023-2976 and CVE-2020-8908 can be dropped from
+ // gradle/resources/dependencycheck-suppressions.xml
checkstyle: "8.36.2",
commonsCli: "1.4",
commonsValidator: "1.7",
diff --git a/gradle/resources/dependencycheck-suppressions.xml b/gradle/resources/dependencycheck-suppressions.xml
index d6a8110595b..2458e85ab2a 100644
--- a/gradle/resources/dependencycheck-suppressions.xml
+++ b/gradle/resources/dependencycheck-suppressions.xml
@@ -23,4 +23,31 @@
]]>
CVE-2023-35116
+
+
+ CVE-2022-42920
+
+
+
+ CVE-2020-8908
+ CVE-2023-2976
+
+
+
+ CVE-2023-36479
+