From a2161c6ec9e465bc1610736adf349f1b2cb43a09 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 15 Aug 2025 05:15:47 +0000
Subject: [PATCH 1/3] Bump org.apache.commons:commons-text from 1.13.1 to
 1.14.0

Bumps [org.apache.commons:commons-text](https://github.com/apache/commons-text) from 1.13.1 to 1.14.0.
- [Changelog](https://github.com/apache/commons-text/blob/master/RELEASE-NOTES.txt)
- [Commits](https://github.com/apache/commons-text/compare/rel/commons-text-1.13.1...rel/commons-text-1.14.0)

---
updated-dependencies:
- dependency-name: org.apache.commons:commons-text
  dependency-version: 1.14.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 rdf-legacy/pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rdf-legacy/pom.xml b/rdf-legacy/pom.xml
index ba9dd222f9f..e03c292c15c 100644
--- a/rdf-legacy/pom.xml
+++ b/rdf-legacy/pom.xml
@@ -17,7 +17,7 @@
     <maven.compiler.release>8</maven.compiler.release>
 
     <!-- version management -->
-    <commons.text.version>1.13.1</commons.text.version>
+    <commons.text.version>1.14.0</commons.text.version>
     <!-- do not advance to v4.x -->
     <legacy.rdf4j.version>3.7.7</legacy.rdf4j.version>
   </properties>

From 6b2e3a34c3b926e2bef4d5988cac27c26d62af7c Mon Sep 17 00:00:00 2001
From: Aaron Coburn <aaronc@inrupt.com>
Date: Mon, 25 Aug 2025 15:05:33 -0500
Subject: [PATCH 2/3] Adjust OWASP configuration

---
 build-tools/owasp/suppressions.xml | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/build-tools/owasp/suppressions.xml b/build-tools/owasp/suppressions.xml
index cee3ddc4dcb..1ab819bc296 100644
--- a/build-tools/owasp/suppressions.xml
+++ b/build-tools/owasp/suppressions.xml
@@ -31,7 +31,7 @@
   </suppress>
 
   <!-- Suppressed vulnerabilities. These need monthly review. -->
-  <suppress until="2025-08-10Z">
+  <suppress until="2025-11-10Z">
     <notes><![CDATA[
         This vulnerability affects a transitive dependency of the test module but is not relevant
         for how it is used in the context of the Java Client Libraries.
@@ -39,7 +39,7 @@
     <packageUrl regex="true">^pkg:maven/net\.minidev/json-smart@.*$</packageUrl>
     <vulnerabilityName>CVE-2024-57699</vulnerabilityName>
   </suppress>
-  <suppress until="2025-08-10Z">
+  <suppress until="2025-11-10Z">
     <notes><![CDATA[
         This vulnerability affects a transitive dependency of the test module but is not relevant
         for how it is used in the context of the Java Client Libraries.
@@ -47,7 +47,7 @@
     <packageUrl regex="true">^pkg:maven/org\.eclipse\.jetty\.http2/http2-common@.*$</packageUrl>
     <cve>CVE-2024-6763</cve>
   </suppress>
-  <suppress until="2025-08-10Z">
+  <suppress until="2025-11-10Z">
     <notes><![CDATA[
         This vulnerability affects a transitive dependency of the test module but is not relevant
         for how it is used in the context of the Java Client Libraries.
@@ -55,4 +55,12 @@
     <packageUrl regex="true">^pkg:maven/org\.eclipse\.jetty\.http2/http2-common@.*$</packageUrl>
     <cve>CVE-2025-1948</cve>
   </suppress>
+  <suppress until="2025-11-10Z">
+    <notes><![CDATA[
+        This vulnerability affects a transitive dependency of the test module but is not relevant
+        for how it is used in the context of the Java Client Libraries.
+    ]]></notes>
+    <packageUrl regex="true">^pkg:maven/org\.eclipse\.jetty\.http2/http2-common@.*$</packageUrl>
+    <cve>CVE-2025-5115</cve>
+  </suppress>
 </suppressions>

From 558bb37efa0a1b31d00c03424179c5e46592624b Mon Sep 17 00:00:00 2001
From: Aaron Coburn <aaronc@inrupt.com>
Date: Mon, 25 Aug 2025 15:12:07 -0500
Subject: [PATCH 3/3] Update Spring dependencies

---
 spring/pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/spring/pom.xml b/spring/pom.xml
index b311518730f..2ee7c6b753d 100644
--- a/spring/pom.xml
+++ b/spring/pom.xml
@@ -95,7 +95,7 @@
     <dependency>
       <groupId>org.springframework</groupId>
       <artifactId>spring-web</artifactId>
-      <version>6.2.8</version>
+      <version>6.2.10</version>
       <scope>provided</scope>
     </dependency>
   </dependencies>
@@ -107,7 +107,7 @@
         <jdk>[17,)</jdk>
       </activation>
       <properties>
-        <spring.security.version>6.5.2</spring.security.version>
+        <spring.security.version>6.5.3</spring.security.version>
       </properties>
     </profile>
   </profiles>