From 1bd6c6b626939e7a397f2a1e87e89885b51314d3 Mon Sep 17 00:00:00 2001
From: Nicolas Ayral Seydoux <nseydoux@inrupt.com>
Date: Mon, 25 Aug 2025 16:37:15 +0200
Subject: [PATCH 1/3] Extend OWASP suppressions by three months

This extends the OWASP suppressions that expired recently, to be checked
against in three months.
---
 build-tools/owasp/suppressions.xml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/build-tools/owasp/suppressions.xml b/build-tools/owasp/suppressions.xml
index bda4e87dfa..3bc2377094 100644
--- a/build-tools/owasp/suppressions.xml
+++ b/build-tools/owasp/suppressions.xml
@@ -38,7 +38,7 @@
   </suppress>
 
   <!-- Suppressed vulnerabilities. These need monthly review. -->
-  <suppress until="2025-08-10Z">
+  <suppress until="2025-11-10Z">
     <notes><![CDATA[
         This vulnerability affects a transitive dependency of the test module but is not relevant
         for how it is used in the context of the Java Client Libraries.
@@ -46,7 +46,7 @@
     <packageUrl regex="true">^pkg:maven/net\.minidev/json-smart@.*$</packageUrl>
     <vulnerabilityName>CVE-2024-57699</vulnerabilityName>
   </suppress>
-  <suppress until="2025-08-10Z">
+  <suppress until="2025-11-10Z">
     <notes><![CDATA[
         This vulnerability affects a transitive dependency of the test module but is not relevant
         for how it is used in the context of the Java Client Libraries.
@@ -54,7 +54,7 @@
     <packageUrl regex="true">^pkg:maven/org\.eclipse\.jetty\.http2/http2-common@.*$</packageUrl>
     <cve>CVE-2024-6763</cve>
   </suppress>
-  <suppress until="2025-08-10Z">
+  <suppress until="2025-11-10Z">
     <notes><![CDATA[
         This vulnerability affects a transitive dependency of the test module but is not relevant
         for how it is used in the context of the Java Client Libraries.

From 047bab6e15c1c457e602106af3ffe68cd5c20126 Mon Sep 17 00:00:00 2001
From: Nicolas Ayral Seydoux <nseydoux@inrupt.com>
Date: Mon, 25 Aug 2025 16:47:33 +0200
Subject: [PATCH 2/3] Add CVE-2025-5115 to suppressions

---
 build-tools/owasp/suppressions.xml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/build-tools/owasp/suppressions.xml b/build-tools/owasp/suppressions.xml
index 3bc2377094..8d01cf9d17 100644
--- a/build-tools/owasp/suppressions.xml
+++ b/build-tools/owasp/suppressions.xml
@@ -62,4 +62,12 @@
     <packageUrl regex="true">^pkg:maven/org\.eclipse\.jetty\.http2/http2-common@.*$</packageUrl>
     <cve>CVE-2025-1948</cve>
   </suppress>
+    <suppress until="2025-11-10Z">
+    <notes><![CDATA[
+        This vulnerability affects a transitive dependency of the test module but is not relevant
+        for how it is used in the context of the Java Client Libraries.
+    ]]></notes>
+    <packageUrl regex="true">^pkg:maven/org\.eclipse\.jetty\.http2/http2-common@.*$</packageUrl>
+    <cve>CVE-2025-5115</cve>
+  </suppress>
 </suppressions>

From ffdba1c6843ea4c43c6f6f6622b3d1b83ddb9d8e Mon Sep 17 00:00:00 2001
From: Aaron Coburn <aaronc@inrupt.com>
Date: Mon, 25 Aug 2025 12:43:35 -0500
Subject: [PATCH 3/3] Update spring dependencies

---
 spring/pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/spring/pom.xml b/spring/pom.xml
index a5dc5b2a42..0e5f273869 100644
--- a/spring/pom.xml
+++ b/spring/pom.xml
@@ -95,7 +95,7 @@
     <dependency>
       <groupId>org.springframework</groupId>
       <artifactId>spring-web</artifactId>
-      <version>6.2.9</version>
+      <version>6.2.10</version>
       <scope>provided</scope>
     </dependency>
   </dependencies>
@@ -107,7 +107,7 @@
         <jdk>[17,)</jdk>
       </activation>
       <properties>
-        <spring.security.version>6.5.2</spring.security.version>
+        <spring.security.version>6.5.3</spring.security.version>
       </properties>
     </profile>
   </profiles>