From 7b3483e792a0f5572171daa3a2a32f84dd03568f Mon Sep 17 00:00:00 2001
From: Aaron Coburn <aaronc@inrupt.com>
Date: Tue, 2 Sep 2025 12:04:05 -0500
Subject: [PATCH] Adjust OWSAP suppression configuration

---
 build-tools/owasp/suppressions.xml | 27 +++++++++------------------
 integration/base/pom.xml           |  7 ++++++-
 performance/base/pom.xml           |  2 +-
 pom.xml                            |  1 +
 spring/pom.xml                     |  2 +-
 test/pom.xml                       |  2 +-
 6 files changed, 19 insertions(+), 22 deletions(-)

diff --git a/build-tools/owasp/suppressions.xml b/build-tools/owasp/suppressions.xml
index cee3ddc4dcb..cb1e22fa847 100644
--- a/build-tools/owasp/suppressions.xml
+++ b/build-tools/owasp/suppressions.xml
@@ -31,28 +31,19 @@
   </suppress>
 
   <!-- Suppressed vulnerabilities. These need monthly review. -->
-  <suppress until="2025-08-10Z">
-    <notes><![CDATA[
-        This vulnerability affects a transitive dependency of the test module but is not relevant
-        for how it is used in the context of the Java Client Libraries.
-    ]]></notes>
-    <packageUrl regex="true">^pkg:maven/net\.minidev/json-smart@.*$</packageUrl>
-    <vulnerabilityName>CVE-2024-57699</vulnerabilityName>
-  </suppress>
-  <suppress until="2025-08-10Z">
+  <suppress>
     <notes><![CDATA[
-        This vulnerability affects a transitive dependency of the test module but is not relevant
-        for how it is used in the context of the Java Client Libraries.
+        This vulnerability relates to database files used by the Fuseki server, which is not used in the Java Client libraries.
     ]]></notes>
-    <packageUrl regex="true">^pkg:maven/org\.eclipse\.jetty\.http2/http2-common@.*$</packageUrl>
-    <cve>CVE-2024-6763</cve>
+    <packageUrl regex="true">^pkg:maven/org\.apache\.jena/jena-.*@.*$</packageUrl>
+    <cve>CVE-2025-49656</cve>
   </suppress>
-  <suppress until="2025-08-10Z">
+  <suppress>
     <notes><![CDATA[
-        This vulnerability affects a transitive dependency of the test module but is not relevant
-        for how it is used in the context of the Java Client Libraries.
+        This vulnerability relates to file access paths when using Fuseki, which is not used in the Java Client libraries.
     ]]></notes>
-    <packageUrl regex="true">^pkg:maven/org\.eclipse\.jetty\.http2/http2-common@.*$</packageUrl>
-    <cve>CVE-2025-1948</cve>
+    <packageUrl regex="true">^pkg:maven/org\.apache\.jena/jena-.*@.*$</packageUrl>
+    <cve>CVE-2025-50151</cve>
   </suppress>
+
 </suppressions>
diff --git a/integration/base/pom.xml b/integration/base/pom.xml
index 90a2c42262a..ec492da7b41 100644
--- a/integration/base/pom.xml
+++ b/integration/base/pom.xml
@@ -107,10 +107,15 @@
         </dependency>
         <dependency>
             <groupId>org.wiremock</groupId>
-            <artifactId>wiremock</artifactId>
+            <artifactId>wiremock-standalone</artifactId>
             <version>${wiremock.version}</version>
             <scope>provided</scope>
         </dependency>
+        <dependency>
+            <groupId>org.hamcrest</groupId>
+            <artifactId>hamcrest</artifactId>
+            <version>${hamcrest.version}</version>
+        </dependency>
 
         <!-- test dependencies -->
         <dependency>
diff --git a/performance/base/pom.xml b/performance/base/pom.xml
index b4ca476cccf..47b933ea783 100644
--- a/performance/base/pom.xml
+++ b/performance/base/pom.xml
@@ -107,7 +107,7 @@
         </dependency>
         <dependency>
             <groupId>org.wiremock</groupId>
-            <artifactId>wiremock</artifactId>
+            <artifactId>wiremock-standalone</artifactId>
             <version>${wiremock.version}</version>
             <scope>provided</scope>
         </dependency>
diff --git a/pom.xml b/pom.xml
index 2bd1d2eadc1..0c1359339e6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -79,6 +79,7 @@
     <smallrye.config.version>3.13.2</smallrye.config.version>
     <yasson.version>3.0.4</yasson.version>
     <wiremock.version>3.13.1</wiremock.version>
+    <hamcrest.version>3.0</hamcrest.version>
 
     <!-- disable by default (enabled by profile in CI) -->
     <dependency-check.skip>true</dependency-check.skip>
diff --git a/spring/pom.xml b/spring/pom.xml
index 0c72026d3f7..d856dbbc55d 100644
--- a/spring/pom.xml
+++ b/spring/pom.xml
@@ -107,7 +107,7 @@
         <jdk>[17,)</jdk>
       </activation>
       <properties>
-        <spring.security.version>6.5.1</spring.security.version>
+        <spring.security.version>6.5.3</spring.security.version>
       </properties>
     </profile>
   </profiles>
diff --git a/test/pom.xml b/test/pom.xml
index 0ea2bd99024..b81ea8d23a8 100644
--- a/test/pom.xml
+++ b/test/pom.xml
@@ -39,7 +39,7 @@
     </dependency>
     <dependency>
       <groupId>org.wiremock</groupId>
-      <artifactId>wiremock</artifactId>
+      <artifactId>wiremock-standalone</artifactId>
       <version>${wiremock.version}</version>
       <scope>provided</scope>
     </dependency>