From 9f1479bfaffb7378369bf670b486a81152164a79 Mon Sep 17 00:00:00 2001
From: SrikarMannepalli <srikar.mannepalli@traceable.ai>
Date: Mon, 19 Jun 2023 11:17:14 +0530
Subject: [PATCH 1/2] refactor: update vulnerabilities

---
 .snyk                                       | 10 ----------
 build.gradle.kts                            |  2 +-
 hypertrace-core-graphql                     |  2 +-
 hypertrace-graphql-service/build.gradle.kts |  4 ++--
 4 files changed, 4 insertions(+), 14 deletions(-)
 delete mode 100644 .snyk

diff --git a/.snyk b/.snyk
deleted file mode 100644
index f67d1c46..00000000
--- a/.snyk
+++ /dev/null
@@ -1,10 +0,0 @@
-# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
-version: v1.14.1
-# ignores vulnerabilities until expiry date; change duration by modifying expiry date
-ignore:
-  SNYK-JAVA-IONETTY-1042268:
-    - '*':
-        reason: No replacement available
-        expires: 2022-10-31T00:00:00.000Z
-patch: {}
-
diff --git a/build.gradle.kts b/build.gradle.kts
index 718adb94..76454127 100644
--- a/build.gradle.kts
+++ b/build.gradle.kts
@@ -5,7 +5,7 @@ plugins {
   id("org.hypertrace.docker-java-application-plugin") version "0.9.5" apply false
   id("org.hypertrace.docker-publish-plugin") version "0.9.5" apply false
   id("org.hypertrace.code-style-plugin") version "1.1.2" apply false
-  id("org.owasp.dependencycheck") version "8.1.2"
+  id("org.owasp.dependencycheck") version "8.2.1"
 }
 
 subprojects {
diff --git a/hypertrace-core-graphql b/hypertrace-core-graphql
index 3e90c7a0..eb6dc3ed 160000
--- a/hypertrace-core-graphql
+++ b/hypertrace-core-graphql
@@ -1 +1 @@
-Subproject commit 3e90c7a0f4343c8bbd6d4cf37b6de7719804aca7
+Subproject commit eb6dc3ed32c1b1f508a59f3e456a073ad20576ac
diff --git a/hypertrace-graphql-service/build.gradle.kts b/hypertrace-graphql-service/build.gradle.kts
index a9ad733f..d7017577 100644
--- a/hypertrace-graphql-service/build.gradle.kts
+++ b/hypertrace-graphql-service/build.gradle.kts
@@ -7,10 +7,10 @@ plugins {
 
 dependencies {
   implementation("com.typesafe:config")
-  implementation("org.hypertrace.core.serviceframework:platform-service-framework:0.1.50")
+  implementation("org.hypertrace.core.serviceframework:platform-service-framework:0.1.52")
   implementation("org.slf4j:slf4j-api")
 
-  implementation("org.hypertrace.core.serviceframework:platform-http-service-framework:0.1.50")
+  implementation("org.hypertrace.core.serviceframework:platform-http-service-framework:0.1.52")
 
   implementation("com.graphql-java-kickstart:graphql-java-servlet")
   implementation(project(":hypertrace-graphql-impl"))

From a70b13a7e1894b78723017886b0469c188376aa6 Mon Sep 17 00:00:00 2001
From: SrikarMannepalli <srikar.mannepalli@traceable.ai>
Date: Mon, 19 Jun 2023 11:28:36 +0530
Subject: [PATCH 2/2] add suppression

---
 owasp-suppressions.xml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/owasp-suppressions.xml b/owasp-suppressions.xml
index 17a64b61..cf9edeaf 100644
--- a/owasp-suppressions.xml
+++ b/owasp-suppressions.xml
@@ -16,4 +16,11 @@
     <packageUrl regex="true">^pkg:maven/io\.github\.graphql\-java/graphql\-java\-annotations@.*$</packageUrl>
     <cpe>cpe:/a:graphql-java:graphql-java</cpe>
   </suppress>
+  <suppress until="2023-06-29Z">
+    <notes><![CDATA[
+   file name: jackson-databind-2.15.2.jar
+   ]]></notes>
+    <packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$</packageUrl>
+    <cve>CVE-2023-35116</cve>
+  </suppress>
 </suppressions> 
\ No newline at end of file