Feat/springdocs upgrade (#15)

* Migration to Springdoc 2

* Migration to Springdoc 2

* Explicit import of newer version of fileupload to fix CVE-2023-24998

* Added another h2 CVE suppression since still only used for testing

* Added false positive for guava

* Removed version since it's managed at parent

* Moved version since it's managed at parent

Author: Morphyum

feign/pom.xml

@@ -27,9 +27,15 @@
             <groupId>org.springframework.cloud</groupId>
             <artifactId>spring-cloud-starter-openfeign</artifactId>
         </dependency>
+
         <dependency>
             <groupId>io.github.openfeign</groupId>
             <artifactId>feign-httpclient</artifactId>
         </dependency>
+        <!-- To satisfy CVE-2023-24998 happening in openfeign -->
+        <dependency>
+            <groupId>commons-fileupload</groupId>
+            <artifactId>commons-fileupload</artifactId>
+        </dependency>
     </dependencies>
 </project>

owasp/suppressions.xml

@@ -14,11 +14,17 @@
     <suppress>
         <notes>H2 is only used for testing, not production</notes>
         <cve>CVE-2022-45868</cve>
+        <cve>CVE-2018-14335</cve>
     </suppress>
 
     <suppress>
         <notes>False positive. CVE is matching for hutools. OWASP Check matches for json-lib</notes>
         <cve>CVE-2022-45688</cve>
     </suppress>
 
+    <suppress>
+        <notes>False positive. guava version is higher than 30.0 and this CVE should not match</notes>
+        <cve>CVE-2020-8908</cve>
+    </suppress>
+
 </suppressions>

pom.xml

@@ -80,8 +80,8 @@
             </dependency>
             <dependency>
                 <groupId>org.springdoc</groupId>
-                <artifactId>springdoc-openapi-ui</artifactId>
-                <version>1.6.14</version>
+                <artifactId>springdoc-openapi-starter-webmvc-ui</artifactId>
+                <version>2.0.4</version>
             </dependency>
 
 
@@ -117,6 +117,11 @@
                 <version>3.6.1</version>
                 <scope>compile</scope>
             </dependency>
+            <dependency>
+                <groupId>commons-fileupload</groupId>
+                <artifactId>commons-fileupload</artifactId>
+                <version>1.5</version>
+            </dependency>
 
 
             <!-- JJWT -->

spring-boot/pom.xml

@@ -73,7 +73,7 @@
         <!-- Documentation -->
         <dependency>
             <groupId>org.springdoc</groupId>
-            <artifactId>springdoc-openapi-ui</artifactId>
+            <artifactId>springdoc-openapi-starter-webmvc-ui</artifactId>
         </dependency>
 
         <!-- Test -->