Merge pull request #303 from hmcts/CCD-1246-master

CCD-1246 CVE-2021-22112 (AAC Manage Case Assignment)

Author: MSancaktutar

build.gradle

@@ -273,10 +273,14 @@ dependencies {
   implementation group: 'uk.gov.hmcts.reform', name: 'idam-client', version: '1.5.5'
   implementation group: 'org.springframework.cloud', name: 'spring-cloud-starter-netflix-zuul', version: '2.2.3.RELEASE'
 
+  implementation "org.springframework.boot:spring-boot-starter-oauth2-client:2.3.8.RELEASE"
+  implementation "com.nimbusds:nimbus-jose-jwt:7.9"
+  implementation "net.minidev:json-smart:2.3"
   implementation "org.springframework.security:spring-security-web:5.4.5"
   implementation "org.springframework.security:spring-security-config:5.4.5"
   implementation "org.springframework.boot:spring-boot-starter-oauth2-client:2.4.5"
   implementation "org.springframework.boot:spring-boot-starter-oauth2-resource-server:2.4.5"
+
   implementation "io.github.openfeign:feign-httpclient:11.0"
   testCompile 'io.github.openfeign:feign-jackson:10.7.0'
   testCompile group: 'io.github.openfeign.form', name: 'feign-form', version: '3.8.0'

config/owasp/suppressions.xml

@@ -1,6 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <suppressions
   xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+
   <suppress until="2021-06-25">
     <notes><![CDATA[
      It's a false positive - spring-security version is 5.3.x (see: https://pivotal.io/security/cve-2018-1258)
@@ -24,11 +25,5 @@
     <cve>CVE-2007-1651</cve>
     <cve>CVE-2007-1652</cve>
   </suppress>
-
-  <suppress>
-    <notes>Temporary suppression</notes>
-    <cve>CVE-2021-22112</cve>
-    <cve>CVE-2021-22118</cve>
-  </suppress>
-
+  
 </suppressions>