From 3f90fef1540cfe1f728affa53bad00f8ad9dcc6f Mon Sep 17 00:00:00 2001
From: rishabh singh <rishabh.singh@imply.io>
Date: Mon, 21 Oct 2024 17:27:19 +0530
Subject: [PATCH] Fix cves

---
 licenses.yaml                           |  2 +-
 owasp-dependency-check-suppressions.xml | 20 +++++++++++++++++++-
 pom.xml                                 |  2 +-
 3 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/licenses.yaml b/licenses.yaml
index a357b961643c..9accae39cc4f 100644
--- a/licenses.yaml
+++ b/licenses.yaml
@@ -2065,7 +2065,7 @@ name: Jetty
 license_category: binary
 module: java-core
 license_name: Apache License version 2.0
-version: 9.4.54.v20240208
+version: 9.4.56.v20240826
 libraries:
   - org.eclipse.jetty: jetty-client
   - org.eclipse.jetty: jetty-continuation
diff --git a/owasp-dependency-check-suppressions.xml b/owasp-dependency-check-suppressions.xml
index 1f461854f6a3..af6c791e5b90 100644
--- a/owasp-dependency-check-suppressions.xml
+++ b/owasp-dependency-check-suppressions.xml
@@ -649,10 +649,12 @@
   </suppress>
   <suppress>
     <notes><![CDATA[
-        FP per issue #6100 - CVE-2023-36052 since it is related to Azure-cli not to the azure-core libraries
+        FP per issue #6100 - CVE-2023-36052 since it is related to azure-cli not to the azure-core libraries
+        CVE-2024-43591 is also a FP as it affect azure-cli which is not used.
         ]]></notes>
     <packageUrl regex="true">^pkg:maven/com\.azure/azure*@*.*$</packageUrl>
     <cve>CVE-2023-36052</cve>
+    <cve>CVE-2024-43591</cve>
   </suppress>
   <suppress>
     <!-- CVE is for a totally unrelated Sketch mac app -->
@@ -746,4 +748,20 @@
     <vulnerabilityName>CVE-2024-45772</vulnerabilityName>
   </suppress>
 
+  <suppress>
+    <!-- -->
+    <notes><![CDATA[
+    file name: azure-core-1.48.0.jar
+    ]]></notes>
+    <vulnerabilityName>CVE-2024-43591</vulnerabilityName>
+  </suppress>
+
+  <suppress>
+    <!-- Not affected by this CVE since we donot use lucene directly-->
+    <notes><![CDATA[
+    file name: azure-identity-1.12.0.jar
+    ]]></notes>
+    <vulnerabilityName>CVE-2024-43591</vulnerabilityName>
+  </suppress>
+
 </suppressions>
diff --git a/pom.xml b/pom.xml
index e70542cdea64..5da66a05fe6f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -98,7 +98,7 @@
         <guava.version>32.0.1-jre</guava.version>
         <guice.version>4.1.0</guice.version>
         <hamcrest.version>1.3</hamcrest.version>
-        <jetty.version>9.4.54.v20240208</jetty.version>
+        <jetty.version>9.4.56.v20240826</jetty.version>
         <jersey.version>1.19.4</jersey.version>
         <jackson.version>2.12.7.20221012</jackson.version>
         <codehaus.jackson.version>1.9.13</codehaus.jackson.version>