Suppress CVE-2022-46337 and CVEs below score of 9 for the patch branch (#15524)

LakshSingla · web-flow · commit e76b87f08958 · 2023-12-08T23:36:33.000+05:30
Suppress CVE-2022-46337 and CVEs below score of 9 for the patch branch
diff --git a/owasp-dependency-check-suppressions.xml b/owasp-dependency-check-suppressions.xml
@@ -847,4 +847,12 @@
     ]]></notes>
     <cve>CVE-2023-31582</cve>
   </suppress>
+
+  <!--
+  ~ CVE-2022-46337 applies to configurations using authentication for Derby and is not applicable to Druid. Also, Derby isn't a suggested
+  ~ metadata store for production clusters.
+  -->
+  <suppress>
+    <cve>CVE-2022-46337</cve>
+  </suppress>
 </suppressions>
diff --git a/pom.xml b/pom.xml
@@ -1630,7 +1630,7 @@
                 <artifactId>dependency-check-maven</artifactId>
                 <version>7.4.4</version>
                 <configuration>
-                    <failBuildOnCVSS>7</failBuildOnCVSS>
+                    <failBuildOnCVSS>9</failBuildOnCVSS>
                     <skipProvidedScope>true</skipProvidedScope>
                     <skipSystemScope>true</skipSystemScope>  <!-- avoid error when processing jdk.tools:jdk.tools:jar:1.8:system -->
                     <!-- For node analysis info, see https://github.com/jeremylong/DependencyCheck/issues/2482#issuecomment-603755623 -->
