From 29d5a8e03fb9a9beaf2a5f5509c17f5eeca9c21b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 6 Apr 2026 18:20:45 +0000
Subject: [PATCH 1/3] Bump quarkus.version from 3.34.1 to 3.34.2

Bumps `quarkus.version` from 3.34.1 to 3.34.2.

Updates `io.quarkus.platform:quarkus-bom` from 3.34.1 to 3.34.2
- [Commits](https://github.com/quarkusio/quarkus-platform/compare/3.34.1...3.34.2)

Updates `io.quarkus.platform:quarkus-maven-plugin` from 3.34.1 to 3.34.2
- [Commits](https://github.com/quarkusio/quarkus-platform/compare/3.34.1...3.34.2)

---
updated-dependencies:
- dependency-name: io.quarkus.platform:quarkus-bom
  dependency-version: 3.34.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: io.quarkus.platform:quarkus-maven-plugin
  dependency-version: 3.34.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 examples/cli/pom.xml    | 2 +-
 examples/webapp/pom.xml | 2 +-
 pom.xml                 | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/examples/cli/pom.xml b/examples/cli/pom.xml
index fbbd15f82f..84ba113e5a 100644
--- a/examples/cli/pom.xml
+++ b/examples/cli/pom.xml
@@ -16,7 +16,7 @@
   </description>
 
   <properties>
-    <quarkus.version>3.34.1</quarkus.version>
+    <quarkus.version>3.34.2</quarkus.version>
   </properties>
 
   <dependencyManagement>
diff --git a/examples/webapp/pom.xml b/examples/webapp/pom.xml
index b98fc5987a..f2f66aed3c 100644
--- a/examples/webapp/pom.xml
+++ b/examples/webapp/pom.xml
@@ -16,7 +16,7 @@
   </description>
 
   <properties>
-    <quarkus.version>3.34.1</quarkus.version>
+    <quarkus.version>3.34.2</quarkus.version>
   </properties>
 
   <dependencyManagement>
diff --git a/pom.xml b/pom.xml
index 9fb6d0a9e7..472d9f8d8c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -32,7 +32,7 @@
     <jose4j.version>0.9.6</jose4j.version>
     <json.bind.version>3.0.1</json.bind.version>
     <okhttp.version>5.3.2</okhttp.version>
-    <quarkus.version>3.34.1</quarkus.version>
+    <quarkus.version>3.34.2</quarkus.version>
     <rdf4j.version>5.2.2</rdf4j.version>
     <slf4j.version>2.0.17</slf4j.version>
     <spring.security.version>7.0.4</spring.security.version>

From 82a8c49592cc8ddcbdb0172e3f12322166c92fed Mon Sep 17 00:00:00 2001
From: Aaron Coburn <aaronc@inrupt.com>
Date: Mon, 6 Apr 2026 13:41:00 -0500
Subject: [PATCH 2/3] Remove owasp checking

---
 .github/workflows/ci-config.yml    | 31 ---------------
 .github/workflows/nvd-cache.yml    | 55 --------------------------
 build-tools/owasp/suppressions.xml | 41 -------------------
 examples/pom.xml                   |  8 ----
 pom.xml                            | 63 ------------------------------
 5 files changed, 198 deletions(-)
 delete mode 100644 .github/workflows/nvd-cache.yml
 delete mode 100644 build-tools/owasp/suppressions.xml

diff --git a/.github/workflows/ci-config.yml b/.github/workflows/ci-config.yml
index 3f0a498b66..be1a18bd42 100644
--- a/.github/workflows/ci-config.yml
+++ b/.github/workflows/ci-config.yml
@@ -97,37 +97,6 @@ jobs:
       - name: Build the code with Maven
         run: mvn -B -ntp verify -Pwebsite javadoc:javadoc
 
-  dependencies:
-    name: Dependency Check
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        java: [ 17 ]
-
-    steps:
-      - uses: actions/checkout@v6
-
-      - name: Set up JDK ${{ matrix.java }}
-        uses: actions/setup-java@v5
-        with:
-          distribution: 'temurin'
-          java-version: ${{ matrix.java }}
-          cache: 'maven'
-
-      - name: Generate Cache Name
-        shell: bash
-        run: echo "CACHE_NAME=$(date '+%y.%j')" >> $GITHUB_ENV
-
-      - name: Restore NVD data cache
-        uses: actions/cache@v5
-        with:
-          key: nvd-data-${{ env.CACHE_NAME }}
-          restore-keys: nvd-data-
-          path: ./data/cache
-
-      - name: Verify dependencies
-        run: mvn -B -ntp verify -Pdependencies -Dnvd.api.datafeed="file:${GITHUB_WORKSPACE}/data/cache/nvdcve-{0}.json.gz"
-
   sonar:
     name: Sonar Scan
     runs-on: ubuntu-latest
diff --git a/.github/workflows/nvd-cache.yml b/.github/workflows/nvd-cache.yml
deleted file mode 100644
index 2b0168a22e..0000000000
--- a/.github/workflows/nvd-cache.yml
+++ /dev/null
@@ -1,55 +0,0 @@
-name: NVD Data Workflow Schedule
-
-on:
-  schedule:
-    - cron: '0 5 * * 1,2,3,4,5'
-  workflow_dispatch: { }
-
-jobs:
-  build:
-    name: Build and collect data
-    runs-on: ubuntu-latest
-    if: ${{ github.actor != 'dependabot[bot]' }}
-
-    steps:
-    - name: Checkout OVP repository
-      uses: actions/checkout@v6
-      with:
-        repository: jeremylong/Open-Vulnerability-Project
-        path: ovp
-        ref: v7.2.2
-
-    - name: Set up JDK 17
-      uses: actions/setup-java@v5
-      with:
-        distribution: 'temurin'
-        java-version: 17
-        cache: 'gradle'
-
-    - name: Build the OVP code with Gradle
-      working-directory: ./ovp
-      run: ./gradlew build -x test -x spotlessJavaCheck
-
-    - uses: actions/checkout@v6
-      with:
-        path: data
-
-    - name: Generate Cache Name
-      shell: bash
-      run: echo "CACHE_NAME=$(date '+%y.%j')" >> $GITHUB_ENV
-
-    - name: Rename artifact
-      run: find ./ovp/vulnz/build/libs -type f -regex './ovp/vulnz/build/libs/vulnz-[0-9].[0-9].[0-9].jar' -exec mv {} ./data/vulnz.jar ';'
-
-    - name: Generate data
-      working-directory: ./data
-      run: ./vulnz.jar cve --cache --directory ./cache --delay=10000 --maxRetry=20
-      env:
-        NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
-        JAVA_OPTS: "-Xmx4g"
-
-    - name: Cache NVD data
-      uses: actions/cache@v5
-      with:
-        key: nvd-data-${{ env.CACHE_NAME }}
-        path: ./data/cache
diff --git a/build-tools/owasp/suppressions.xml b/build-tools/owasp/suppressions.xml
deleted file mode 100644
index 8a9ab68820..0000000000
--- a/build-tools/owasp/suppressions.xml
+++ /dev/null
@@ -1,41 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
-  <!-- False positive matches of non-dependencies. These do not need monthly review. -->
-  <suppress>
-    <notes><![CDATA[
-        This suppresses a false positive CPE match
-    ]]></notes>
-    <packageUrl regex="true">^pkg:maven/com\.inrupt\.client/inrupt\-client\-openid@.*$</packageUrl>
-    <cpe>cpe:/a:openid:openid</cpe>
-  </suppress>
-  <suppress>
-    <notes><![CDATA[
-        This suppresses a false positive CPE match
-    ]]></notes>
-    <packageUrl regex="true">^pkg:maven/org\.roaringbitmap/RoaringBitmap@.*$</packageUrl>
-    <cpe>cpe:/a:bitmap_project:bitmap</cpe>
-  </suppress>
-  <suppress>
-    <notes><![CDATA[
-        This suppresses a false positive CVE match
-    ]]></notes>
-    <packageUrl regex="true">^pkg:maven/com\.inrupt\.client/inrupt-client-webid@.*$</packageUrl>
-    <cve>CVE-2021-4236</cve>
-  </suppress>
-  <suppress>
-    <notes><![CDATA[
-        The json-java artifact is not a dependency of this project.
-    ]]></notes>
-    <packageUrl regex="true">^pkg:maven/(com\.inrupt\.client/inrupt\-client\-jsonb|com\.github\.jsonld\-java/jsonld\-java|net\.javacrumbs\.json\-unit/json\-unit\-core)@.*$</packageUrl>
-    <cve>CVE-2023-5072</cve>
-  </suppress>
-  <suppress>
-    <notes><![CDATA[
-        The json-java artifact is not a dependency of this project.
-    ]]></notes>
-    <packageUrl regex="true">^pkg:maven/(com\.inrupt\.client/inrupt\-client\-jsonb|com\.github\.jsonld\-java/jsonld\-java|net\.javacrumbs\.json\-unit/json\-unit\-core)@.*$</packageUrl>
-    <cve>CVE-2022-45688</cve>
-  </suppress>
-
-  <!-- Suppressed vulnerabilities. These need monthly review. -->
-</suppressions>
diff --git a/examples/pom.xml b/examples/pom.xml
index d387231683..dd2afae85c 100644
--- a/examples/pom.xml
+++ b/examples/pom.xml
@@ -23,14 +23,6 @@
 
   <build>
     <plugins>
-      <plugin>
-        <groupId>org.owasp</groupId>
-        <artifactId>dependency-check-maven</artifactId>
-        <version>${owasp.plugin.version}</version>
-        <configuration>
-          <skip>true</skip>
-        </configuration>
-      </plugin>
       <plugin>
         <groupId>org.apache.maven.plugins</groupId>
         <artifactId>maven-deploy-plugin</artifactId>
diff --git a/pom.xml b/pom.xml
index 472d9f8d8c..39e96eff00 100644
--- a/pom.xml
+++ b/pom.xml
@@ -56,7 +56,6 @@
     <jar.plugin.version>3.5.0</jar.plugin.version>
     <javadoc.plugin.version>3.12.0</javadoc.plugin.version>
     <license.plugin.version>5.0.0</license.plugin.version>
-    <owasp.plugin.version>12.2.0</owasp.plugin.version>
     <projectinfo.plugin.version>3.9.0</projectinfo.plugin.version>
     <pmd.plugin.version>3.28.0</pmd.plugin.version>
     <site.plugin.version>3.21.0</site.plugin.version>
@@ -82,10 +81,7 @@
     <hamcrest.version>3.0</hamcrest.version>
 
     <!-- disable by default (enabled by profile in CI) -->
-    <dependency-check.skip>true</dependency-check.skip>
     <archetype.test.skip>true</archetype.test.skip>
-    <nvd.api.key />
-    <nvd.api.datafeed />
 
     <!-- sonar -->
     <sonar.coverage.jacoco.xmlReportPaths>${maven.multiModuleProjectDirectory}/reports/target/site/jacoco-merged/jacoco.xml</sonar.coverage.jacoco.xmlReportPaths>
@@ -494,11 +490,6 @@
             </execution>
           </executions>
         </plugin>
-        <plugin>
-          <groupId>org.owasp</groupId>
-          <artifactId>dependency-check-maven</artifactId>
-          <version>${owasp.plugin.version}</version>
-        </plugin>
       </plugins>
     </pluginManagement>
 
@@ -599,31 +590,6 @@
           </execution>
         </executions>
       </plugin>
-      <plugin>
-        <groupId>org.owasp</groupId>
-        <artifactId>dependency-check-maven</artifactId>
-        <executions>
-          <execution>
-            <goals>
-              <goal>check</goal>
-            </goals>
-          </execution>
-        </executions>
-        <configuration>
-          <failBuildOnCVSS>7</failBuildOnCVSS>
-          <ossindexAnalyzerEnabled>false</ossindexAnalyzerEnabled>
-          <formats>
-            <format>HTML</format>
-            <format>JSON</format>
-            <format>CSV</format>
-          </formats>
-          <suppressionFile>
-              ./build-tools/owasp/suppressions.xml
-          </suppressionFile>
-          <nvdApiKey>${nvd.api.key}</nvdApiKey>
-          <nvdDatafeedUrl>${nvd.api.datafeed}</nvdDatafeedUrl>
-        </configuration>
-      </plugin>
       <plugin>
         <groupId>org.sonatype.central</groupId>
         <artifactId>central-publishing-maven-plugin</artifactId>
@@ -747,23 +713,6 @@
           </reportSet>
         </reportSets>
       </plugin>
-      <plugin>
-        <groupId>org.owasp</groupId>
-        <artifactId>dependency-check-maven</artifactId>
-        <version>${owasp.plugin.version}</version>
-        <reportSets>
-          <reportSet>
-            <reports>
-              <report>aggregate</report>
-            </reports>
-          </reportSet>
-        </reportSets>
-        <configuration>
-          <suppressionFiles>
-            <suppressionFile>./build-tools/owasp/suppressions.xml</suppressionFile>
-          </suppressionFiles>
-        </configuration>
-      </plugin>
     </plugins>
   </reporting>
 
@@ -827,18 +776,6 @@
         <archetype.test.skip>true</archetype.test.skip>
       </properties>
     </profile>
-    <profile>
-      <id>dependencies</id>
-      <properties>
-        <skipTests>true</skipTests>
-        <pmd.skip>true</pmd.skip>
-        <cpd.skip>true</cpd.skip>
-        <dependency-check.skip>false</dependency-check.skip>
-        <jacoco.skip>true</jacoco.skip>
-        <checkstyle.skip>true</checkstyle.skip>
-        <archetype.test.skip>true</archetype.test.skip>
-      </properties>
-    </profile>
   </profiles>
 
   <developers>

From 034eb29664119fc024bcf84a96ef75f600391abc Mon Sep 17 00:00:00 2001
From: Aaron Coburn <aaronc@inrupt.com>
Date: Mon, 6 Apr 2026 13:42:07 -0500
Subject: [PATCH 3/3] Remove owasp reference

---
 archetypes/pom.xml | 12 ------------
 1 file changed, 12 deletions(-)

diff --git a/archetypes/pom.xml b/archetypes/pom.xml
index 14d9a09050..f007a615a3 100644
--- a/archetypes/pom.xml
+++ b/archetypes/pom.xml
@@ -17,16 +17,4 @@
   <modules>
     <module>java</module>
   </modules>
-
-  <build>
-    <plugins>
-      <plugin>
-        <groupId>org.owasp</groupId>
-        <artifactId>dependency-check-maven</artifactId>
-        <configuration>
-          <skip>true</skip>
-        </configuration>
-      </plugin>
-    </plugins>
-  </build>
 </project>