diff --git a/.config/owasp-suppressions.xml b/.config/owasp-suppressions.xml
index 4f117ce003..d77ddac247 100644
--- a/.config/owasp-suppressions.xml
+++ b/.config/owasp-suppressions.xml
@@ -1,26 +1,5 @@
-
-
- org\.jetbrains\.kotlin:.*
- CVE-2022-24329
-
-
-
- com\.google\.guava:guava.*
- CVE-2020-8908
-
-
-
- com\.google\.guava:guava.*
- CVE-2023-2976
-
org\.eclipse\.jetty\.toolchain:jetty\-jakarta\-websocket\-api.*
.*
+
+
+ ^pkg:maven/org\.graalvm\.sdk/graal\-sdk@.*$
+ CVE-2023-22006
+
\ No newline at end of file
diff --git a/DEPENDENCIES b/DEPENDENCIES
index 60f4003ef5..23338023a7 100644
--- a/DEPENDENCIES
+++ b/DEPENDENCIES
@@ -278,40 +278,24 @@ maven/mavencentral/org.eclipse.edc/validator-spi/0.1.3, Apache-2.0, approved, te
maven/mavencentral/org.eclipse.edc/web-spi/0.1.3, Apache-2.0, approved, technology.edc
maven/mavencentral/org.eclipse.jetty.toolchain/jetty-jakarta-servlet-api/5.0.2, EPL-2.0 OR Apache-2.0, approved, rt.jetty
maven/mavencentral/org.eclipse.jetty.toolchain/jetty-jakarta-websocket-api/2.0.0, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty.websocket/websocket-core-client/11.0.15, EPL-2.0 OR Apache-2.0, approved, rt.jetty
maven/mavencentral/org.eclipse.jetty.websocket/websocket-core-client/11.0.16, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty.websocket/websocket-core-common/11.0.15, EPL-2.0 OR Apache-2.0, approved, rt.jetty
maven/mavencentral/org.eclipse.jetty.websocket/websocket-core-common/11.0.16, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty.websocket/websocket-core-server/11.0.15, EPL-2.0 OR Apache-2.0, approved, rt.jetty
maven/mavencentral/org.eclipse.jetty.websocket/websocket-core-server/11.0.16, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty.websocket/websocket-jakarta-client/11.0.15, EPL-2.0 OR Apache-2.0, approved, rt.jetty
maven/mavencentral/org.eclipse.jetty.websocket/websocket-jakarta-client/11.0.16, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty.websocket/websocket-jakarta-common/11.0.15, EPL-2.0 OR Apache-2.0, approved, rt.jetty
maven/mavencentral/org.eclipse.jetty.websocket/websocket-jakarta-common/11.0.16, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty.websocket/websocket-jakarta-server/11.0.15, EPL-2.0 OR Apache-2.0, approved, rt.jetty
maven/mavencentral/org.eclipse.jetty.websocket/websocket-jakarta-server/11.0.16, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty.websocket/websocket-servlet/11.0.15, EPL-2.0 OR Apache-2.0, approved, rt.jetty
maven/mavencentral/org.eclipse.jetty.websocket/websocket-servlet/11.0.16, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty/jetty-alpn-client/11.0.15, EPL-2.0 OR Apache-2.0, approved, rt.jetty
maven/mavencentral/org.eclipse.jetty/jetty-alpn-client/11.0.16, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty/jetty-annotations/11.0.15, EPL-2.0 OR Apache-2.0, approved, rt.jetty
maven/mavencentral/org.eclipse.jetty/jetty-annotations/11.0.16, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty/jetty-client/11.0.15, EPL-2.0 OR Apache-2.0, approved, rt.jetty
maven/mavencentral/org.eclipse.jetty/jetty-client/11.0.16, EPL-2.0 OR Apache-2.0, approved, rt.jetty
maven/mavencentral/org.eclipse.jetty/jetty-http/11.0.16, EPL-2.0 OR Apache-2.0, approved, rt.jetty
maven/mavencentral/org.eclipse.jetty/jetty-io/11.0.16, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty/jetty-jndi/11.0.15, EPL-2.0 OR Apache-2.0, approved, rt.jetty
maven/mavencentral/org.eclipse.jetty/jetty-jndi/11.0.16, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty/jetty-plus/11.0.15, EPL-2.0 OR Apache-2.0, approved, rt.jetty
maven/mavencentral/org.eclipse.jetty/jetty-plus/11.0.16, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty/jetty-security/11.0.15, EPL-2.0 OR Apache-2.0, approved, rt.jetty
maven/mavencentral/org.eclipse.jetty/jetty-security/11.0.16, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty/jetty-server/11.0.15, EPL-2.0 OR Apache-2.0, approved, rt.jetty
maven/mavencentral/org.eclipse.jetty/jetty-server/11.0.16, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty/jetty-servlet/11.0.15, EPL-2.0 OR Apache-2.0, approved, rt.jetty
maven/mavencentral/org.eclipse.jetty/jetty-servlet/11.0.16, EPL-2.0 OR Apache-2.0, approved, rt.jetty
maven/mavencentral/org.eclipse.jetty/jetty-util/11.0.16, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty/jetty-webapp/11.0.15, EPL-2.0 OR Apache-2.0, approved, rt.jetty
maven/mavencentral/org.eclipse.jetty/jetty-webapp/11.0.16, EPL-2.0 OR Apache-2.0, approved, rt.jetty
maven/mavencentral/org.eclipse.jetty/jetty-xml/11.0.16, EPL-2.0 OR Apache-2.0, approved, rt.jetty
maven/mavencentral/org.eclipse.tractusx.irs/irs-api/0.0.2-SNAPSHOT, Apache-2.0, approved, automotive.tractusx
@@ -346,12 +330,8 @@ maven/mavencentral/org.glassfish.jersey.media/jersey-media-multipart/3.1.2, EPL-
maven/mavencentral/org.glassfish.jersey.media/jersey-media-multipart/3.1.3, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey
maven/mavencentral/org.glassfish/jakarta.json/2.0.1, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jsonp
maven/mavencentral/org.graalvm.js/js/21.2.0, UPL-1.0 AND (MPL-2.0 AND LicenseRef-MIT-style) AND (BSD-3-Clause AND UPL-1.0) AND (GPL-2.0-only WITH Classpath-exception-2.0 AND UPL-1.0) AND (UPL-1.0 AND LicenseRef-Permission-Notice), approved, #10176
-maven/mavencentral/org.graalvm.polyglot/polyglot/23.1.0, UPL-1.0, approved, #10918
maven/mavencentral/org.graalvm.regex/regex/21.2.0, UPL-1.0 AND (Unicode-TOU AND UPL-1.0), approved, #10181
-maven/mavencentral/org.graalvm.sdk/collections/23.1.0, UPL-1.0, approved, #10920
-maven/mavencentral/org.graalvm.sdk/graal-sdk/23.1.0, UPL-1.0, approved, #10914
-maven/mavencentral/org.graalvm.sdk/nativeimage/23.1.0, UPL-1.0, approved, #10921
-maven/mavencentral/org.graalvm.sdk/word/23.1.0, UPL-1.0, approved, #10917
+maven/mavencentral/org.graalvm.sdk/graal-sdk/21.2.0, UPL-1.0, approved, clearlydefined
maven/mavencentral/org.graalvm.truffle/truffle-api/21.2.0, UPL-1.0, approved, #10219
maven/mavencentral/org.hamcrest/hamcrest-core/2.2, BSD-3-Clause, approved, clearlydefined
maven/mavencentral/org.hamcrest/hamcrest/2.2, BSD-3-Clause, approved, clearlydefined
@@ -403,6 +383,7 @@ maven/mavencentral/org.opentest4j/opentest4j/1.2.0, Apache-2.0, approved, clearl
maven/mavencentral/org.ow2.asm/asm-commons/9.5, BSD-3-Clause, approved, #7553
maven/mavencentral/org.ow2.asm/asm-tree/9.5, BSD-3-Clause, approved, #7555
maven/mavencentral/org.ow2.asm/asm/9.3, BSD-3-Clause, approved, clearlydefined
+maven/mavencentral/org.ow2.asm/asm/9.5, BSD-3-Clause, approved, #7554
maven/mavencentral/org.projectlombok/lombok/1.18.30, MIT AND LicenseRef-Public-Domain, approved, CQ23907
maven/mavencentral/org.rnorth.duct-tape/duct-tape/1.0.8, MIT, approved, clearlydefined
maven/mavencentral/org.scala-lang.modules/scala-java8-compat_2.13/1.0.0, Apache-2.0, approved, clearlydefined
@@ -465,7 +446,6 @@ maven/mavencentral/org.typelevel/spire-macros_2.13/0.17.0, MIT, approved, clearl
maven/mavencentral/org.unbescape/unbescape/1.1.6.RELEASE, Apache-2.0, approved, CQ18904
maven/mavencentral/org.webjars/swagger-ui/5.2.0, Apache-2.0, approved, #10221
maven/mavencentral/org.wiremock/wiremock-standalone/3.2.0, MIT AND Apache-2.0, approved, #10919
-maven/mavencentral/org.xerial.snappy/snappy-java/1.1.10.1, Apache-2.0 AND (Apache-2.0 AND BSD-3-Clause), approved, #9098
maven/mavencentral/org.xerial.snappy/snappy-java/1.1.10.5, Apache-2.0 AND (Apache-2.0 AND BSD-3-Clause), approved, #9098
maven/mavencentral/org.xmlunit/xmlunit-core/2.9.1, Apache-2.0, approved, #6272
maven/mavencentral/org.yaml/snakeyaml/1.33, Apache-2.0, approved, clearlydefined
diff --git a/irs-api/pom.xml b/irs-api/pom.xml
index 7033434d67..9c546a88f4 100644
--- a/irs-api/pom.xml
+++ b/irs-api/pom.xml
@@ -45,19 +45,10 @@
io.minio
minio
- ${minio.version}
-
-
- org.bouncycastle
- bcprov-jdk15on
-
-
-
org.xerial.snappy
snappy-java
- 1.1.10.5
com.squareup.okhttp3
@@ -170,16 +161,12 @@
+
org.jsoup
jsoup
${jsoup.version}
-
- org.graalvm.sdk
- graal-sdk
- ${graal-sdk.version}
-
org.eclipse.tractusx.irs
diff --git a/irs-common/pom.xml b/irs-common/pom.xml
index 2c9ea7fe49..1473cbe828 100644
--- a/irs-common/pom.xml
+++ b/irs-common/pom.xml
@@ -60,17 +60,10 @@
io.minio
minio
- ${minio.version}
-
-
- com.fasterxml.jackson.core
- jackson-databind
-
-
- org.bouncycastle
- bcprov-jdk15on
-
-
+
+
+ org.xerial.snappy
+ snappy-java
com.squareup.okio
diff --git a/irs-edc-client/pom.xml b/irs-edc-client/pom.xml
index 665605bcd7..640da1a559 100644
--- a/irs-edc-client/pom.xml
+++ b/irs-edc-client/pom.xml
@@ -133,23 +133,14 @@
org.eclipse.edc
- jetty-xml
- org.eclipse.jetty
-
-
- jetty-http
- org.eclipse.jetty
+ websocket-jakarta-server
+ org.eclipse.jetty.websocket
- jetty-http
- org.eclipse.jetty
- 11.0.16
-
-
- jetty-xml
- org.eclipse.jetty
+ org.eclipse.jetty.websocket
+ websocket-jakarta-server
11.0.16
diff --git a/irs-policy-store/pom.xml b/irs-policy-store/pom.xml
index 7b124de253..cafb6ea7bf 100644
--- a/irs-policy-store/pom.xml
+++ b/irs-policy-store/pom.xml
@@ -37,17 +37,10 @@
io.minio
minio
- ${minio.version}
-
-
- com.fasterxml.jackson.core
- jackson-databind
-
-
- org.bouncycastle
- bcprov-jdk15on
-
-
+
+
+ org.xerial.snappy
+ snappy-java
org.springframework.boot
diff --git a/pom.xml b/pom.xml
index a6320a3c1c..e9e209dce3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -89,6 +89,7 @@
3.3.0
3.1.0
0.0.1-SNAPSHOT
+ 1.1.10.5
@@ -98,6 +99,27 @@
micrometer-registry-prometheus
${micrometer.version}
+
+ io.minio
+ minio
+ ${minio.version}
+
+
+ org.bouncycastle
+ bcprov-jdk15on
+
+
+ snappy-java
+ org.xerial.snappy
+
+
+
+
+
+ org.xerial.snappy
+ snappy-java
+ ${snappy-java.version}
+