4.x: suppress GlassFish false positives (helidon-io#9338)

* Upgrade dependency check plugin
* Suppress Glassfish false positive

Author: barchetta

etc/dependency-check-suppression.xml

@@ -2,6 +2,22 @@
 <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
 <!-- For information see https://jeremylong.github.io/DependencyCheck/general/suppression.html -->
 
+
+<!-- False Positive
+     This CVE is against the GlassFish application server, but is mistakenly being
+     identified in various org.glassfish artifacts
+https://github.com/jeremylong/DependencyCheck/issues/7021
+https://github.com/jeremylong/DependencyCheck/issues/7020
+https://github.com/jeremylong/DependencyCheck/issues/7019
+-->
+<suppress>
+   <notes><![CDATA[
+   file name: jakarta.el-4.0.2.jar
+   ]]></notes>
+   <packageUrl regex="true">^pkg:maven/org\.glassfish.*/(jakarta\.el|jaxb-core|jaxb-runtime|osgi-resource-locator|txw2)@.*$</packageUrl>
+   <cve>CVE-2024-9329</cve>
+</suppress>
+
 <!-- This CVE is against the etcd server. We use the Java client
 -->
 <suppress>

pom.xml

@@ -135,7 +135,7 @@
         <version.plugin.source>3.0.1</version.plugin.source>
         <version.plugin.spotbugs>4.7.3.5</version.plugin.spotbugs>
         <version.plugin.findsecbugs>1.12.0</version.plugin.findsecbugs>
-        <version.plugin.dependency-check>10.0.3</version.plugin.dependency-check>
+        <version.plugin.dependency-check>10.0.4</version.plugin.dependency-check>
         <version.plugin.surefire>3.1.0</version.plugin.surefire>
         <version.plugin.toolchains>1.1</version.plugin.toolchains>
         <version.plugin.version-plugin>2.3</version.plugin.version-plugin>