- Bump DependencyCheck, skip known CVE in plugin (#286)

Author: nwithan8

dependency-check-suppressions.xml

@@ -3,11 +3,16 @@
     <suppress>
         <!--
         Below vulnerabilities are from outdated Protocol Buffers which is the dependency of Error Prone.
-        This will not affect our code
+        This will not affect our code.
         -->
         <vulnerabilityName>CVE-2022-3171</vulnerabilityName>
         <vulnerabilityName>CVE-2022-3509</vulnerabilityName>
         <vulnerabilityName>CVE-2022-3510</vulnerabilityName>
         <vulnerabilityName>CVE-2023-2976</vulnerabilityName>
+        <!--
+        Vulnerability in the Dependency Check itself, used during testing.
+        Will not affect end-users.
+        Ref: https://github.com/jeremylong/DependencyCheck/issues/5943 -->
+        <vulnerabilityName>CVE-2023-4759</vulnerabilityName>
     </suppress>
 </suppressions>

pom.xml

@@ -329,7 +329,7 @@
             <plugin>
                 <groupId>org.owasp</groupId>
                 <artifactId>dependency-check-maven</artifactId>
-                <version>8.2.1</version>
+                <version>8.4.0</version>
                 <configuration>
                     <suppressionFile>dependency-check-suppressions.xml</suppressionFile>
                     <failBuildOnCVSS>7</failBuildOnCVSS>