Update ivy version to 2.5.2 (#619)

- Updates `org.apache.ivy:ivy` to version 2.5.2 to fix
CVE-2022-46751

- Adds 2 CVEs to trivyignore due to `debezium-supplier`
transitive dependencies.

.github/workflows/common.yml

@@ -56,6 +56,7 @@ jobs:
           ignore-unfixed: true
           severity: 'CRITICAL,HIGH'
           exit-code: 1
+          trivyignores: .trivyignore
       - name: 'Scanned'
         shell: bash
         run: echo "::info ::Scanned"

.trivyignore

@@ -1,2 +1,17 @@
+################################
+## From debezium-supplier
+################################
+CVE-2023-1428
+CVE-2023-32731
+
+################################
+# Snakeyaml 1.3.3
+# SCDF usage has been mitigated.
+################################
 CVE-2022-1471
-CVE-2016-1000027
+
+################################
+# Spring Web 5.3.x
+# SCDF not affected.
+################################
+CVE-2016-1000027

applications/processor/groovy-processor/pom.xml

@@ -14,10 +14,6 @@
         <relativePath>../../stream-applications-core/pom.xml</relativePath>
     </parent>
 
-    <properties>
-        <apache-ivy.version>2.5.1</apache-ivy.version>
-    </properties>
-
     <dependencies>
 
         <dependency>

applications/processor/script-processor/pom.xml

@@ -17,7 +17,6 @@
     <properties>
         <jruby-complete.version>9.3.9.0</jruby-complete.version>
         <jython-standalone.version>2.7.3</jython-standalone.version>
-        <apache-ivy.version>2.5.1</apache-ivy.version>
         <graalvm.version>22.3.0</graalvm.version>
     </properties>
 

scan-jar.sh

@@ -4,7 +4,6 @@ SCDIR=$(realpath $SCDIR)
 if [[ "$1" != *"-sources.jar" ]] && [[ "$1" != *"-javadoc.jar" ]]; then
     if [ "$TRIVY_UPLOAD" == "true" ]; then
       echo "Scanning:$1"
-      echo "trivy rootfs --format sarif -o \"$1.sarif\" \"$1\""
       trivy rootfs --exit-code 1 --format sarif -o "$1.sarif" "$1"
       if [ -f "$1.sarif" ]; then
         if [ -f $SCDIR/runs.sarif ]; then