forked from openrewrite/rewrite
-
Notifications
You must be signed in to change notification settings - Fork 0
/
suppressions.xml
50 lines (50 loc) · 1.94 KB
/
suppressions.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
<suppress until="2024-12-12">
<notes><![CDATA[
file name: okio-jvm-2.8.0.jar
sev: HIGH
reason: pinned while awaiting 5.x release
]]></notes>
<packageUrl regex="true">^pkg:maven/com\.squareup\.okio/okio@.*$</packageUrl>
<cve>CVE-2023-3635</cve>
</suppress>
<suppress until="2025-01-02Z">
<notes><![CDATA[
file name: develocity-gradle-plugin-3.17.6.jar: junit-platform-engine-1.10.3.jar
sev: CRITICAL
reason: not applicable to the project
]]></notes>
<cve>CVE-2023-45161</cve>
<cve>CVE-2023-45163</cve>
<cve>CVE-2023-5964</cve>
</suppress>
<suppress until="2025-01-02Z">
<notes><![CDATA[
file name: gradle-enterprise-gradle-plugin-3.17.6.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/com\.gradle/gradle-enterprise-gradle-plugin@.*$</packageUrl>
<cve>CVE-2019-11402</cve>
<cve>CVE-2019-11403</cve>
<cve>CVE-2021-41589</cve>
<cve>CVE-2023-49238</cve>
<cve>CVE-2022-25364</cve>
<cve>CVE-2020-15773</cve>
<cve>CVE-2020-15767</cve>
</suppress>
<suppress until="2024-12-12">
<notes><![CDATA[
file name: javax.json-1.1.4.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.glassfish/javax\.json@.*$</packageUrl>
<vulnerabilityName>CVE-2023-7272</vulnerabilityName>
</suppress>
<suppress until="2025-03-20">
<notes><![CDATA[
file name: javax.json-1.1.4.jar
reason: Used in antlr (4.11.1) code generation only. Not on the runtime classpath
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.glassfish/javax\.json@.*$</packageUrl>
<vulnerabilityName>CVE-2023-7272</vulnerabilityName>
</suppress>
</suppressions>