Add 'suppress until' config to temporarily suppress a vulnerability

[siladu]

In a situation where we know a dependency vulnerability fix is incoming, it would be nice to not have to remember to un-suppress it.

For example, CVE-2018-7489 is fixed: FasterXML/jackson-databind#1931
but awaiting release: https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.5

Example

Proposed new config added to reenable warnings after specified date: <until>2018-04-01</until>

    <suppress>
        <notes><![CDATA[
   file name: jackson-databind-2.9.4.jar
   ]]></notes>
        <gav regex="true">^com\.fasterxml\.jackson\.core:jackson-databind:.*$</gav>
        <cve>CVE-2018-7489</cve>
        <until>2018-04-01</until>
    </suppress>

Similar to https://github.com/unruly/junit-rules/blob/master/README.md#ignore-tests-until-a-certain-date-or-datetime

[jeremylong]

Interesting idea - thanks for the suggestion. It may take us a while to get to this - but PRs are always welcome.

[aikebah]

@jeremylong I'm willing to give this a try.... I'll try to come up with a PR for this

[jeremylong]

Note - we still need to update the documentation on this feature. Regardless - Thanks for the PR!

[lock]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.