Skip to content

Commit

Permalink
Updating Suppressions (#923)
Browse files Browse the repository at this point in the history 
removing unnecessary suppressions
updating the until date for suppressions which still apply

Co-authored-by: Tim te Beek <tim@moderne.io>
  • Loading branch information
@lkerford @timtebeek
lkerford and timtebeek authored Jan 3, 2025
1 parent d953978 commit e740c70
Showing 1 changed file with 2 additions and 74 deletions.
76 changes: 2 additions & 74 deletions suppressions.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,87 +34,15 @@
<packageUrl regex="true">^pkg:maven/io\.micrometer\.prometheus/prometheus\-rsocket\-client@.*$</packageUrl>
<cve>CVE-2019-3826</cve>
</suppress>
<suppress until="2024-12-13Z">
<notes><![CDATA[
file name: guava-31.1-jre.jar
Reverted in https://github.com/openrewrite/rewrite-python/commit/f487df7dabb8588ae2edb17e31ff7b8ba3ffc133 because Guava 32 introduces gradle module metadata which causes downstream breakage in build plugins.
]]></notes>
<packageUrl regex="true">^pkg:maven/com\.google\.guava/guava@31\.0\.1-jre$</packageUrl>
<cve>CVE-2023-2976</cve>
<cve>CVE-2020-8908</cve>
</suppress>
<suppress until="2024-12-13Z">
<notes><![CDATA[
file name: rewrite-core-8.6.0-SNAPSHOT.jar (shaded: org.eclipse.jgit:org.eclipse.jgit:5.13.2.202306221912-r)
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$</packageUrl>
<vulnerabilityName>CVE-2023-4759</vulnerabilityName>
</suppress>
<suppress until="2024-12-13Z">
<notes><![CDATA[
file name: plexus-cipher-2.0.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.codehaus\.plexus/plexus\-cipher@.*$</packageUrl>
<cve>CVE-2022-4244</cve>
<cve>CVE-2022-4245</cve>
</suppress>
<suppress until="2024-12-13Z">
<notes><![CDATA[
file name: plexus-classworlds-2.7.0.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.codehaus\.plexus/plexus\-classworlds@.*$</packageUrl>
<cve>CVE-2022-4244</cve>
<cve>CVE-2022-4245</cve>
</suppress>
<suppress until="2024-12-13Z">
<notes><![CDATA[
file name: plexus-component-annotations-2.1.0.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.codehaus\.plexus/plexus\-component\-annotations@.*$</packageUrl>
<cve>CVE-2022-4244</cve>
<cve>CVE-2022-4245</cve>
</suppress>
<suppress until="2024-12-13Z">
<notes><![CDATA[
file name: plexus-interactivity-api-1.1.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.codehaus\.plexus/plexus\-interactivity\-api@.*$</packageUrl>
<cve>CVE-2022-4244</cve>
<cve>CVE-2022-4245</cve>
</suppress>
<suppress until="2024-12-13Z">
<notes><![CDATA[
file name: plexus-interpolation-1.26.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.codehaus\.plexus/plexus\-interpolation@.*$</packageUrl>
<cve>CVE-2022-4244</cve>
<cve>CVE-2022-4245</cve>
</suppress>
<suppress until="2024-12-13Z">
<notes><![CDATA[
file name: plexus-sec-dispatcher-2.0.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.codehaus\.plexus/plexus\-sec\-dispatcher@.*$</packageUrl>
<cve>CVE-2022-4244</cve>
<cve>CVE-2022-4245</cve>
</suppress>
<suppress until="2024-12-13Z">
<notes><![CDATA[
file name: netty-transport-4.1.94.Final.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/io\.netty/netty\-transport@.*$</packageUrl>
<cve>CVE-2023-4586</cve>
<cve>CVE-2023-44487</cve>
</suppress>
<suppress until="2024-12-13Z">
<suppress until="2025-02-03Z">
<notes><![CDATA[
file name: reactor-netty-core-1.0.32.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/io\.projectreactor\.netty/reactor\-netty\-core@.*$</packageUrl>
<cve>CVE-2023-34054</cve>
<cve>CVE-2023-34062</cve>
</suppress>
<suppress until="2024-12-13Z">
<suppress until="2025-02-03Z">
<notes><![CDATA[
file name: reactor-netty-http-1.0.32.jar
]]></notes>
Expand Down

0 comments on commit e740c70

Please sign in to comment.