forked from openrewrite/rewrite-gradle-plugin
-
Notifications
You must be signed in to change notification settings - Fork 0
/
suppressions.xml
70 lines (70 loc) · 2.91 KB
/
suppressions.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
<suppress until="2024-12-17Z">
<notes><![CDATA[
file name: rewrite-gradle-8.14.0-SNAPSHOT.jar: gradle-core-api-6.1.1.jar
]]></notes>
<cve>CVE-2020-11979</cve>
<cve>CVE-2021-29427</cve>
<cve>CVE-2021-29428</cve>
<cve>CVE-2021-29429</cve>
<cve>CVE-2021-32751</cve>
<cve>CVE-2023-35946</cve>
<cve>CVE-2023-35947</cve>
<cve>CVE-2023-42445</cve>
<cve>CVE-2023-44387</cve>
</suppress>
<suppress until="2024-12-17Z" >
<notes><![CDATA[
Already on the latest version
file name: rewrite-gradle-8.15.0-SNAPSHOT.jar: gradle-enterprise-gradle-plugin-3.16.2.jar
reason: false positive. Vulnerability is for Gradle proper, not this plugin which is latest version
]]></notes>
<cve>CVE-2019-11065</cve>
<cve>CVE-2019-11402</cve>
<cve>CVE-2019-11403</cve>
<cve>CVE-2019-15052</cve>
<cve>CVE-2019-16370</cve>
<cve>CVE-2020-11979</cve>
<cve>CVE-2020-15767</cve>
<cve>CVE-2020-15773</cve>
<cve>CVE-2021-29428</cve>
<cve>CVE-2021-29429</cve>
<cve>CVE-2021-32751</cve>
<cve>CVE-2021-41589</cve>
<cve>CVE-2022-25364</cve>
<cve>CVE-2022-30587</cve>
<cve>CVE-2023-35946</cve>
<cve>CVE-2023-35947</cve>
<cve>CVE-2023-42445</cve>
<cve>CVE-2023-44387</cve>
<cve>CVE-2023-49238</cve>
</suppress>
<suppress>
<notes><![CDATA[
Shaded dependency in latest version:
file name: kotlin-gradle-plugin-2.0.0-Beta2-gradle82.jar (shaded: com.google.guava:guava:31.1-jre)
]]></notes>
<packageUrl regex="true">^pkg:maven/com\.google\.guava/guava@.*$</packageUrl>
<vulnerabilityName>CVE-2023-2976</vulnerabilityName>
<vulnerabilityName>CVE-2020-8908</vulnerabilityName>
</suppress>
<suppress until="2024-12-17Z">
<notes><![CDATA[
file name: rewrite-core-8.6.0-SNAPSHOT.jar (shaded: org.eclipse.jgit:org.eclipse.jgit:5.13.2.202306221912-r)
Not relevant. And we pin to this version to support Java8.
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$</packageUrl>
<vulnerabilityName>CVE-2023-4759</vulnerabilityName>
</suppress>
<suppress until="2024-11-22Z">
<notes><![CDATA[
Already on the latest version of develocity-gradle-plugin
file name: rewrite-gradle-8.32.0.jar: develocity-gradle-plugin-3.17.6.jar: junit-platform-engine-1.10.3.jar
reason: awaiting reanalysis
]]></notes>
<cve>CVE-2023-45161</cve>
<cve>CVE-2023-45163</cve>
<cve>CVE-2023-5964</cve>
</suppress>
</suppressions>