You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@struts.apache.org by lu...@apache.org on 2020/12/21 06:44:33 UTC

[struts-examples] branch master updated: Suppresses Quarkus dependencies

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/struts-examples.git


The following commit(s) were added to refs/heads/master by this push:
     new f1c8302  Suppresses Quarkus dependencies
f1c8302 is described below

commit f1c8302146f72ed4c6cadaab9f934824086041e9
Author: Lukasz Lenart <lu...@apache.org>
AuthorDate: Mon Dec 21 07:44:12 2020 +0100

    Suppresses Quarkus dependencies
---
 src/etc/project-suppression.xml | 47 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)

diff --git a/src/etc/project-suppression.xml b/src/etc/project-suppression.xml
index d26cabc..413495e 100644
--- a/src/etc/project-suppression.xml
+++ b/src/etc/project-suppression.xml
@@ -208,4 +208,51 @@
         <packageUrl regex="true">^pkg:maven/org\.apache\.struts/struts\-core@.*$</packageUrl>
         <vulnerabilityName>CVE-2015-2992</vulnerabilityName>
     </suppress>
+    <!-- quarkus, see: https://github.com/quarkusio/quarkus/issues/2611#issuecomment-553409186 -->
+    <suppress>
+        <notes>
+            <![CDATA[
+                Suppress the false positive CPE for quarkus-jdbc-postgresql to postgresql
+            ]]>
+        </notes>
+        <gav regex="true">^io\.quarkus:quarkus-jdbc-postgresql:.*$</gav>
+        <cpe>cpe:/a:postgresql:postgresql</cpe>
+    </suppress>
+    <suppress>
+        <notes>
+            <![CDATA[
+                Suppress the false positive CPE for quarkus-resteasy to resteasy
+            ]]>
+        </notes>
+        <gav regex="true">^io\.quarkus:quarkus-resteasy.*:.*$</gav>
+        <cpe>cpe:/a:redhat:resteasy</cpe>
+    </suppress>
+    <suppress>
+        <notes>
+            <![CDATA[
+                Suppress the false positive CPE for quarkus-undertow to undertow
+            ]]>
+        </notes>
+        <gav regex="true">^io\.quarkus:quarkus-undertow.*:.*$</gav>
+        <cpe>cpe:/a:redhat:undertow</cpe>
+    </suppress>
+    <suppress>
+        <notes>
+            <![CDATA[
+                Suppress the false positive CPE for quarkus-swagger-ui to swagger_project:swagger-ui
+            ]]>
+        </notes>
+        <gav regex="true">^io\.quarkus:quarkus-swagger-ui.*:.*$</gav>
+        <cpe>cpe:/a:swagger_project:swagger-ui</cpe>
+    </suppress>
+    <suppress>
+        <notes>
+            <![CDATA[
+                Suppress the false positive CPE for quarkus-netty to netty
+            ]]>
+        </notes>
+        <gav regex="true">^io\.quarkus:quarkus-netty.*:.*$</gav>
+        <cpe>cpe:/a:netty:netty</cpe>
+    </suppress>
+    <!-- quarkus -->
 </suppressions>
\ No newline at end of file