You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@struts.apache.org by lu...@apache.org on 2020/11/08 07:30:31 UTC

[struts] branch master updated: WW-5094 Upgrades Spring and suppresses some TestNG dependencies

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/struts.git


The following commit(s) were added to refs/heads/master by this push:
     new fe5830c  WW-5094 Upgrades Spring and suppresses some TestNG dependencies
fe5830c is described below

commit fe5830c26b35112c1716770c03d84a54b5834c4f
Author: Lukasz Lenart <lu...@apache.org>
AuthorDate: Sun Nov 8 08:30:24 2020 +0100

    WW-5094 Upgrades Spring and suppresses some TestNG dependencies
---
 pom.xml                         |  2 +-
 src/etc/project-suppression.xml | 22 ++++++++++++++++++++++
 2 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 1fcaaca..accf230 100644
--- a/pom.xml
+++ b/pom.xml
@@ -113,7 +113,7 @@
         <log4j2.version>2.13.3</log4j2.version>
         <ognl.version>3.2.14</ognl.version>
         <slf4j.version>1.7.30</slf4j.version>
-        <spring.platformVersion>4.3.26.RELEASE</spring.platformVersion>
+        <spring.platformVersion>4.3.29.RELEASE</spring.platformVersion>
         <tiles.version>3.0.8</tiles.version>
         <tiles-request.version>1.0.7</tiles-request.version>
 
diff --git a/src/etc/project-suppression.xml b/src/etc/project-suppression.xml
index 35b6e53..80104ee 100644
--- a/src/etc/project-suppression.xml
+++ b/src/etc/project-suppression.xml
@@ -168,4 +168,26 @@
         <packageUrl regex="true">^pkg:maven/net\.sf\.oval/oval@.*$</packageUrl>
         <cpe>cpe:/a:xstream_project:xstream</cpe>
     </suppress>
+    <!-- TestNG -->
+    <suppress>
+        <notes><![CDATA[file name: guava-19.0.jar]]></notes>
+        <packageUrl regex="true">^pkg:maven/com\.google\.guava/guava@.*$</packageUrl>
+        <cve>CVE-2018-10237</cve>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[file name: snakeyaml-1.21.jar]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.yaml/snakeyaml@.*$</packageUrl>
+        <cve>CVE-2017-18640</cve>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[file name: testng-7.1.0.jar: jquery-3.4.1.min.js]]></notes>
+        <packageUrl regex="true">^pkg:javascript/jquery@.*$</packageUrl>
+        <cve>CVE-2020-11022</cve>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[file name: testng-7.1.0.jar: jquery-3.4.1.min.js]]></notes>
+        <packageUrl regex="true">^pkg:javascript/jquery@.*$</packageUrl>
+        <cve>CVE-2020-11023</cve>
+    </suppress>
+    <!-- TestNG -->
 </suppressions>
\ No newline at end of file