You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@struts.apache.org by lu...@apache.org on 2020/11/08 07:30:31 UTC
[struts] branch master updated: WW-5094 Upgrades Spring and
suppresses some TestNG dependencies
This is an automated email from the ASF dual-hosted git repository.
lukaszlenart pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/struts.git
The following commit(s) were added to refs/heads/master by this push:
new fe5830c WW-5094 Upgrades Spring and suppresses some TestNG dependencies
fe5830c is described below
commit fe5830c26b35112c1716770c03d84a54b5834c4f
Author: Lukasz Lenart <lu...@apache.org>
AuthorDate: Sun Nov 8 08:30:24 2020 +0100
WW-5094 Upgrades Spring and suppresses some TestNG dependencies
---
pom.xml | 2 +-
src/etc/project-suppression.xml | 22 ++++++++++++++++++++++
2 files changed, 23 insertions(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index 1fcaaca..accf230 100644
--- a/pom.xml
+++ b/pom.xml
@@ -113,7 +113,7 @@
<log4j2.version>2.13.3</log4j2.version>
<ognl.version>3.2.14</ognl.version>
<slf4j.version>1.7.30</slf4j.version>
- <spring.platformVersion>4.3.26.RELEASE</spring.platformVersion>
+ <spring.platformVersion>4.3.29.RELEASE</spring.platformVersion>
<tiles.version>3.0.8</tiles.version>
<tiles-request.version>1.0.7</tiles-request.version>
diff --git a/src/etc/project-suppression.xml b/src/etc/project-suppression.xml
index 35b6e53..80104ee 100644
--- a/src/etc/project-suppression.xml
+++ b/src/etc/project-suppression.xml
@@ -168,4 +168,26 @@
<packageUrl regex="true">^pkg:maven/net\.sf\.oval/oval@.*$</packageUrl>
<cpe>cpe:/a:xstream_project:xstream</cpe>
</suppress>
+ <!-- TestNG -->
+ <suppress>
+ <notes><![CDATA[file name: guava-19.0.jar]]></notes>
+ <packageUrl regex="true">^pkg:maven/com\.google\.guava/guava@.*$</packageUrl>
+ <cve>CVE-2018-10237</cve>
+ </suppress>
+ <suppress>
+ <notes><![CDATA[file name: snakeyaml-1.21.jar]]></notes>
+ <packageUrl regex="true">^pkg:maven/org\.yaml/snakeyaml@.*$</packageUrl>
+ <cve>CVE-2017-18640</cve>
+ </suppress>
+ <suppress>
+ <notes><![CDATA[file name: testng-7.1.0.jar: jquery-3.4.1.min.js]]></notes>
+ <packageUrl regex="true">^pkg:javascript/jquery@.*$</packageUrl>
+ <cve>CVE-2020-11022</cve>
+ </suppress>
+ <suppress>
+ <notes><![CDATA[file name: testng-7.1.0.jar: jquery-3.4.1.min.js]]></notes>
+ <packageUrl regex="true">^pkg:javascript/jquery@.*$</packageUrl>
+ <cve>CVE-2020-11023</cve>
+ </suppress>
+ <!-- TestNG -->
</suppressions>
\ No newline at end of file