You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by lo...@apache.org on 2022/12/08 23:03:08 UTC

[myfaces-build-tools] branch main updated: feat: cleanup

This is an automated email from the ASF dual-hosted git repository.

lofwyr pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/myfaces-build-tools.git


The following commit(s) were added to refs/heads/main by this push:
     new 699dff1b feat: cleanup
699dff1b is described below

commit 699dff1bddb0a677ab2d022a325f5a4cb99344e6
Author: Udo Schnurpfeil <ud...@irian.eu>
AuthorDate: Fri Dec 9 00:02:58 2022 +0100

    feat: cleanup
    
    also some new issues
---
 ...dependency-check-suppression-for-tobago-5.x.xml | 90 ++--------------------
 ...dependency-check-suppression-for-tobago-6.x.xml | 67 +---------------
 2 files changed, 9 insertions(+), 148 deletions(-)

diff --git a/other/checkstyle-rules/src/main/resources/tobago/dependency-check-suppression-for-tobago-5.x.xml b/other/checkstyle-rules/src/main/resources/tobago/dependency-check-suppression-for-tobago-5.x.xml
index 319caf26..8a69ab6c 100644
--- a/other/checkstyle-rules/src/main/resources/tobago/dependency-check-suppression-for-tobago-5.x.xml
+++ b/other/checkstyle-rules/src/main/resources/tobago/dependency-check-suppression-for-tobago-5.x.xml
@@ -2,96 +2,18 @@
 <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd"
               xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
               xsi:schemaLocation="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
-  <suppress>
-    <notes><![CDATA[ file name: jdom2-2.0.6.jar ]]></notes>
-    <packageUrl regex="true">^pkg:maven/org\.jdom/jdom2@.*$</packageUrl>
-    <cve>CVE-2021-33813</cve>
-  </suppress>
-  <suppress>
-    <notes><![CDATA[ file name: path-parse:1.0.6 ]]></notes>
-    <packageUrl regex="true">^pkg:npm/path\-parse@.*$</packageUrl>
-    <cve>CVE-2021-23343</cve>
-  </suppress>
-  <suppress>
-    <notes><![CDATA[ file name: glob-parent:6.0.0 ]]></notes>
-    <packageUrl regex="true">^pkg:npm/glob\-parent@.*$</packageUrl>
-    <vulnerabilityName>1751</vulnerabilityName>
-  </suppress>
-  <suppress>
-    <notes><![CDATA[ file name: trim-newlines:4.0.1 ]]></notes>
-    <packageUrl regex="true">^pkg:npm/trim\-newlines@.*$</packageUrl>
-    <vulnerabilityName>1753</vulnerabilityName>
-  </suppress>
-  <suppress>
-    <notes><![CDATA[ file name: trim-newlines:1.0.0 ]]></notes>
-    <packageUrl regex="true">^pkg:npm/trim\-newlines@.*$</packageUrl>
-    <cpe>cpe:/a:trim-newlines_project:trim-newlines</cpe>
-  </suppress>
-  <suppress>
-    <notes><![CDATA[ file name: jakarta.el-api-3.0.3.jar ]]></notes>
-    <packageUrl regex="true">^pkg:maven/jakarta\.el/jakarta\.el-api@.*$</packageUrl>
-    <cve>CVE-2021-28170</cve>
-  </suppress>
-  <suppress>
-    <notes><![CDATA[ file name: lodash:4.17.21 ]]></notes>
-    <packageUrl regex="true">^pkg:npm/lodash@.*$</packageUrl>
-    <cpe>cpe:/a:lodash:lodash</cpe>
-  </suppress>
-  <suppress>
-    <notes><![CDATA[ file name: lodash:4.17.21 ]]></notes>
-    <packageUrl regex="true">^pkg:npm/lodash@.*$</packageUrl>
-    <vulnerabilityName>1002373</vulnerabilityName>
-  </suppress>  <suppress>
-    <notes><![CDATA[ file name: set-value:2.0.1 ]]></notes>
-    <packageUrl regex="true">^pkg:npm/set\-value@.*$</packageUrl>
-    <cpe>cpe:/a:set-value_project:set-value</cpe>
-  </suppress>
-  <suppress>
-    <notes><![CDATA[ file name: set-value:3.0.2 ]]></notes>
-    <packageUrl regex="true">^pkg:npm/set\-value@.*$</packageUrl>
-    <cpe>cpe:/a:set-value_project:set-value</cpe>
-  </suppress>
-  <suppress>
-    <notes><![CDATA[ file name: set-value:2.0.1 ]]></notes>
-    <packageUrl regex="true">^pkg:npm/set\-value@.*$</packageUrl>
-    <vulnerabilityName>1002475</vulnerabilityName>
-  </suppress>
   <suppress>
     <notes><![CDATA[ file name: spring-*-5.3.*.jar ]]></notes>
     <cve>CVE-2016-1000027</cve>
   </suppress>
   <suppress>
-    <!-- CVE is for linux watchman -->
-    <notes><![CDATA[ file name: fb-watchman:2.0.1 ]]></notes>
-    <packageUrl regex="true">^pkg:npm/fb\-watchman@.*$</packageUrl>
-    <vulnerabilityName>CVE-2022-21944</vulnerabilityName>
-  </suppress>
-  <suppress>
-    <!-- CVE was solved in 2.8.9 -->
-    <notes><![CDATA[ file name: hosted-git-info:2.8.9 ]]></notes>
-    <sha1>f58142bf71363f8925fecf8e1bce7f6a4e84af35</sha1>
-    <vulnerabilityName>CVE-2021-23362</vulnerabilityName>
-  </suppress>
-  <suppress>
-    <!-- CVE is for the example tomcat application -->
-    <notes><![CDATA[ file name: tomcat-embed-core-9.0.64.jar ]]></notes>
-    <packageUrl regex="true">^pkg:maven/org\.apache\.tomcat\.embed/tomcat\-embed\-.*@.*$</packageUrl>
-    <cve>CVE-2022-34305</cve>
-  </suppress>
-  <suppress>
-    <!-- CVE is a problem with AMS patch scripts -->
-    <notes><![CDATA[ file name: log4j-api-2.17.2.jar ]]></notes>
-    <packageUrl regex="true">^pkg:maven/org\.apache\.logging\.log4j/log4j\-api@.*$</packageUrl>
-    <cve>CVE-2022-33915</cve>
-  </suppress>
-  <suppress>
-    <notes><![CDATA[ file name: logback-core-1.3.0.jar logback-classic-1.3.0.jar ]]></notes>
-    <packageUrl regex="true">^pkg:maven/ch\.qos\.logback/logback\-.*@.*$</packageUrl>
-    <cve>CVE-2021-42550</cve>
+    <notes><![CDATA[ file name: snakeyaml-1.33.jar ]]></notes>
+    <packageUrl regex="true">^pkg:maven/org\.yaml/snakeyaml@.*$</packageUrl>
+    <vulnerabilityName>CVE-2022-1471</vulnerabilityName>
   </suppress>
   <suppress>
-    <notes><![CDATA[ file name: snakeyaml-1.32.jar ]]></notes>
-    <packageUrl regex="true">^pkg:maven/org\.yaml/snakeyaml@.*$</packageUrl>
-    <vulnerabilityName>CVE-2022-38752</vulnerabilityName>
+    <notes><![CDATA[ file name: commons-*.jar ]]></notes>
+    <packageUrl regex="true">^pkg:maven/commons\-.*/commons\-.*@.*$</packageUrl>
+    <cve>CVE-2021-37533</cve>
   </suppress>
 </suppressions>
diff --git a/other/checkstyle-rules/src/main/resources/tobago/dependency-check-suppression-for-tobago-6.x.xml b/other/checkstyle-rules/src/main/resources/tobago/dependency-check-suppression-for-tobago-6.x.xml
index 4ad7346a..a42a7553 100644
--- a/other/checkstyle-rules/src/main/resources/tobago/dependency-check-suppression-for-tobago-6.x.xml
+++ b/other/checkstyle-rules/src/main/resources/tobago/dependency-check-suppression-for-tobago-6.x.xml
@@ -3,69 +3,8 @@
               xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
               xsi:schemaLocation="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
   <suppress>
-    <notes><![CDATA[ file name: jdom2-2.0.6.jar ]]></notes>
-    <packageUrl regex="true">^pkg:maven/org\.jdom/jdom2@.*$</packageUrl>
-    <cve>CVE-2021-33813</cve>
-  </suppress>
-  <suppress>
-    <notes><![CDATA[ file name: path-parse:1.0.6 ]]></notes>
-    <packageUrl regex="true">^pkg:npm/path\-parse@.*$</packageUrl>
-    <cve>CVE-2021-23343</cve>
-  </suppress>
-  <suppress>
-    <notes><![CDATA[ file name: glob-parent:6.0.0 ]]></notes>
-    <packageUrl regex="true">^pkg:npm/glob\-parent@.*$</packageUrl>
-    <vulnerabilityName>1751</vulnerabilityName>
-  </suppress>
-  <suppress>
-    <notes><![CDATA[ file name: trim-newlines:4.0.1 ]]></notes>
-    <packageUrl regex="true">^pkg:npm/trim\-newlines@.*$</packageUrl>
-    <vulnerabilityName>1753</vulnerabilityName>
-  </suppress>
-  <suppress>
-    <notes><![CDATA[ file name: trim-newlines:1.0.0 ]]></notes>
-    <packageUrl regex="true">^pkg:npm/trim\-newlines@.*$</packageUrl>
-    <cpe>cpe:/a:trim-newlines_project:trim-newlines</cpe>
-  </suppress>
-  <suppress>
-    <notes><![CDATA[ file name: jakarta.el-api-3.0.3.jar ]]></notes>
-    <packageUrl regex="true">^pkg:maven/jakarta\.el/jakarta\.el-api@.*$</packageUrl>
-    <cve>CVE-2021-28170</cve>
-  </suppress>
-  <suppress>
-    <notes><![CDATA[ file name: lodash:4.17.21 ]]></notes>
-    <packageUrl regex="true">^pkg:npm/lodash@.*$</packageUrl>
-    <cpe>cpe:/a:lodash:lodash</cpe>
-  </suppress>
-  <suppress>
-    <notes><![CDATA[ file name: lodash:4.17.21 ]]></notes>
-    <packageUrl regex="true">^pkg:npm/lodash@.*$</packageUrl>
-    <vulnerabilityName>1002373</vulnerabilityName>
-  </suppress>  <suppress>
-    <notes><![CDATA[ file name: set-value:2.0.1 ]]></notes>
-    <packageUrl regex="true">^pkg:npm/set\-value@.*$</packageUrl>
-    <cpe>cpe:/a:set-value_project:set-value</cpe>
-  </suppress>
-  <suppress>
-    <notes><![CDATA[ file name: set-value:3.0.2 ]]></notes>
-    <packageUrl regex="true">^pkg:npm/set\-value@.*$</packageUrl>
-    <cpe>cpe:/a:set-value_project:set-value</cpe>
-  </suppress>
-  <suppress>
-    <notes><![CDATA[ file name: set-value:2.0.1 ]]></notes>
-    <packageUrl regex="true">^pkg:npm/set\-value@.*$</packageUrl>
-    <vulnerabilityName>1002475</vulnerabilityName>
-  </suppress>
-  <suppress>
-    <!-- CVE is for linux watchman -->
-    <notes><![CDATA[ file name: fb-watchman:2.0.1 ]]></notes>
-    <packageUrl regex="true">^pkg:npm/fb\-watchman@.*$</packageUrl>
-    <vulnerabilityName>CVE-2022-21944</vulnerabilityName>
-  </suppress>
-  <suppress>
-    <!-- CVE was solved in 2.8.9 -->
-    <notes><![CDATA[ file name: hosted-git-info:2.8.9 ]]></notes>
-    <sha1>f58142bf71363f8925fecf8e1bce7f6a4e84af35</sha1>
-    <vulnerabilityName>CVE-2021-23362</vulnerabilityName>
+    <notes><![CDATA[ file name: commons-*.jar ]]></notes>
+    <packageUrl regex="true">^pkg:maven/commons\-.*/commons\-.*@.*$</packageUrl>
+    <cve>CVE-2021-37533</cve>
   </suppress>
 </suppressions>