You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by lo...@apache.org on 2022/12/08 23:03:08 UTC
[myfaces-build-tools] branch main updated: feat: cleanup
This is an automated email from the ASF dual-hosted git repository.
lofwyr pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/myfaces-build-tools.git
The following commit(s) were added to refs/heads/main by this push:
new 699dff1b feat: cleanup
699dff1b is described below
commit 699dff1bddb0a677ab2d022a325f5a4cb99344e6
Author: Udo Schnurpfeil <ud...@irian.eu>
AuthorDate: Fri Dec 9 00:02:58 2022 +0100
feat: cleanup
also some new issues
---
...dependency-check-suppression-for-tobago-5.x.xml | 90 ++--------------------
...dependency-check-suppression-for-tobago-6.x.xml | 67 +---------------
2 files changed, 9 insertions(+), 148 deletions(-)
diff --git a/other/checkstyle-rules/src/main/resources/tobago/dependency-check-suppression-for-tobago-5.x.xml b/other/checkstyle-rules/src/main/resources/tobago/dependency-check-suppression-for-tobago-5.x.xml
index 319caf26..8a69ab6c 100644
--- a/other/checkstyle-rules/src/main/resources/tobago/dependency-check-suppression-for-tobago-5.x.xml
+++ b/other/checkstyle-rules/src/main/resources/tobago/dependency-check-suppression-for-tobago-5.x.xml
@@ -2,96 +2,18 @@
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
- <suppress>
- <notes><![CDATA[ file name: jdom2-2.0.6.jar ]]></notes>
- <packageUrl regex="true">^pkg:maven/org\.jdom/jdom2@.*$</packageUrl>
- <cve>CVE-2021-33813</cve>
- </suppress>
- <suppress>
- <notes><![CDATA[ file name: path-parse:1.0.6 ]]></notes>
- <packageUrl regex="true">^pkg:npm/path\-parse@.*$</packageUrl>
- <cve>CVE-2021-23343</cve>
- </suppress>
- <suppress>
- <notes><![CDATA[ file name: glob-parent:6.0.0 ]]></notes>
- <packageUrl regex="true">^pkg:npm/glob\-parent@.*$</packageUrl>
- <vulnerabilityName>1751</vulnerabilityName>
- </suppress>
- <suppress>
- <notes><![CDATA[ file name: trim-newlines:4.0.1 ]]></notes>
- <packageUrl regex="true">^pkg:npm/trim\-newlines@.*$</packageUrl>
- <vulnerabilityName>1753</vulnerabilityName>
- </suppress>
- <suppress>
- <notes><![CDATA[ file name: trim-newlines:1.0.0 ]]></notes>
- <packageUrl regex="true">^pkg:npm/trim\-newlines@.*$</packageUrl>
- <cpe>cpe:/a:trim-newlines_project:trim-newlines</cpe>
- </suppress>
- <suppress>
- <notes><![CDATA[ file name: jakarta.el-api-3.0.3.jar ]]></notes>
- <packageUrl regex="true">^pkg:maven/jakarta\.el/jakarta\.el-api@.*$</packageUrl>
- <cve>CVE-2021-28170</cve>
- </suppress>
- <suppress>
- <notes><![CDATA[ file name: lodash:4.17.21 ]]></notes>
- <packageUrl regex="true">^pkg:npm/lodash@.*$</packageUrl>
- <cpe>cpe:/a:lodash:lodash</cpe>
- </suppress>
- <suppress>
- <notes><![CDATA[ file name: lodash:4.17.21 ]]></notes>
- <packageUrl regex="true">^pkg:npm/lodash@.*$</packageUrl>
- <vulnerabilityName>1002373</vulnerabilityName>
- </suppress> <suppress>
- <notes><![CDATA[ file name: set-value:2.0.1 ]]></notes>
- <packageUrl regex="true">^pkg:npm/set\-value@.*$</packageUrl>
- <cpe>cpe:/a:set-value_project:set-value</cpe>
- </suppress>
- <suppress>
- <notes><![CDATA[ file name: set-value:3.0.2 ]]></notes>
- <packageUrl regex="true">^pkg:npm/set\-value@.*$</packageUrl>
- <cpe>cpe:/a:set-value_project:set-value</cpe>
- </suppress>
- <suppress>
- <notes><![CDATA[ file name: set-value:2.0.1 ]]></notes>
- <packageUrl regex="true">^pkg:npm/set\-value@.*$</packageUrl>
- <vulnerabilityName>1002475</vulnerabilityName>
- </suppress>
<suppress>
<notes><![CDATA[ file name: spring-*-5.3.*.jar ]]></notes>
<cve>CVE-2016-1000027</cve>
</suppress>
<suppress>
- <!-- CVE is for linux watchman -->
- <notes><![CDATA[ file name: fb-watchman:2.0.1 ]]></notes>
- <packageUrl regex="true">^pkg:npm/fb\-watchman@.*$</packageUrl>
- <vulnerabilityName>CVE-2022-21944</vulnerabilityName>
- </suppress>
- <suppress>
- <!-- CVE was solved in 2.8.9 -->
- <notes><![CDATA[ file name: hosted-git-info:2.8.9 ]]></notes>
- <sha1>f58142bf71363f8925fecf8e1bce7f6a4e84af35</sha1>
- <vulnerabilityName>CVE-2021-23362</vulnerabilityName>
- </suppress>
- <suppress>
- <!-- CVE is for the example tomcat application -->
- <notes><![CDATA[ file name: tomcat-embed-core-9.0.64.jar ]]></notes>
- <packageUrl regex="true">^pkg:maven/org\.apache\.tomcat\.embed/tomcat\-embed\-.*@.*$</packageUrl>
- <cve>CVE-2022-34305</cve>
- </suppress>
- <suppress>
- <!-- CVE is a problem with AMS patch scripts -->
- <notes><![CDATA[ file name: log4j-api-2.17.2.jar ]]></notes>
- <packageUrl regex="true">^pkg:maven/org\.apache\.logging\.log4j/log4j\-api@.*$</packageUrl>
- <cve>CVE-2022-33915</cve>
- </suppress>
- <suppress>
- <notes><![CDATA[ file name: logback-core-1.3.0.jar logback-classic-1.3.0.jar ]]></notes>
- <packageUrl regex="true">^pkg:maven/ch\.qos\.logback/logback\-.*@.*$</packageUrl>
- <cve>CVE-2021-42550</cve>
+ <notes><![CDATA[ file name: snakeyaml-1.33.jar ]]></notes>
+ <packageUrl regex="true">^pkg:maven/org\.yaml/snakeyaml@.*$</packageUrl>
+ <vulnerabilityName>CVE-2022-1471</vulnerabilityName>
</suppress>
<suppress>
- <notes><![CDATA[ file name: snakeyaml-1.32.jar ]]></notes>
- <packageUrl regex="true">^pkg:maven/org\.yaml/snakeyaml@.*$</packageUrl>
- <vulnerabilityName>CVE-2022-38752</vulnerabilityName>
+ <notes><![CDATA[ file name: commons-*.jar ]]></notes>
+ <packageUrl regex="true">^pkg:maven/commons\-.*/commons\-.*@.*$</packageUrl>
+ <cve>CVE-2021-37533</cve>
</suppress>
</suppressions>
diff --git a/other/checkstyle-rules/src/main/resources/tobago/dependency-check-suppression-for-tobago-6.x.xml b/other/checkstyle-rules/src/main/resources/tobago/dependency-check-suppression-for-tobago-6.x.xml
index 4ad7346a..a42a7553 100644
--- a/other/checkstyle-rules/src/main/resources/tobago/dependency-check-suppression-for-tobago-6.x.xml
+++ b/other/checkstyle-rules/src/main/resources/tobago/dependency-check-suppression-for-tobago-6.x.xml
@@ -3,69 +3,8 @@
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
<suppress>
- <notes><![CDATA[ file name: jdom2-2.0.6.jar ]]></notes>
- <packageUrl regex="true">^pkg:maven/org\.jdom/jdom2@.*$</packageUrl>
- <cve>CVE-2021-33813</cve>
- </suppress>
- <suppress>
- <notes><![CDATA[ file name: path-parse:1.0.6 ]]></notes>
- <packageUrl regex="true">^pkg:npm/path\-parse@.*$</packageUrl>
- <cve>CVE-2021-23343</cve>
- </suppress>
- <suppress>
- <notes><![CDATA[ file name: glob-parent:6.0.0 ]]></notes>
- <packageUrl regex="true">^pkg:npm/glob\-parent@.*$</packageUrl>
- <vulnerabilityName>1751</vulnerabilityName>
- </suppress>
- <suppress>
- <notes><![CDATA[ file name: trim-newlines:4.0.1 ]]></notes>
- <packageUrl regex="true">^pkg:npm/trim\-newlines@.*$</packageUrl>
- <vulnerabilityName>1753</vulnerabilityName>
- </suppress>
- <suppress>
- <notes><![CDATA[ file name: trim-newlines:1.0.0 ]]></notes>
- <packageUrl regex="true">^pkg:npm/trim\-newlines@.*$</packageUrl>
- <cpe>cpe:/a:trim-newlines_project:trim-newlines</cpe>
- </suppress>
- <suppress>
- <notes><![CDATA[ file name: jakarta.el-api-3.0.3.jar ]]></notes>
- <packageUrl regex="true">^pkg:maven/jakarta\.el/jakarta\.el-api@.*$</packageUrl>
- <cve>CVE-2021-28170</cve>
- </suppress>
- <suppress>
- <notes><![CDATA[ file name: lodash:4.17.21 ]]></notes>
- <packageUrl regex="true">^pkg:npm/lodash@.*$</packageUrl>
- <cpe>cpe:/a:lodash:lodash</cpe>
- </suppress>
- <suppress>
- <notes><![CDATA[ file name: lodash:4.17.21 ]]></notes>
- <packageUrl regex="true">^pkg:npm/lodash@.*$</packageUrl>
- <vulnerabilityName>1002373</vulnerabilityName>
- </suppress> <suppress>
- <notes><![CDATA[ file name: set-value:2.0.1 ]]></notes>
- <packageUrl regex="true">^pkg:npm/set\-value@.*$</packageUrl>
- <cpe>cpe:/a:set-value_project:set-value</cpe>
- </suppress>
- <suppress>
- <notes><![CDATA[ file name: set-value:3.0.2 ]]></notes>
- <packageUrl regex="true">^pkg:npm/set\-value@.*$</packageUrl>
- <cpe>cpe:/a:set-value_project:set-value</cpe>
- </suppress>
- <suppress>
- <notes><![CDATA[ file name: set-value:2.0.1 ]]></notes>
- <packageUrl regex="true">^pkg:npm/set\-value@.*$</packageUrl>
- <vulnerabilityName>1002475</vulnerabilityName>
- </suppress>
- <suppress>
- <!-- CVE is for linux watchman -->
- <notes><![CDATA[ file name: fb-watchman:2.0.1 ]]></notes>
- <packageUrl regex="true">^pkg:npm/fb\-watchman@.*$</packageUrl>
- <vulnerabilityName>CVE-2022-21944</vulnerabilityName>
- </suppress>
- <suppress>
- <!-- CVE was solved in 2.8.9 -->
- <notes><![CDATA[ file name: hosted-git-info:2.8.9 ]]></notes>
- <sha1>f58142bf71363f8925fecf8e1bce7f6a4e84af35</sha1>
- <vulnerabilityName>CVE-2021-23362</vulnerabilityName>
+ <notes><![CDATA[ file name: commons-*.jar ]]></notes>
+ <packageUrl regex="true">^pkg:maven/commons\-.*/commons\-.*@.*$</packageUrl>
+ <cve>CVE-2021-37533</cve>
</suppress>
</suppressions>