You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by lo...@apache.org on 2021/10/07 09:19:12 UTC

[myfaces-build-tools] branch master updated: feat: CVE suppression for Tobago 6

This is an automated email from the ASF dual-hosted git repository.

lofwyr pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/myfaces-build-tools.git


The following commit(s) were added to refs/heads/master by this push:
     new 46ed412  feat: CVE suppression for Tobago 6
46ed412 is described below

commit 46ed4121878fe92d9f611b4b9e7b2256bbbea2b8
Author: Udo Schnurpfeil <ud...@irian.eu>
AuthorDate: Thu Oct 7 11:19:01 2021 +0200

    feat: CVE suppression for Tobago 6
    
    currently same as in Tobago 5
---
 ...dependency-check-suppression-for-tobago-6.x.xml | 50 ++++++++++++++++++++++
 1 file changed, 50 insertions(+)

diff --git a/other/checkstyle-rules/src/main/resources/tobago/dependency-check-suppression-for-tobago-6.x.xml b/other/checkstyle-rules/src/main/resources/tobago/dependency-check-suppression-for-tobago-6.x.xml
new file mode 100644
index 0000000..80a16bd
--- /dev/null
+++ b/other/checkstyle-rules/src/main/resources/tobago/dependency-check-suppression-for-tobago-6.x.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd"
+              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+              xsi:schemaLocation="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+  <suppress>
+    <notes><![CDATA[ file name: jdom2-2.0.6.jar ]]></notes>
+    <packageUrl regex="true">^pkg:maven/org\.jdom/jdom2@.*$</packageUrl>
+    <cve>CVE-2021-33813</cve>
+  </suppress>
+  <suppress>
+    <notes><![CDATA[ file name: path-parse:1.0.6 ]]></notes>
+    <packageUrl regex="true">^pkg:npm/path\-parse@.*$</packageUrl>
+    <cve>CVE-2021-23343</cve>
+  </suppress>
+  <suppress>
+    <notes><![CDATA[ file name: glob-parent:6.0.0 ]]></notes>
+    <packageUrl regex="true">^pkg:npm/glob\-parent@.*$</packageUrl>
+    <vulnerabilityName>1751</vulnerabilityName>
+  </suppress>
+  <suppress>
+    <notes><![CDATA[ file name: trim-newlines:4.0.1 ]]></notes>
+    <packageUrl regex="true">^pkg:npm/trim\-newlines@.*$</packageUrl>
+    <vulnerabilityName>1753</vulnerabilityName>
+  </suppress>
+  <suppress>
+    <notes><![CDATA[ file name: trim-newlines:1.0.0 ]]></notes>
+    <packageUrl regex="true">^pkg:npm/trim\-newlines@.*$</packageUrl>
+    <cpe>cpe:/a:trim-newlines_project:trim-newlines</cpe>
+  </suppress>
+  <suppress>
+    <notes><![CDATA[ file name: jakarta.el-api-3.0.3.jar ]]></notes>
+    <packageUrl regex="true">^pkg:maven/jakarta\.el/jakarta\.el-api@.*$</packageUrl>
+    <cve>CVE-2021-28170</cve>
+  </suppress>
+  <suppress>
+    <notes><![CDATA[ file name: lodash:4.17.21 ]]></notes>
+    <packageUrl regex="true">^pkg:npm/lodash@.*$</packageUrl>
+    <cpe>cpe:/a:lodash:lodash</cpe>
+  </suppress>
+  <suppress>
+    <notes><![CDATA[ file name: set-value:2.0.1 ]]></notes>
+    <packageUrl regex="true">^pkg:npm/set\-value@.*$</packageUrl>
+    <cpe>cpe:/a:set-value_project:set-value</cpe>
+  </suppress>
+  <suppress>
+    <notes><![CDATA[ file name: set-value:3.0.2 ]]></notes>
+    <packageUrl regex="true">^pkg:npm/set\-value@.*$</packageUrl>
+    <cpe>cpe:/a:set-value_project:set-value</cpe>
+  </suppress>
+</suppressions>