You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by lo...@apache.org on 2021/10/06 09:49:19 UTC
[myfaces-build-tools] branch master updated: feat: CVE suppression
for Tobago 5
This is an automated email from the ASF dual-hosted git repository.
lofwyr pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/myfaces-build-tools.git
The following commit(s) were added to refs/heads/master by this push:
new 58a54b3 feat: CVE suppression for Tobago 5
58a54b3 is described below
commit 58a54b38caa48cd475e273a9eaf4c4844738f104
Author: Udo Schnurpfeil <ud...@irian.eu>
AuthorDate: Wed Oct 6 11:48:53 2021 +0200
feat: CVE suppression for Tobago 5
npm building stuff
---
.../dependency-check-suppression-for-tobago-5.x.xml | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/other/checkstyle-rules/src/main/resources/tobago/dependency-check-suppression-for-tobago-5.x.xml b/other/checkstyle-rules/src/main/resources/tobago/dependency-check-suppression-for-tobago-5.x.xml
index a876900..80a16bd 100644
--- a/other/checkstyle-rules/src/main/resources/tobago/dependency-check-suppression-for-tobago-5.x.xml
+++ b/other/checkstyle-rules/src/main/resources/tobago/dependency-check-suppression-for-tobago-5.x.xml
@@ -32,4 +32,19 @@
<packageUrl regex="true">^pkg:maven/jakarta\.el/jakarta\.el-api@.*$</packageUrl>
<cve>CVE-2021-28170</cve>
</suppress>
+ <suppress>
+ <notes><![CDATA[ file name: lodash:4.17.21 ]]></notes>
+ <packageUrl regex="true">^pkg:npm/lodash@.*$</packageUrl>
+ <cpe>cpe:/a:lodash:lodash</cpe>
+ </suppress>
+ <suppress>
+ <notes><![CDATA[ file name: set-value:2.0.1 ]]></notes>
+ <packageUrl regex="true">^pkg:npm/set\-value@.*$</packageUrl>
+ <cpe>cpe:/a:set-value_project:set-value</cpe>
+ </suppress>
+ <suppress>
+ <notes><![CDATA[ file name: set-value:3.0.2 ]]></notes>
+ <packageUrl regex="true">^pkg:npm/set\-value@.*$</packageUrl>
+ <cpe>cpe:/a:set-value_project:set-value</cpe>
+ </suppress>
</suppressions>