suppressions.xml

<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
    <suppress until="2024-12-17Z">
        <notes><![CDATA[
            file name: rewrite-gradle-8.14.0-SNAPSHOT.jar: gradle-core-api-6.1.1.jar
            ]]></notes>
        <cve>CVE-2020-11979</cve>
        <cve>CVE-2021-29427</cve>
        <cve>CVE-2021-29428</cve>
        <cve>CVE-2021-29429</cve>
        <cve>CVE-2021-32751</cve>
        <cve>CVE-2023-35946</cve>
        <cve>CVE-2023-35947</cve>
        <cve>CVE-2023-42445</cve>
        <cve>CVE-2023-44387</cve>
    </suppress>
    <suppress until="2024-12-17Z" >
        <notes><![CDATA[
            Already on the latest version
            file name: rewrite-gradle-8.15.0-SNAPSHOT.jar: gradle-enterprise-gradle-plugin-3.16.2.jar
            reason: false positive. Vulnerability is for Gradle proper, not this plugin which is latest version
           ]]></notes>
        <cve>CVE-2019-11065</cve>
        <cve>CVE-2019-11402</cve>
        <cve>CVE-2019-11403</cve>
        <cve>CVE-2019-15052</cve>
        <cve>CVE-2019-16370</cve>
        <cve>CVE-2020-11979</cve>
        <cve>CVE-2020-15767</cve>
        <cve>CVE-2020-15773</cve>
        <cve>CVE-2021-29428</cve>
        <cve>CVE-2021-29429</cve>
        <cve>CVE-2021-32751</cve>
        <cve>CVE-2021-41589</cve>
        <cve>CVE-2022-25364</cve>
        <cve>CVE-2022-30587</cve>
        <cve>CVE-2023-35946</cve>
        <cve>CVE-2023-35947</cve>
        <cve>CVE-2023-42445</cve>
        <cve>CVE-2023-44387</cve>
        <cve>CVE-2023-49238</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
            Shaded dependency in latest version:
           file name: kotlin-gradle-plugin-2.0.0-Beta2-gradle82.jar (shaded: com.google.guava:guava:31.1-jre)
           ]]></notes>
        <packageUrl regex="true">^pkg:maven/com\.google\.guava/guava@.*$</packageUrl>
        <vulnerabilityName>CVE-2023-2976</vulnerabilityName>
        <vulnerabilityName>CVE-2020-8908</vulnerabilityName>
    </suppress>
    <suppress until="2024-12-17Z">
        <notes><![CDATA[
            file name: rewrite-core-8.6.0-SNAPSHOT.jar (shaded: org.eclipse.jgit:org.eclipse.jgit:5.13.2.202306221912-r)
            Not relevant. And we pin to this version to support Java8.
            ]]></notes>
        <packageUrl regex="true">^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$</packageUrl>
        <vulnerabilityName>CVE-2023-4759</vulnerabilityName>
    </suppress>
    <suppress until="2024-11-22Z">
        <notes><![CDATA[
            Already on the latest version of develocity-gradle-plugin
            file name: rewrite-gradle-8.32.0.jar: develocity-gradle-plugin-3.17.6.jar: junit-platform-engine-1.10.3.jar
            reason: awaiting reanalysis
            ]]></notes>
        <cve>CVE-2023-45161</cve>
        <cve>CVE-2023-45163</cve>
        <cve>CVE-2023-5964</cve>
    </suppress>
</suppressions>