Update suppressions.xml

openrewrite · Jan 3, 2025 · a7acf54 · a7acf54
1 parent bf95508
commit a7acf54
Showing 1 changed file with 40 additions and 0 deletions.
diff --git a/suppressions.xml b/suppressions.xml
@@ -1,5 +1,45 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+    <suppress until="2025-01-02Z">
+        <notes><![CDATA[
+            file name: rewrite-gradle-8.14.0-SNAPSHOT.jar: gradle-core-api-6.1.1.jar
+            ]]></notes>
+        <cve>CVE-2020-11979</cve>
+        <cve>CVE-2021-29427</cve>
+        <cve>CVE-2021-29428</cve>
+        <cve>CVE-2021-29429</cve>
+        <cve>CVE-2021-32751</cve>
+        <cve>CVE-2023-35946</cve>
+        <cve>CVE-2023-35947</cve>
+        <cve>CVE-2023-42445</cve>
+        <cve>CVE-2023-44387</cve>
+    </suppress>
+    <suppress until="2025-01-02Z" >
+        <notes><![CDATA[
+            Already on the latest version
+            file name: rewrite-gradle-8.15.0-SNAPSHOT.jar: gradle-enterprise-gradle-plugin-3.16.2.jar
+            reason: false positive. Vulnerability is for Gradle proper, not this plugin which is latest version
+           ]]></notes>
+        <cve>CVE-2019-11065</cve>
+        <cve>CVE-2019-11402</cve>
+        <cve>CVE-2019-11403</cve>
+        <cve>CVE-2019-15052</cve>
+        <cve>CVE-2019-16370</cve>
+        <cve>CVE-2020-11979</cve>
+        <cve>CVE-2020-15767</cve>
+        <cve>CVE-2020-15773</cve>
+        <cve>CVE-2021-29428</cve>
+        <cve>CVE-2021-29429</cve>
+        <cve>CVE-2021-32751</cve>
+        <cve>CVE-2021-41589</cve>
+        <cve>CVE-2022-25364</cve>
+        <cve>CVE-2022-30587</cve>
+        <cve>CVE-2023-35946</cve>
+        <cve>CVE-2023-35947</cve>
+        <cve>CVE-2023-42445</cve>
+        <cve>CVE-2023-44387</cve>
+        <cve>CVE-2023-49238</cve>
+    </suppress>
     <suppress>
         <notes><![CDATA[
             Shaded dependency in latest version: