chore: add suppressions and local maven support (#110)

re: moderneinc/dependency-vulnerability-reports#709
openrewrite · Aug 12, 2024 · 56e742f · 56e742f
1 parent 26b2e9a
commit 56e742f
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 7 deletions.
diff --git a/settings.gradle.kts b/settings.gradle.kts
@@ -1,4 +1,12 @@
 rootProject.name = "rewrite-micronaut"
+pluginManagement {
+    repositories {
+        mavenLocal()
+        gradlePluginPortal()
+    }
+}
+
+
 
 plugins {
     id("com.gradle.develocity") version "latest.release"

diff --git a/suppressions.xml b/suppressions.xml
@@ -1,12 +1,12 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
-    <suppress>
+    <suppress until="2024-09-25Z">
         <notes><![CDATA[
-            file name: snakeyaml-1.33.jar
-            Severity: HIGH
-            False positive: We are not parsing untrusted user input. Not used directly in this repository.
-        ]]></notes>
-        <packageUrl regex="true">^pkg:maven/org\.yaml/snakeyaml@.*$</packageUrl>
-        <cve>CVE-2022-1471</cve>
+   file name: micronaut-http-server-netty-2.5.13.jar
+       sev: HIGH
+         reason: False positive. Reference only
+]]></notes>
+        <sha1>02b015ea87093f1ff92ccdb7fb143ef0172dbfa6</sha1>
+        <cpe>cpe:/a:netty:netty</cpe>
     </suppress>
 </suppressions>