From 56e742fd1d604182842a2b18ef36f5775b424e33 Mon Sep 17 00:00:00 2001
From: Scott Jungling <scott.jungling@gmail.com>
Date: Mon, 12 Aug 2024 12:34:37 -0700
Subject: [PATCH] chore: add suppressions and local maven support (#110)

re: https://github.com/moderneinc/dependency-vulnerability-reports/issues/709
---
 settings.gradle.kts |  8 ++++++++
 suppressions.xml    | 14 +++++++-------
 2 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/settings.gradle.kts b/settings.gradle.kts
index 0499bb4..1e54f99 100644
--- a/settings.gradle.kts
+++ b/settings.gradle.kts
@@ -1,4 +1,12 @@
 rootProject.name = "rewrite-micronaut"
+pluginManagement {
+    repositories {
+        mavenLocal()
+        gradlePluginPortal()
+    }
+}
+
+
 
 plugins {
     id("com.gradle.develocity") version "latest.release"
diff --git a/suppressions.xml b/suppressions.xml
index 99f3dff..fe19e4c 100644
--- a/suppressions.xml
+++ b/suppressions.xml
@@ -1,12 +1,12 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
-    <suppress>
+    <suppress until="2024-09-25Z">
         <notes><![CDATA[
-            file name: snakeyaml-1.33.jar
-            Severity: HIGH
-            False positive: We are not parsing untrusted user input. Not used directly in this repository.
-        ]]></notes>
-        <packageUrl regex="true">^pkg:maven/org\.yaml/snakeyaml@.*$</packageUrl>
-        <cve>CVE-2022-1471</cve>
+   file name: micronaut-http-server-netty-2.5.13.jar
+       sev: HIGH
+         reason: False positive. Reference only
+]]></notes>
+        <sha1>02b015ea87093f1ff92ccdb7fb143ef0172dbfa6</sha1>
+        <cpe>cpe:/a:netty:netty</cpe>
     </suppress>
 </suppressions>
\ No newline at end of file