From f494272184fcbf6a68e511fd5f5f10122bed1ee4 Mon Sep 17 00:00:00 2001
From: Scott Jungling <scott.jungling@gmail.com>
Date: Mon, 12 Aug 2024 12:30:12 -0700
Subject: [PATCH] chore: add suppressions and support for maven local (#16)

re: https://github.com/moderneinc/dependency-vulnerability-reports/issues/709
---
 settings.gradle.kts |  7 +++++++
 suppressions.xml    | 21 +++++++++++++++++++++
 2 files changed, 28 insertions(+)
 create mode 100644 suppressions.xml

diff --git a/settings.gradle.kts b/settings.gradle.kts
index f63900e..5bf2710 100644
--- a/settings.gradle.kts
+++ b/settings.gradle.kts
@@ -1,5 +1,12 @@
 rootProject.name = "rewrite-third-party"
 
+pluginManagement {
+    repositories {
+        mavenLocal()
+        gradlePluginPortal()
+    }
+}
+
 plugins {
     id("com.gradle.enterprise") version "latest.release"
     id("com.gradle.common-custom-user-data-gradle-plugin") version "1.12.1"
diff --git a/suppressions.xml b/suppressions.xml
new file mode 100644
index 0000000..20d155c
--- /dev/null
+++ b/suppressions.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+    <suppress until="2024-09-25Z">
+        <notes><![CDATA[
+   file name: quarkus-update-recipes-1.0.19.jar
+       sev: HIGH
+         reason: False positive. Reference only
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/io\.quarkus/quarkus-update-recipes@.*$</packageUrl>
+        <cpe>cpe:/a:quarkus:quarkus</cpe>
+    </suppress>
+    <suppress until="2024-09-25Z">
+        <notes><![CDATA[
+   file name: testng-7.5.jar
+       sev: HIGH
+         reason: False positive. Reference only
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.testng/testng@.*$</packageUrl>
+        <vulnerabilityName>CVE-2022-4065</vulnerabilityName>
+    </suppress>
+</suppressions>
\ No newline at end of file