[struts-examples] branch master updated: Suppresses Quarkus dependencies

Sun, 20 Dec 2020 22:44:37 -0800 

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/struts-examples.git


The following commit(s) were added to refs/heads/master by this push:
     new f1c8302  Suppresses Quarkus dependencies
f1c8302 is described below

commit f1c8302146f72ed4c6cadaab9f934824086041e9
Author: Lukasz Lenart <lukaszlen...@apache.org>
AuthorDate: Mon Dec 21 07:44:12 2020 +0100

    Suppresses Quarkus dependencies
---
 src/etc/project-suppression.xml | 47 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)

diff --git a/src/etc/project-suppression.xml b/src/etc/project-suppression.xml
index d26cabc..413495e 100644
--- a/src/etc/project-suppression.xml
+++ b/src/etc/project-suppression.xml
@@ -208,4 +208,51 @@
         <packageUrl 
regex="true">^pkg:maven/org\.apache\.struts/struts\-core@.*$</packageUrl>
         <vulnerabilityName>CVE-2015-2992</vulnerabilityName>
     </suppress>
+    <!-- quarkus, see: 
https://github.com/quarkusio/quarkus/issues/2611#issuecomment-553409186 -->
+    <suppress>
+        <notes>
+            <![CDATA[
+                Suppress the false positive CPE for quarkus-jdbc-postgresql to 
postgresql
+            ]]>
+        </notes>
+        <gav regex="true">^io\.quarkus:quarkus-jdbc-postgresql:.*$</gav>
+        <cpe>cpe:/a:postgresql:postgresql</cpe>
+    </suppress>
+    <suppress>
+        <notes>
+            <![CDATA[
+                Suppress the false positive CPE for quarkus-resteasy to 
resteasy
+            ]]>
+        </notes>
+        <gav regex="true">^io\.quarkus:quarkus-resteasy.*:.*$</gav>
+        <cpe>cpe:/a:redhat:resteasy</cpe>
+    </suppress>
+    <suppress>
+        <notes>
+            <![CDATA[
+                Suppress the false positive CPE for quarkus-undertow to 
undertow
+            ]]>
+        </notes>
+        <gav regex="true">^io\.quarkus:quarkus-undertow.*:.*$</gav>
+        <cpe>cpe:/a:redhat:undertow</cpe>
+    </suppress>
+    <suppress>
+        <notes>
+            <![CDATA[
+                Suppress the false positive CPE for quarkus-swagger-ui to 
swagger_project:swagger-ui
+            ]]>
+        </notes>
+        <gav regex="true">^io\.quarkus:quarkus-swagger-ui.*:.*$</gav>
+        <cpe>cpe:/a:swagger_project:swagger-ui</cpe>
+    </suppress>
+    <suppress>
+        <notes>
+            <![CDATA[
+                Suppress the false positive CPE for quarkus-netty to netty
+            ]]>
+        </notes>
+        <gav regex="true">^io\.quarkus:quarkus-netty.*:.*$</gav>
+        <cpe>cpe:/a:netty:netty</cpe>
+    </suppress>
+    <!-- quarkus -->
 </suppressions>
\ No newline at end of file

Reply via email to