Avoided vulnerabilities

build.gradle

@@ -3,7 +3,6 @@ plugins {
     id("java-library")
     id("maven-publish")
 
-    id "com.exactpro.th2.gradle.base" version "0.0.6"
     id "com.exactpro.th2.gradle.publish" version "0.0.6"
 
     id "me.champeau.jmh" version "0.7.2"
@@ -39,7 +38,11 @@ dependencies {
     implementation "jakarta.xml.bind:jakarta.xml.bind-api:4.0.2"
 
 
-    implementation 'org.apache.avro:avro:1.11.3'
+    implementation'org.apache.avro:avro:1.11.3'
+    implementation('org.apache.commons:commons-compress:1.26.1') {
+        because("commons-compress:1.22 transitive dependency of avro:1.11.3 has vulnerabilities")
+    }
+
     implementation 'commons-io:commons-io'
 
     implementation "io.github.microutils:kotlin-logging:3.0.5"
@@ -63,4 +66,8 @@ test {
 
 jmh {
     //profilers = ['stack'] // Use profilers to collect additional data. Supported profilers: [cl, comp, gc, stack, perf, perfnorm, perfasm, xperf, xperfasm, hs_cl, hs_comp, hs_gc, hs_rt, hs_thr, async]
+}
+
+dependencyCheck {
+    suppressionFile='supressions.xml'
 }

supressions.xml

@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- FIXME: find out approach to solve problem when any artifact with grpc word in name is marked as cpe:/a:grpc:grpc -->
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+    <suppress base="true">
+        <notes><![CDATA[FP per issue https://github.com/jeremylong/DependencyCheck/issues/2995]]>
+        </notes>
+        <packageUrl regex="true">^pkg:maven/com\.exactpro\.th2/grpc-.*@.*$</packageUrl>
+        <cpe>cpe:/a:grpc:grpc</cpe>
+    </suppress>
+</suppressions>