From 0b0b9b8ef097ca960c63e68e740ed583126d3ba6 Mon Sep 17 00:00:00 2001 From: "nikita.smirnov" Date: Mon, 29 Apr 2024 12:12:51 +0400 Subject: [PATCH] Avoided vulnerabilities --- build.gradle | 11 +++++++++-- supressions.xml | 10 ++++++++++ 2 files changed, 19 insertions(+), 2 deletions(-) create mode 100644 supressions.xml diff --git a/build.gradle b/build.gradle index 5768375..f66f236 100644 --- a/build.gradle +++ b/build.gradle @@ -3,7 +3,6 @@ plugins { id("java-library") id("maven-publish") - id "com.exactpro.th2.gradle.base" version "0.0.6" id "com.exactpro.th2.gradle.publish" version "0.0.6" id "me.champeau.jmh" version "0.7.2" @@ -39,7 +38,11 @@ dependencies { implementation "jakarta.xml.bind:jakarta.xml.bind-api:4.0.2" - implementation 'org.apache.avro:avro:1.11.3' + implementation'org.apache.avro:avro:1.11.3' + implementation('org.apache.commons:commons-compress:1.26.1') { + because("commons-compress:1.22 transitive dependency of avro:1.11.3 has vulnerabilities") + } + implementation 'commons-io:commons-io' implementation "io.github.microutils:kotlin-logging:3.0.5" @@ -63,4 +66,8 @@ test { jmh { //profilers = ['stack'] // Use profilers to collect additional data. Supported profilers: [cl, comp, gc, stack, perf, perfnorm, perfasm, xperf, xperfasm, hs_cl, hs_comp, hs_gc, hs_rt, hs_thr, async] +} + +dependencyCheck { + suppressionFile='supressions.xml' } \ No newline at end of file diff --git a/supressions.xml b/supressions.xml new file mode 100644 index 0000000..0c032ab --- /dev/null +++ b/supressions.xml @@ -0,0 +1,10 @@ + + + + + + + ^pkg:maven/com\.exactpro\.th2/grpc-.*@.*$ + cpe:/a:grpc:grpc + + \ No newline at end of file