update to latest error prone to remove protobuf-java@3.19.2 vulnerabi…

…lity (#613)
openrewrite · Oct 1, 2024 · 058d2ff · 058d2ff
1 parent cb2af2c
commit 058d2ff
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 1 deletion.
diff --git a/build.gradle.kts b/build.gradle.kts
@@ -53,7 +53,7 @@ dependencies {
 
     annotationProcessor("org.openrewrite:rewrite-templating:${rewriteVersion}")
     implementation("org.openrewrite:rewrite-templating:${rewriteVersion}")
-    compileOnly("com.google.errorprone:error_prone_core:2.19.1:with-dependencies") {
+    compileOnly("com.google.errorprone:error_prone_core:2.+:with-dependencies") {
         exclude("com.google.auto.service", "auto-service-annotations")
     }
 

diff --git a/suppressions.xml b/suppressions.xml
@@ -1,3 +1,11 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+    <suppress until="2024-11-25Z">
+        <notes><![CDATA[
+                file name: rewrite-testing-frameworks-2.20.0-SNAPSHOT.jar: wiremock-jre8-2.35.0.jar: swagger-ui-bundle.js
+                false positive: js library that is shipped as part of this jar
+            ]]></notes>
+        <packageUrl regex="true">^pkg:javascript/DOMPurify@.*$</packageUrl>
+        <vulnerabilityName>CVE-2024-45801</vulnerabilityName>
+    </suppress>
 </suppressions>