Merge pull request #36 from openrewrite/chore/depedency-vulnerabilities

chore: update suppression & resolve latest commons-compress

build.gradle.kts

@@ -117,11 +117,19 @@ repositories {
 
 configurations.all {
     resolutionStrategy {
+        eachDependency {
+            if (requested.group == "org.apache.commons"
+                && requested.name == "commons-compress"
+                && requested.version.toString().startsWith("1.25")
+            ) {
+                useVersion("1.26.0")
+            }
+        }
         cacheChangingModulesFor(0, TimeUnit.SECONDS)
         cacheDynamicVersionsFor(0, TimeUnit.SECONDS)
-        if(name.startsWith("test")) {
+        if (name.startsWith("test")) {
             eachDependency {
-                if(requested.name == "groovy-xml") {
+                if (requested.name == "groovy-xml") {
                     useVersion("3.0.9")
                 }
             }

suppressions.xml

@@ -75,7 +75,7 @@
         <cve>CVE-2023-44387</cve>
         <cve>CVE-2023-49238</cve>
     </suppress>
-    <suppress until="2024-02-28Z">
+    <suppress until="2024-03-28Z">
         <notes><![CDATA[
         file name: spring-asm-3.1.3.RELEASE.jar
         ]]></notes>
@@ -100,7 +100,7 @@
         <cve>CVE-2014-3625</cve>
         <cve>CVE-2014-1904</cve>
     </suppress>
-    <suppress until="2024-02-28Z">
+    <suppress until="2024-03-28Z">
         <notes><![CDATA[
         file name: spring-core-3.1.3.RELEASE.jar
         ]]></notes>
@@ -125,7 +125,7 @@
         <cve>CVE-2014-3625</cve>
         <cve>CVE-2014-1904</cve>
     </suppress>
-    <suppress until="2024-02-28Z">
+    <suppress until="2024-03-28Z">
         <notes><![CDATA[
            sev: HIGH
            file name: plexus-interpolation-1.14.jar
@@ -135,7 +135,7 @@
         <cve>CVE-2022-4244</cve>
         <cve>CVE-2022-4245</cve>
     </suppress>
-    <suppress until="2024-02-28Z">
+    <suppress until="2024-03-28Z">
         <notes><![CDATA[
         sev: HIGH
         file name: plexus-component-annotations-1.5.5.jar