From 14a48ce9ea3fe0acb15d22275a90973e5a269bd6 Mon Sep 17 00:00:00 2001 From: Nate Danner Date: Tue, 1 Oct 2024 16:33:59 -0700 Subject: [PATCH] update to latest error prone to remove protobuf-java@3.19.2 vulnerability (#597) --- build.gradle.kts | 2 +- suppressions.xml | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/build.gradle.kts b/build.gradle.kts index d99348007..f2c78b677 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -141,7 +141,7 @@ dependencies { runtimeOnly("org.openrewrite.recipe:rewrite-testing-frameworks:$rewriteVersion") annotationProcessor("org.openrewrite:rewrite-templating:$rewriteVersion") - compileOnly("com.google.errorprone:error_prone_core:2.19.1") { + compileOnly("com.google.errorprone:error_prone_core:2.+") { exclude("com.google.auto.service", "auto-service-annotations") } implementation("org.mongodb:mongo-java-driver:3.12.+") diff --git a/suppressions.xml b/suppressions.xml index 5b50acf91..8b710d7c5 100644 --- a/suppressions.xml +++ b/suppressions.xml @@ -9,4 +9,12 @@ ^pkg:maven/org\.springframework\.data/spring-data-mongodb@.*$ CVE-2022-22980 + + + ^pkg:javascript/DOMPurify@.*$ + CVE-2024-45801 +