update to latest error prone to remove protobuf-java@3.19.2 vulnerability (#613)

natedanner · web-flow · commit 058d2ff66cca · 2024-10-01T16:59:20.000-07:00
diff --git a/build.gradle.kts b/build.gradle.kts
@@ -53,7 +53,7 @@ dependencies {
 
     annotationProcessor("org.openrewrite:rewrite-templating:${rewriteVersion}")
     implementation("org.openrewrite:rewrite-templating:${rewriteVersion}")
-    compileOnly("com.google.errorprone:error_prone_core:2.19.1:with-dependencies") {
+    compileOnly("com.google.errorprone:error_prone_core:2.+:with-dependencies") {
         exclude("com.google.auto.service", "auto-service-annotations")
     }
 
diff --git a/suppressions.xml b/suppressions.xml
@@ -1,3 +1,11 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+    <suppress until="2024-11-25Z">
+        <notes><![CDATA[
+                file name: rewrite-testing-frameworks-2.20.0-SNAPSHOT.jar: wiremock-jre8-2.35.0.jar: swagger-ui-bundle.js
+                false positive: js library that is shipped as part of this jar
+            ]]></notes>
+        <packageUrl regex="true">^pkg:javascript/DOMPurify@.*$</packageUrl>
+        <vulnerabilityName>CVE-2024-45801</vulnerabilityName>
+    </suppress>
 </suppressions>

Original file line number	Diff line number	Diff line change
`@@ -53,7 +53,7 @@ dependencies {`
`53`	`53`
`54`	`54`	`annotationProcessor("org.openrewrite:rewrite-templating:${rewriteVersion}")`
`55`	`55`	`implementation("org.openrewrite:rewrite-templating:${rewriteVersion}")`
`56`		`- compileOnly("com.google.errorprone:error_prone_core:2.19.1:with-dependencies") {`
	`56`	`+ compileOnly("com.google.errorprone:error_prone_core:2.+:with-dependencies") {`
`57`	`57`	`exclude("com.google.auto.service", "auto-service-annotations")`
`58`	`58`	`}`
`59`	`59`