Closed FloTank closed 9 months ago
Sadly, there is little we can do about this on our end realistically. Changing the name of coordinates isn't a proper solution, nor is bumping the project version.
This issue was known on the pre-forked library issues, so remember I left it open on purpose so it would serve as documentation for people that want to know how to suppress this false positive. https://github.com/twitter/compose-rules/issues/73
This is the suppression code that was referenced there:
<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
<suppress>
<notes><![CDATA[
Wrong detection of core-ktlint library, see: https://github.com/twitter/compose-rules/issues/73
]]></notes>
<sha1>8b163196c50e68a62e3b5bb910a99e8415889654</sha1>
<cve>CVE-2019-1010260</cve>
</suppress>
<suppress>
<notes><![CDATA[
Wrong detection of ktlint ruleset library, see: https://github.com/twitter/compose-rules/issues/73
]]></notes>
<sha1>de64d1b35289d73edac35724941de3099193f782</sha1>
<cve>CVE-2019-1010260</cve>
</suppress>
</suppressions>
NVD is failing cause its confusing the core-ktlint package with the ktlint-core package of the 0.30.0 version of the pinterest ktlint library https://github.com/pinterest/ktlint/tree/0.30.0/ktlint-core
OWASP-Dependency-Check is striking your library cause of that.
This is the issue your Library is now being reference to: https://nvd.nist.gov/vuln/detail/CVE-2019-1010260