From 14ca0888bb97a04bf9fa92509d5c4f77c716ecfb Mon Sep 17 00:00:00 2001
From: Kishan Sairam Adapa <kishan.adapa@traceable.ai>
Date: Thu, 29 Feb 2024 17:47:54 +0530
Subject: [PATCH 1/2] update pinot tools to 1.0

---
 view-creator-framework/build.gradle.kts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/view-creator-framework/build.gradle.kts b/view-creator-framework/build.gradle.kts
index 18d9199..5d871e7 100644
--- a/view-creator-framework/build.gradle.kts
+++ b/view-creator-framework/build.gradle.kts
@@ -17,7 +17,7 @@ dependencies {
   api("org.apache.commons:commons-compress:1.26.0") {
     because("https://www.tenable.com/cve/CVE-2024-25710")
   }
-  implementation("org.apache.pinot:pinot-tools:0.12.1") {
+  implementation("org.apache.pinot:pinot-tools:1.0.0") {
     // All these third party libraries are not used in view creation workflow.
     // They bring in lot of vulnerabilities (snyk). so, excluding unused libs
     exclude("com.google.protobuf", "protobuf-java")

From f31e32d7024184646288cea72beac65a63f2e170 Mon Sep 17 00:00:00 2001
From: kishansairam9 <kishan.adapa@traceable.ai>
Date: Thu, 29 Feb 2024 17:49:04 +0530
Subject: [PATCH 2/2] update supressions

---
 owasp-suppressions.xml | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/owasp-suppressions.xml b/owasp-suppressions.xml
index d2e529a..306a247 100644
--- a/owasp-suppressions.xml
+++ b/owasp-suppressions.xml
@@ -56,12 +56,4 @@
     <cve>CVE-2018-11770</cve>
     <cve>CVE-2018-17190</cve>
   </suppress>
-  <suppress>
-    <notes><![CDATA[
-    Dep removed in favor of newer apache http client in pinot 1.0
-   ]]></notes>
-    <packageUrl regex="true">^pkg:maven/commons\-httpclient/commons\-httpclient@.*$</packageUrl>
-    <cve>CVE-2012-5783</cve>
-    <cve>CVE-2020-13956</cve>
-  </suppress>
 </suppressions>