forked from openrewrite/rewrite-spring
-
Notifications
You must be signed in to change notification settings - Fork 0
/
suppressions.xml
20 lines (20 loc) · 955 Bytes
/
suppressions.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
<suppress>
<notes><![CDATA[
file name: spring-data-mongodb-2.2.12.RELEASE.jar
]]>
These are required to be able to migrate away from the vulnerable dependencies
</notes>
<packageUrl regex="true">^pkg:maven/org\.springframework\.data/spring-data-mongodb@.*$</packageUrl>
<cve>CVE-2022-22980</cve>
</suppress>
<suppress until="2024-11-25Z">
<notes><![CDATA[
file name: rewrite-testing-frameworks-2.20.0-SNAPSHOT.jar: wiremock-jre8-2.35.0.jar: swagger-ui-bundle.js
false positive: js library that is shipped as part of this jar
]]></notes>
<packageUrl regex="true">^pkg:javascript/DOMPurify@.*$</packageUrl>
<vulnerabilityName>CVE-2024-45801</vulnerabilityName>
</suppress>
</suppressions>