forked from openrewrite/rewrite-logging-frameworks
-
Notifications
You must be signed in to change notification settings - Fork 0
/
suppressions.xml
22 lines (22 loc) · 970 Bytes
/
suppressions.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
<suppress until="2023-01-07Z">
<notes><![CDATA[
file name: woodstox-core-6.3.1.jar
Severity: HIGH
False positive. We do not use woodstox and it will be updated with the next spring cloud
dependencies.
]]></notes>
<packageUrl regex="true">^pkg:maven/com\.fasterxml\.woodstox/woodstox\-core@.*$</packageUrl>
<vulnerabilityName>CVE-2022-40152</vulnerabilityName>
</suppress>
<suppress until="2023-01-07Z">
<notes><![CDATA[
file name: snakeyaml-1.33.jar
Severity: HIGH
False positive: We are not parsing untrusted user input. Not used in this repository.
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.yaml/snakeyaml@.*$</packageUrl>
<cve>CVE-2022-1471</cve>
</suppress>
</suppressions>