suppressions.xml

<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
    <suppress>
        <notes><![CDATA[
           file name: netty-transport-classes-epoll-4.1.94.Final.jar
           ]]></notes>
        <cve>CVE-2023-44487</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
           file name: netty-transport-classes-epoll-4.1.94.Final.jar
           ]]></notes>
        <cve>CVE-2023-4586</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
           file name: rewrite-kotlin-1.6.0-SNAPSHOT.jar
           ]]></notes>
        <cve>CVE-2023-30853</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
            file name: jackson-databind-2.15.2.jar
            This is not a really valid CVE and not really exploitable as Java code needs to be modified: https://github.com/FasterXML/jackson-databind/issues/3972
        ]]></notes>
        <packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$</packageUrl>
        <cve>CVE-2023-35116</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
            file name: jackson-databind-2.15.2.jar
            The CVE https://nvd.nist.gov/vuln/detail/CVE-2019-3826 does not actually pertain to the Micrometer Prometheus client, but Prometheus itself
        ]]></notes>
        <packageUrl regex="true">^pkg:maven/io\.micrometer\.prometheus/prometheus\-rsocket\-client@.*$</packageUrl>
        <cve>CVE-2019-3826</cve>
    </suppress>
    <suppress until="2025-02-03Z">
        <notes><![CDATA[
        file name: reactor-netty-core-1.0.32.jar
        ]]></notes>
        <packageUrl regex="true">^pkg:maven/io\.projectreactor\.netty/reactor\-netty\-core@.*$</packageUrl>
        <cve>CVE-2023-34054</cve>
        <cve>CVE-2023-34062</cve>
    </suppress>
    <suppress until="2025-02-03Z">
        <notes><![CDATA[
        file name: reactor-netty-http-1.0.32.jar
        ]]></notes>
        <packageUrl regex="true">^pkg:maven/io\.projectreactor\.netty/reactor\-netty\-http@.*$</packageUrl>
        <cve>CVE-2023-34054</cve>
        <cve>CVE-2023-34062</cve>
    </suppress>
</suppressions>