suppressions.xml

<?xml version="1.0" encoding="UTF-8"?>
<suppressions
        xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">

    <suppress>
        <notes>3 false posiitives regarding the spring RCE CVE, that do not apply due to overridden spring deps</notes>
        <filePath regex="true">.*\bspring-[hateoas|plugin\-core|retry].*\b</filePath>
        <cve>CVE-2022-22965</cve>
    </suppress>

    <suppress>
        <notes>Deserialization issue that spring cannot fix. No mitigation before spring 6</notes>
        <cve>CVE-2016-1000027</cve>
    </suppress>

    <suppress>
        <notes>Snakeyaml deserialization issue that spring cannot fix.</notes>
        <cve>CVE-2022-1471</cve>
        <cve>CVE-2022-25857</cve>
        <cve>CVE-2022-38749</cve>
        <cve>CVE-2022-38751</cve>
        <cve>CVE-2022-38752</cve>
        <cve>CVE-2022-41854</cve>
        <cve>CVE-2022-38750</cve>
    </suppress>

</suppressions>