Merge pull request #237 from haileyajohnson/cve-suppress

suppress false positive CVE for commons-io

Author: oxelson

project-files/owasp-dependency-check/dependency-check-suppression.xml

@@ -101,4 +101,12 @@
     <cve>CVE-2022-23221</cve>
     <cwe>94</cwe>
   </suppress>
+  <suppress>
+  <notes><![CDATA[
+      file name: commons-io-1.3.2.jar
+      reason: We do not use the vulnerable function (FileNameUtils.normalize)
+    ]]></notes>
+  <packageUrl regex="true">^pkg:maven/commons-io/commons-io@.*$</packageUrl>
+  <cve>CVE-2021-29425</cve>
+  </suppress>
 </suppressions>