-
Notifications
You must be signed in to change notification settings - Fork 35
Expand file tree
/
Copy pathdependency-check-suppression.xml
More file actions
21 lines (21 loc) · 1.37 KB
/
dependency-check-suppression.xml
File metadata and controls
21 lines (21 loc) · 1.37 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
<suppress>
<notes><![CDATA[
file name: tika-core-2.9.4.jar
This is a transitive dependency of allure-commandline (devDependency).
It is not used in production or in the final application bundle.
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.apache\.tika/tika-core@.*$</packageUrl>
<cve>CVE-2025-54988</cve>
<cve>CVE-2025-66516</cve>
</suppress>
<suppress>
<notes><![CDATA[
Suppressing dev-tooling and transitives already handled in audit-ci/osv-scanner.
These are either dev-only (allure, jest, webpack) or pinned/overridden.
]]></notes>
<packageUrl regex="true">^pkg:npm/(axios|ejs|glob|html-minifier-terser|immutable|ip|minimatch|pbkdf2|react-router|rollup|tar-fs|validate\.js)@.*$</packageUrl>
<vulnerabilityName regex="true">^(GHSA-43fc-jf86-j433|CVE-2023-29827|GHSA-5j98-mcp5-4vw2|CVE-2022-37620|GHSA-wf6x-7x77-mvgw|GHSA-2p57-rm9w-gvfp|GHSA-3ppc-4f35-3m26|GHSA-23c5-xmqv-rm74|GHSA-7r86-cg39-jmmj|GHSA-h7cp-r72f-jxh6|GHSA-v62p-rq8g-8h59|GHSA-2w69-qvjg-hvjx|GHSA-8v8x-cx79-35w7|GHSA-3cgp-3xvw-98x8|GHSA-mw96-cpmx-2vgc|GHSA-vj76-c3g6-qr5v|CVE-2020-26308|GHSA-rv73-9c8w-jp4c)$</vulnerabilityName>
</suppress>
</suppressions>