-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathgradle-suppressions.xml
More file actions
20 lines (19 loc) · 904 Bytes
/
gradle-suppressions.xml
File metadata and controls
20 lines (19 loc) · 904 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
<suppress>
<notes><![CDATA[
cpe:finos:gitproxy matches all git-proxy-java-* jars due to shared Maven groupId/artifactId.
These CVEs are for the Node.js git-proxy (parsePush.ts) and do not apply to this Java project.
]]></notes>
<cpe>cpe:/a:finos:gitproxy</cpe>
</suppress>
<suppress>
<notes><![CDATA[
CVE-2018-14335 affects H2 through 1.4.197 only. We are on 2.x which is not vulnerable.
dep-check matches on package name without respecting the fixed version ceiling.
https://nvd.nist.gov/vuln/detail/CVE-2018-14335
]]></notes>
<packageUrl regex="true">^pkg:maven/com\.h2database/h2@.*$</packageUrl>
<cve>CVE-2018-14335</cve>
</suppress>
</suppressions>