Suppressing CVEs (#2396)

ministryofjustice · Oct 17, 2023 · 8cbd853 · 8cbd853
1 parent a19b808
commit 8cbd853
Showing 1 changed file with 16 additions and 0 deletions.
diff --git a/projects/person-search-index-from-delius/.trivyignore b/projects/person-search-index-from-delius/.trivyignore
@@ -10,9 +10,11 @@ CVE-2022-25647
 
 # Reason: snappy compression only used for trusted inputs
 # Package: org.xerial.snappy:snappy-java:1.1.0.1
+# Package: org.xerial.snappy:snappy-java:1.1.10.1
 CVE-2023-34455
 CVE-2023-34454
 CVE-2023-34453
+CVE-2023-43642
 
 # Reason: No unauthorized access to local temporary filesystem
 # Package: com.google.guava:guava:18.0
@@ -26,4 +28,18 @@ CVE-2021-37714
 # Package: org.apache.maven:maven-compat:3.3.9
 CVE-2021-26291
 
+# Reason: No parsing of untrusted uri
+# Package: uri:0.11.0
+CVE-2023-28755
 
+# Reason: No parsing of untrusted time
+# Package: time:0.1.0
+CVE-2023-28756
+
+# Reason: No parsing of untrusted uri
+# Package: org.codehaus.plexus:plexus-utils:3.0.22
+CVE-2022-4244
+
+# Reason: No parsing of untrusted data
+# Package: org.apache.avro:avro:1.11.1
+CVE-2023-39410