suppress spring-data-mongodb vulnerability. We need the classes there…

… to migrate away from it. (#591)
openrewrite · Sep 10, 2024 · ed574ff · ed574ff
1 parent 4612580
commit ed574ff
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/suppressions.xml b/suppressions.xml
@@ -1,3 +1,12 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+    <suppress>
+        <notes><![CDATA[
+   file name: spring-data-mongodb-2.2.12.RELEASE.jar
+   ]]>
+        These are required to be able to migrate away from the vulnerable dependencies
+        </notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework\.data/spring-data-mongodb@.*$</packageUrl>
+        <cve>CVE-2022-22980</cve>
+    </suppress>
 </suppressions>