From ed574ffdbef5746b510eb5ada099fcbf33e8f5a7 Mon Sep 17 00:00:00 2001
From: Peter Streef <p.streef@gmail.com>
Date: Tue, 10 Sep 2024 12:08:56 +0200
Subject: [PATCH] suppress spring-data-mongodb vulnerability. We need the
 classes there to migrate away from it. (#591)

---
 suppressions.xml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/suppressions.xml b/suppressions.xml
index fbf9371b9..5b50acf91 100644
--- a/suppressions.xml
+++ b/suppressions.xml
@@ -1,3 +1,12 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+    <suppress>
+        <notes><![CDATA[
+   file name: spring-data-mongodb-2.2.12.RELEASE.jar
+   ]]>
+        These are required to be able to migrate away from the vulnerable dependencies
+        </notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework\.data/spring-data-mongodb@.*$</packageUrl>
+        <cve>CVE-2022-22980</cve>
+    </suppress>
 </suppressions>