remove snakeyaml exclude
This commit is contained in:
parent
f29dc80074
commit
bdcde1519b
@ -49,17 +49,4 @@
|
|||||||
<packageUrl regex="true">^pkg:maven/org\.pitest/pitest\-command\-line@.*$</packageUrl>
|
<packageUrl regex="true">^pkg:maven/org\.pitest/pitest\-command\-line@.*$</packageUrl>
|
||||||
<cpe>cpe:/a:line:line</cpe>
|
<cpe>cpe:/a:line:line</cpe>
|
||||||
</suppress>
|
</suppress>
|
||||||
<suppress>
|
|
||||||
<notes><![CDATA[
|
|
||||||
Spring Boot 3.1.x has a transient dependency to snakeyaml 1.3
|
|
||||||
which contains this vulnerability.
|
|
||||||
|
|
||||||
We've explicitly bumped to 2.2, but the vulnerability checker does not seem to notice that.
|
|
||||||
|
|
||||||
TODO: Remove this suppression once we are on SpringBoot 3.2,
|
|
||||||
as well as the explicit version bump and the transient dependency exclude.
|
|
||||||
]]></notes>
|
|
||||||
<packageUrl regex="true">^pkg:maven/org\.yaml/snakeyaml@.*$</packageUrl>
|
|
||||||
<cve>CVE-2022-1471</cve>
|
|
||||||
</suppress>
|
|
||||||
</suppressions>
|
</suppressions>
|
||||||
|
Loading…
Reference in New Issue
Block a user