hostsharing/hs.hsadmin.ng
6
0
Fork 0
Code Pull Requests 2 Activity

spring-boot-3-2-upgrade #32

Merged
hsh-michaelhoennig merged 18 commits from spring-boot-3-2-upgrade into master 2024-04-02 13:24:25 +02:00
Conversation 0 Commits 18 Files Changed 25 -13
1 changed files with 0 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit bdcde1519b - Show all commits

13
etc/owasp-dependency-check-suppression.xml
View File

@ -49,17 +49,4 @@
<packageUrl regex="true">^pkg:maven/org\.pitest/pitest\-command\-line@.*$</packageUrl> <packageUrl regex="true">^pkg:maven/org\.pitest/pitest\-command\-line@.*$</packageUrl>
<cpe>cpe:/a:line:line</cpe> <cpe>cpe:/a:line:line</cpe>
</suppress> </suppress>
<suppress>
<notes><![CDATA[
Spring Boot 3.1.x has a transient dependency to snakeyaml 1.3
which contains this vulnerability.
We've explicitly bumped to 2.2, but the vulnerability checker does not seem to notice that.
TODO: Remove this suppression once we are on SpringBoot 3.2,
as well as the explicit version bump and the transient dependency exclude.
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.yaml/snakeyaml@.*$</packageUrl>
<cve>CVE-2022-1471</cve>
</suppress>
</suppressions> </suppressions>