spring-boot-3-2-upgrade #32
@ -49,17 +49,4 @@
|
||||
<packageUrl regex="true">^pkg:maven/org\.pitest/pitest\-command\-line@.*$</packageUrl>
|
||||
<cpe>cpe:/a:line:line</cpe>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes><![CDATA[
|
||||
Spring Boot 3.1.x has a transient dependency to snakeyaml 1.3
|
||||
which contains this vulnerability.
|
||||
|
||||
We've explicitly bumped to 2.2, but the vulnerability checker does not seem to notice that.
|
||||
|
||||
TODO: Remove this suppression once we are on SpringBoot 3.2,
|
||||
as well as the explicit version bump and the transient dependency exclude.
|
||||
]]></notes>
|
||||
<packageUrl regex="true">^pkg:maven/org\.yaml/snakeyaml@.*$</packageUrl>
|
||||
<cve>CVE-2022-1471</cve>
|
||||
</suppress>
|
||||
</suppressions>
|
||||
|
Loading…
Reference in New Issue
Block a user