dependency-suppressions.xml

<?xml version="1.0" encoding="UTF-8"?>
<!--
  ~ Copyright 2022 IBM All Rights Reserved.
  ~
  ~ SPDX-License-Identifier: Apache-2.0
  -->

<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
    <suppress>
        <notes><![CDATA[
        Vulnerability in core Fabric Go implementation, not the Java SDK
        ]]></notes>
        <packageUrl regex="true">^pkg:maven/org\.hyperledger\.fabric\-sdk\-java/fabric\-sdk\-java@.*$</packageUrl>
        <cve>CVE-2022-36023</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
        Vulnerability in C++ gRPC implementation
        ]]></notes>
        <packageUrl regex="true">^pkg:maven/io\.opentelemetry\.instrumentation/opentelemetry\-grpc\-1\.6@.*$</packageUrl>
        <cve>CVE-2023-33953</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
        Vulnerability in C++ gRPC implementation
        ]]></notes>
        <packageUrl regex="true">^pkg:maven/io\.opentelemetry\.instrumentation/opentelemetry\-grpc\-1\.6@.*$</packageUrl>
        <cve>CVE-2023-32732</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
        Vulnerability in CouchDB itself, not cloudant client API
        ]]></notes>
        <packageUrl regex="true">^pkg:maven/com\.ibm\.cloud/cloudant(-common)?@.*$</packageUrl>
        <cve>CVE-2023-26268</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
        gRPC Java is not affected by this vulnerability; only gRPC C++, Python and Ruby
        ]]></notes>
        <packageUrl regex="true">^pkg:maven/io\.opentelemetry\.instrumentation/opentelemetry\-grpc\-1\.6@.*$</packageUrl>
        <cve>CVE-2023-4785</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
        CVE relates to attack on gRPC servers (not clients) and is dependent on the Netty version used
        ]]></notes>
        <cve>CVE-2023-44487</cve>
    </suppress>
</suppressions>