allow-list.xml

<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
    <suppress>
        <notes><![CDATA[
        Testing false positive, transitive dependency from mockserver-netty
        ]]></notes>
        <gav>org.apache.commons:commons-text:1.9</gav>
        <cve>CVE-2022-42889</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
        No fix available
        ]]></notes>
        <gav>org.yaml:snakeyaml:1.30</gav>
        <cve>CVE-2022-25857</cve>
        <cve>CVE-2022-38751</cve>
        <cve>CVE-2022-38749</cve>
        <cve>CVE-2022-38752</cve>
        <cve>CVE-2022-41854</cve>
        <cve>CVE-2022-38750</cve>
        <cve>CVE-2022-1471</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
        No fix available
        ]]></notes>
        <gav>org.yaml:snakeyaml:1.31</gav>
        <cve>CVE-2022-38751</cve>
        <cve>CVE-2022-38752</cve>
        <cve>CVE-2022-41854</cve>
        <cve>CVE-2022-1471</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
        Testing false positives by suppressing a CVE
        https://github.com/jeremylong/DependencyCheck/issues/4528 (Do not use deprecated method)
        ]]></notes>
        <gav>org.springframework.security:spring-security-crypto:5.7.5</gav>
        <cve>CVE-2020-5408</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
        Testing false positives by suppressing a CVE
        https://github.com/spring-projects/spring-framework/issues/24434 (Do not expose HttpInvoker)
        ]]></notes>
        <gav>org.springframework:spring-web:5.3.24</gav>
        <cve>CVE-2016-1000027</cve>
    </suppress>
</suppressions>