pedestal/nvd_suppressions.xml at master · terjesb/pedestal · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
  <!-- This is an automatically generated config file by nvd-clojure. -->
  <!-- Feel free to tweak it, version-control it and remove any comment. -->
  <!-- You can find suppression examples in https://jeremylong.github.io/DependencyCheck/general/suppression.html -->
  <!-- We're suppressing these as there are no replacements.  It's a ticking time bomb that will eventually fail builds. -->
    <suppress until="2026-01-01">
        <notes><![CDATA[
   file name: clojure-1.11.1.jar
   ]]></notes>
        <packageUrl regex="true">^pkg:maven/org\.clojure/clojure@.*$</packageUrl>
        <cve>CVE-2024-22871</cve>
    </suppress>
    <suppress>
        <!-- https://nvd.nist.gov/vuln/detail/CVE-2025-48976 recommends upgrading to 2.0.0-M4 which
             we already have, so I feel this result is a false positive. -->
        <notes><![CDATA[
   file name: commons-fileupload2-core-2.0.0-M4.jar
   ]]></notes>
        <packageUrl regex="true">^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$</packageUrl>
        <cve>CVE-2025-48976</cve>
    </suppress>
    <suppress>
        <!-- https://nvd.nist.gov/vuln/detail/CVE-2024-22871 -->
        <notes><![CDATA[
   file name: clojure-1.12.0.jar
   ]]></notes>
        <packageUrl regex="true">^pkg:maven/org\.clojure/clojure@.*$</packageUrl>
        <cpe>cpe:/a:clojure:clojure</cpe>
    </suppress>
</suppressions>