suppressions.xml

<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
    <suppress until="2025-03-25Z">
        <notes><![CDATA[
   file name: quarkus-update-recipes-1.0.19.jar
       sev: HIGH
         reason: False positive. Reference only
   ]]></notes>
        <packageUrl regex="true">^pkg:maven/io\.quarkus/quarkus-update-recipes@.*$</packageUrl>
        <cpe>cpe:/a:quarkus:quarkus</cpe>
    </suppress>
    <suppress until="2025-03-25Z">
        <notes><![CDATA[
   file name: testng-7.5.jar
       sev: HIGH
         reason: False positive. Reference only
   ]]></notes>
        <packageUrl regex="true">^pkg:maven/org\.testng/testng@.*$</packageUrl>
        <vulnerabilityName>CVE-2022-4065</vulnerabilityName>
    </suppress>
    <suppress until="2025-03-25Z">
        <notes><![CDATA[
            file name: camel-upgrade-recipes-0.1.jar
            sev: CRITICAL
            reason: False positive. Reference only
        ]]></notes>
        <packageUrl regex="true">^pkg:maven/org\.apache\.camel/camel-upgrade-recipes@.*$</packageUrl>
        <cve>CVE-2015-5344</cve>
        <cve>CVE-2017-3159</cve>
        <cve>CVE-2014-0003</cve>
        <cve>CVE-2014-0002</cve>
        <cve>CVE-2019-0188</cve>
        <cve>CVE-2017-5643</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
   file name: spring-webflux-5.3.32.jar
   reason: Should not affect us; need further investigation if we can move to newer version
   ]]></notes>
        <packageUrl regex="true">^pkg:maven/org\.springframework/spring-webflux@.*$</packageUrl>
        <vulnerabilityName>CVE-2024-38816</vulnerabilityName>
    </suppress>
</suppressions>