dependency upgrades and suppress irrelevant security vulnerability in jackson-databind

2022-10-05 06:31:53 +02:00
parent a93143ff00
commit 398f15d5de
3 changed files with 15 additions and 7 deletions
--- a/etc/owasp-dependency-check-suppression.xml
+++ b/etc/owasp-dependency-check-suppression.xml
@ -7,4 +7,11 @@
        <packageUrl regex="true">^pkg:maven/org\.springframework/spring-web@.*$</packageUrl>
        <cve>CVE-2016-1000027</cve>
    </suppress>
+    <suppress>
+        <notes><![CDATA[
+           We don't use the UNWRAP_SINGLE_VALUE_ARRAYS feature and thus are not affected.
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$</packageUrl>
+        <cve>CVE-2022-42003</cve>
+    </suppress>
 </suppressions>