You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by lo...@apache.org on 2023/01/11 10:58:42 UTC
[myfaces-build-tools] branch main updated: deps: more problems with snakeyml
This is an automated email from the ASF dual-hosted git repository.
lofwyr pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/myfaces-build-tools.git
The following commit(s) were added to refs/heads/main by this push:
new 87d4070f deps: more problems with snakeyml
87d4070f is described below
commit 87d4070fc63757cadb36928ab37f9ccdc2156b5d
Author: Udo Schnurpfeil <ud...@irian.eu>
AuthorDate: Wed Jan 11 11:58:34 2023 +0100
deps: more problems with snakeyml
---
.../tobago/dependency-check-suppression-for-tobago-5.x.xml | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/other/checkstyle-rules/src/main/resources/tobago/dependency-check-suppression-for-tobago-5.x.xml b/other/checkstyle-rules/src/main/resources/tobago/dependency-check-suppression-for-tobago-5.x.xml
index 8a69ab6c..d63da859 100644
--- a/other/checkstyle-rules/src/main/resources/tobago/dependency-check-suppression-for-tobago-5.x.xml
+++ b/other/checkstyle-rules/src/main/resources/tobago/dependency-check-suppression-for-tobago-5.x.xml
@@ -11,6 +11,16 @@
<packageUrl regex="true">^pkg:maven/org\.yaml/snakeyaml@.*$</packageUrl>
<vulnerabilityName>CVE-2022-1471</vulnerabilityName>
</suppress>
+ <suppress>
+ <notes><![CDATA[ file name: snakeyaml-1.33.jar ]]></notes>
+ <packageUrl regex="true">^pkg:maven/org\.yaml/snakeyaml@.*$</packageUrl>
+ <vulnerabilityName>CVE-2021-4235</vulnerabilityName>
+ </suppress>
+ <suppress>
+ <notes><![CDATA[ file name: snakeyaml-1.33.jar ]]></notes>
+ <packageUrl regex="true">^pkg:maven/org\.yaml/snakeyaml@.*$</packageUrl>
+ <vulnerabilityName>CVE-2022-3064</vulnerabilityName>
+ </suppress>
<suppress>
<notes><![CDATA[ file name: commons-*.jar ]]></notes>
<packageUrl regex="true">^pkg:maven/commons\-.*/commons\-.*@.*$</packageUrl>