| <?xml version="1.0" encoding="UTF-8"?> |
| <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd"> |
| <suppress until="2020-12-01Z"> |
| <notes><![CDATA[ |
| Suppress kotlin vulernability. Only affects build tools, not shipped in chrome. Packages that depend on this have yet to be updated. |
| ]]></notes> |
| <packageUrl regex="true">^pkg:maven/org\.jetbrains\.kotlin/kotlin\-stdlib@.*$</packageUrl> |
| <cve>CVE-2020-15824</cve> |
| </suppress> |
| <suppress until="2020-12-01Z"> |
| <notes><![CDATA[ |
| Suppress kotlin vulernability. Only affects build tools, not shipped in chrome. Packages that depend on this have yet to be updated. |
| ]]></notes> |
| <packageUrl regex="true">^pkg:maven/org\.jetbrains\.kotlin/kotlin\-stdlib\-common@.*$</packageUrl> |
| <cve>CVE-2020-15824</cve> |
| </suppress> |
| <suppress until="2021-12-01Z"> |
| <notes><![CDATA[ |
| https://nvd.nist.gov/vuln/detail/CVE-2020-8908 should not apply to all guava libraries. |
| ]]></notes> |
| <packageUrl regex="true">^pkg:maven/com\.google\.guava/failureaccess@.*$</packageUrl> |
| <cpe>cpe:/a:google:guava</cpe> |
| |
| </suppress> |
| <suppress until="2021-12-01Z"> |
| <notes><![CDATA[ |
| https://nvd.nist.gov/vuln/detail/CVE-2020-8908 should not apply to all guava libraries. |
| ]]></notes> |
| <packageUrl regex="true">^pkg:maven/com\.google\.guava/listenablefuture@1.0$</packageUrl> |
| <cpe>cpe:/a:google:guava</cpe> |
| |
| </suppress> |
| </suppressions> |