allow-list.xml

<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
    <suppress>
        <notes><![CDATA[
        YAML is not used via jackson-databind, see https://nvd.nist.gov/vuln/detail/CVE-2022-1471
        ]]></notes>
        <gav>org.yaml:snakeyaml:1.33</gav>
        <cve>CVE-2022-1471</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
        HTTP is not used, see https://nvd.nist.gov/vuln/detail/CVE-2021-41033
        ]]></notes>
        <gav>org.eclipse.platform:org.eclipse.equinox.common:3.16.100</gav>
        <cve>CVE-2021-41033</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
        HTTP is not used, see https://nvd.nist.gov/vuln/detail/CVE-2021-41033
        ]]></notes>
        <cve>CVE-2021-41033</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
        XSemantics version used was released in September 2022, so it is not affected by this CVE; false alarm. More info on https://nvd.nist.gov/vuln/detail/CVE-2019-10249
        ]]></notes>
        <gav>org.eclipse.xsemantics:org.eclipse.xsemantics.runtime:1.22.0</gav>
        <cve>CVE-2019-10249</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
        This CVE refers to Xtext & Xtend versions prior to 2.18.0, we use Xtext & Xtend version 2.27.0.
        The dependency org.eclipse.emf.ecore.xcore.lib has separate versioning (latest version is 1.7.0); false alarm. More info on https://nvd.nist.gov/vuln/detail/CVE-2019-10249
        ]]></notes>
        <gav>org.eclipse.emf:org.eclipse.emf.ecore.xcore.lib:1.6.0</gav>
        <cve>CVE-2019-10249</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
	   This CVE is not about org.junit.platform.commons. It seems the check is
	   too loose.  See https://nvd.nist.gov/vuln/detail/CVE-2020-27225
	   ]]></notes>
        <cve>CVE-2020-27225</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
	   Suppress false positive CVE-2023-35116 in jackson-databind.
	   See issue https://github.com/FasterXML/jackson-databind/issues/3972
	   See CVE https://nvd.nist.gov/vuln/detail/CVE-2023-35116
	   ]]></notes>
        <cve>CVE-2023-35116</cve>
    </suppress>
</suppressions>