suppression.xml

<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd">
    <suppress>
        <notes><![CDATA[
      file name: re-frame-0.10.5.jar
      ]]></notes>
        <gav regex="true">^re-frame:re-frame:.*$</gav>
        <cpe>cpe:/a:git_project:git</cpe>
    </suppress>
    <suppress>
        <notes><![CDATA[
   file name: re-frame-0.10.5.jar
   ]]></notes>
        <gav regex="true">^re-frame:re-frame:.*$</gav>
        <cpe>cpe:/a:git:git</cpe>
    </suppress>
    <suppress>
        <notes><![CDATA[
   file name: closure-compiler-unshaded-v20180204.jar
   ]]></notes>
        <gav regex="true">^com\.google\.javascript:closure-compiler-unshaded:.*$</gav>
        <cpe>cpe:/a:google:google_apps</cpe>
    </suppress>
    <suppress>
        <notes><![CDATA[
   file name: closure-compiler-unshaded-v20180610.jar
   ]]></notes>
        <gav regex="true">^com\.google\.javascript:closure-compiler-unshaded:.*$</gav>
        <cpe>cpe:/a:google:gmail</cpe>
    </suppress>
    <suppress>
        <notes><![CDATA[
        Suppress CVE in google-closure-library that we shouldn't be vulnerable to and that is a transitive dependency of closurescript that hasn't updated this yet. Recheck in a few months if things have improved upstream.
        ]]></notes>
        <cve>CVE-2020-8910</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
        This CVE is related to the C# version of MessagePack, we are not affected by it.
        ]]></notes>
        <cve>CVE-2020-5234</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
        This CVE is related to Apache HTTP Components which are a transitive dependency to make cljs-ajax work on clj as well - we aren't using it this way so aren't affected.
        ]]></notes>
        <cve>CVE-2020-13956</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
This is a low-severity issue relating to permissions of temp-files created by Guava. Guava is only used by the clojurescript build so this shouldn't have any effect on lambdacd users
]]></notes>
        <cve>CVE-2020-8908</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
This is an issue in rust-cache, a false positive.
]]></notes>
        <cve>CVE-2020-36448</cve>
    </suppress>
</suppressions>