dependency-check-suppressions.xml

<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">

	<suppress>
		<notes>
				Declared as False positive on library com.nimbusds:lang-tag #3594
				https://github.com/jeremylong/DependencyCheck/issues/3594
				CVE-2020-23171 Reference https://tools.hmcts.net/jira/browse/CCD-1868
		</notes>
		<packageUrl regex="true">^pkg:maven/com\.nimbusds/lang\-tag@.*$</packageUrl>
		<cpe>cpe:/a:nim-lang:nim-lang</cpe>
		<cve>CVE-2020-23171</cve>
	</suppress>

	<suppress until="2022-01-25">
		<notes>We do not use: Spring Framework 5.0.5.RELEASE + Spring Security
			(any version), see https://pivotal.io/security/cve-2018-1258
			False
			positive confirmed.
			Last control version: 5.5.1
		</notes>
		<cve>CVE-2018-1258</cve>
	</suppress>

	<suppress until="2022-01-25">
		<notes>These CVE's are coming from Dhowden tag library and it impacts
			only MP3/MP4/OGG/FLAC metadata parsing
			library. Also it is declared as
			false positive in
			https://github.com/jeremylong/DependencyCheck/issues/3043
			Last control version:  1.5
		</notes>
		<cve>CVE-2020-29242</cve>
		<cve>CVE-2020-29243</cve>
		<cve>CVE-2020-29244</cve>
		<cve>CVE-2020-29245</cve>
	</suppress>

	<suppress until="2022-01-25">
		<notes>Declared as False Positive on com.nimbusds:oauth2-oidc-sdk
			#2866
			https://github.com/jeremylong/DependencyCheck/issues/2866
			Last control version: 9.10.1
		</notes>
		<cve>CVE-2007-1651</cve>
		<cve>CVE-2007-1652</cve>
	</suppress>

</suppressions>