deps: ignore the bootstrap carousel issue

apache · Aug 26, 2024 · 205bf40 · 205bf40
1 parent ab06a50
commit 205bf40
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/...heckstyle-rules/src/main/resources/tobago/dependency-check-suppression-for-tobago-4.x.xml b/...heckstyle-rules/src/main/resources/tobago/dependency-check-suppression-for-tobago-4.x.xml
@@ -63,4 +63,12 @@
     <packageUrl regex="true">^pkg:maven/.*/.*@.*$</packageUrl>
     <cve>CVE-2021-37533</cve>
   </suppress>
+  <suppress>
+    <notes><![CDATA[ file name: bootstrap*.js
+There is an issue with the carousel component. Tobago doesn't use the component, but if the application
+uses the carousel component, they might be affected. We recommend to upgrade to Tobago 5 or higher.
+]]></notes>
+    <packageUrl regex="true">^pkg:javascript/bootstrap@.*$</packageUrl>
+    <vulnerabilityName>CVE-2024-6531</vulnerabilityName>
+  </suppress>
 </suppressions>