add suppression for jackson dependency

prisma-capacity · Aug 30, 2023 · ef1d176 · ef1d176
1 parent b4b5c84
commit ef1d176
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/suppressions.xml b/suppressions.xml
@@ -10,4 +10,8 @@
         <notes>We're not using XML here, and also there is no updated jackson-core yet, so that we cannot avoid the transitive dependency.</notes>
         <cve>CVE-2022-45688</cve>
     </suppress>
+    <suppress>
+        <notes>CVE is being considered by the community a false positive. See https://github.com/FasterXML/jackson-databind/issues/3972.</notes>
+        <cve>CVE-2023-35116</cve>
+    </suppress>
 </suppressions>