From ef1d17642e4586cd11abe9e56bd5293a3a3a8341 Mon Sep 17 00:00:00 2001
From: Benjamin Otto <benjamin.otto@style-systems.de>
Date: Wed, 30 Aug 2023 09:23:30 +0200
Subject: [PATCH] add suppression for jackson dependency

---
 suppressions.xml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/suppressions.xml b/suppressions.xml
index 695070c0..dd55ab6f 100644
--- a/suppressions.xml
+++ b/suppressions.xml
@@ -10,4 +10,8 @@
         <notes>We're not using XML here, and also there is no updated jackson-core yet, so that we cannot avoid the transitive dependency.</notes>
         <cve>CVE-2022-45688</cve>
     </suppress>
+    <suppress>
+        <notes>CVE is being considered by the community a false positive. See https://github.com/FasterXML/jackson-databind/issues/3972.</notes>
+        <cve>CVE-2023-35116</cve>
+    </suppress>
 </suppressions>