added the base=true flag to all base suppressions

Former-commit-id: ac77f3fc4ff80c182b7736554a1960e186e67d69
2026-01-14 15:53:36 +01:00 · 2014-09-13 05:40:37 -04:00
parent 257f78879d
commit c76275275f
1 changed files with 4 additions and 4 deletions
--- a/dependency-check-core/src/main/resources/dependencycheck-base-suppression.xml
+++ b/dependency-check-core/src/main/resources/dependencycheck-base-suppression.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <suppressions xmlns="https://www.owasp.org/index.php/OWASP_Dependency_Check_Suppression">
-    <suppress>
+    <suppress base="true">
        <notes><![CDATA[
        This suppresses false positives identified on spring security.
        ]]></notes>
@@ -9,7 +9,7 @@
        <cpe>cpe:/a:springsource:spring_framework</cpe>
        <cpe>cpe:/a:vmware:springsource_spring_framework</cpe>
    </suppress>
-    <suppress>
+    <suppress base="true">
        <notes><![CDATA[
        This suppreses additional false positives for the xstream library that occur because spring has a copy of this library.
            com.springsource.com.thoughtworks.xstream-1.3.1.jar
@@ -17,14 +17,14 @@
        <gav regex="true">com\.thoughtworks\.xstream:xstream:.*</gav>
        <cpe>cpe:/a:springsource:spring_framework</cpe>
    </suppress>
-    <suppress>
+    <suppress base="true">
        <notes><![CDATA[
        Suppresses false positives on velocity tools.
        ]]></notes>
        <gav regex="true">org.apache.velocity:velocity-tools:.*</gav>
        <cpe>cpe:/a:apache:struts</cpe>
    </suppress>
-    <suppress>
+    <suppress base="true">
        <notes><![CDATA[
        Sandbox is a php blog platform and should not be flagged as a CPE for java or .net dependencies.
        ]]></notes>