# Snyk (https://snyk.io) policy file, provides ignores for known false positives.
# This file is autogenerated from .build/dependency-check-suppressions.xml
version: v1.25.0
ignore:
  CVE-2022-1471:
    - reason: https://issues.apache.org/jira/browse/CASSANDRA-17907 -- ^pkg:maven/org\.yaml/snakeyaml@.*$
  CVE-2022-25857:
    - reason: https://issues.apache.org/jira/browse/CASSANDRA-17907 -- ^pkg:maven/org\.yaml/snakeyaml@.*$
  CVE-2022-38749:
    - reason: https://issues.apache.org/jira/browse/CASSANDRA-17907 -- ^pkg:maven/org\.yaml/snakeyaml@.*$
  CVE-2022-38750:
    - reason: https://issues.apache.org/jira/browse/CASSANDRA-17907 -- ^pkg:maven/org\.yaml/snakeyaml@.*$
  CVE-2022-38751:
    - reason: https://issues.apache.org/jira/browse/CASSANDRA-17907 -- ^pkg:maven/org\.yaml/snakeyaml@.*$
  CVE-2022-38752:
    - reason: https://issues.apache.org/jira/browse/CASSANDRA-17907 -- ^pkg:maven/org\.yaml/snakeyaml@.*$
  CVE-2022-41854:
    - reason: https://issues.apache.org/jira/browse/CASSANDRA-17907 -- ^pkg:maven/org\.yaml/snakeyaml@.*$
  CVE-2022-42003:
    - reason: https://issues.apache.org/jira/browse/CASSANDRA-17966 -- ^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$
  CVE-2022-42004:
    - reason: https://issues.apache.org/jira/browse/CASSANDRA-17966 -- ^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$
  CVE-2023-35116:
    - reason: https://issues.apache.org/jira/browse/CASSANDRA-17966 -- ^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$
  CVE-2023-44487:
    - reason: https://issues.apache.org/jira/browse/CASSANDRA-18943 -- ^pkg:maven/io\.netty/netty\-.*@.*$
  CVE-2023-6378:
    - reason: Suppressed due to internal review, see project's .build/dependency-check-suppressions.xml
  CVE-2023-6481:
    - reason: Suppressed due to internal review, see project's .build/dependency-check-suppressions.xml
  CVE-2024-12798:
    - reason: Suppressed due to internal review, see project's .build/dependency-check-suppressions.xml
  CVE-2024-12801:
    - reason: Suppressed due to internal review, see project's .build/dependency-check-suppressions.xml
  CVE-2024-45772:
    - reason: https://issues.apache.org/jira/browse/CASSANDRA-20024 -- ^pkg:maven/org\.apache\.lucene/lucene\-.*@9.7.0$
  CVE-2025-25193:
    - reason: https://issues.apache.org/jira/browse/CASSANDRA-20504 -- ^pkg:maven/io\.netty/netty\-.*@.*$
