Supress unlikely med. vuln. in compress

goneall · goneall · commit e9ae99e656dc · 2024-09-05T15:38:24.000-07:00
Signed-off-by: Gary O'Neall &lt;gary@sourceauditor.com&gt;
diff --git a/dependency-check-supress.xml b/dependency-check-supress.xml
@@ -64,4 +64,12 @@
    <packageUrl regex="true">^pkg:maven/com\.github\.jsonld\-java/jsonld\-java@.*$</packageUrl>
    <cve>CVE-2023-5072</cve>
 </suppress>
+<suppress>
+   <notes><![CDATA[
+   file name: commons-compress-1.24.0.jar
+   Since this utility is only called by Jena - it is unlikely to be impacted
+   ]]></notes>
+   <packageUrl regex="true">^pkg:maven/org\.apache\.commons/commons\-compress@.*$</packageUrl>
+   <cve>CVE-2024-25710</cve>
+</suppress>
 </suppressions>
