Address cve false positives (#761)

address cve false positives

src/owasp/owasp-suppression.xml

@@ -17,26 +17,21 @@
   ~ specific language governing permissions and limitations
   ~ under the License.
   -->
-<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd">
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
 
     <!-- invalid artifact detection / swagger uber jars-->
     <suppress>
         <notes><![CDATA[file name: swagger-codegen-2.2.3.jar: gradle-wrapper.jar]]></notes>
-        <sha1>0f6f1fa2b59ae770ca14f975726bed8d6620ed9b</sha1>
         <cve>CVE-2016-6199</cve>
-        <cve>CVE-2020-11979</cve>
-        <cve>CVE-2021-32751</cve>
-    </suppress>
-
-    <!-- build time dependency contains older version of gradle (which this project does NOT use) -->
-    <suppress>
-        <notes><![CDATA[ file name: swagger-codegen-2.2.3.jar: gradle-wrapper.jar ]]></notes>
-        <sha1>0f6f1fa2b59ae770ca14f975726bed8d6620ed9b</sha1>
         <cve>CVE-2019-11065</cve>
+        <cve>CVE-2019-11405</cve>
         <cve>CVE-2019-15052</cve>
         <cve>CVE-2019-16370</cve>
-        <cve>CVE-2021-29429</cve>
+        <cve>CVE-2020-11979</cve>
+        <cve>CVE-2021-21364</cve>
         <cve>CVE-2021-29428</cve>
+        <cve>CVE-2021-29429</cve>
+        <cve>CVE-2021-32751</cve>
         <cve>CVE-2022-25364</cve>
     </suppress>
 
@@ -61,4 +56,13 @@
         <notes><![CDATA[ file name: package.json ]]></notes>
         <cve>CVE-2021-3765</cve>
     </suppress>
+
+    <!-- False positive, see https://github.com/jeremylong/DependencyCheck/issues/4839 -->
+    <suppress base="true">
+        <notes><![CDATA[ FP per issue #4839 ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.yaml/snakeyaml@.*$</packageUrl>
+        <cve>CVE-2022-38752</cve>
+    </suppress>
+
 </suppressions>
+