Hans Aikema

Then all that's left would be networktracing the requests to the proxy. It should (based on the config) contain the proxy-authentication, but the response of the proxy that you quote...

@jeremylong @jlstephens89 I think this one can now be considered resolved with the updates/fixes made in the OSSINDEX? Or are there still pending issues related to this ticket?

The result comes from OSSINDEX, so either OSSINDEX is listing it wrongly for version 7.0.0, or their research team has judged that 7.0.0 is only partially fixing the issue. I...

> I didn't want to suppress those in case there was ever an update and it turned out there is a new vuln involving them. You would not risk this...

@renegrob you already can do things like that already with the CPE suppressions (using the CPE 2.2 format). Most suppressions are CPE suppressions. (though nowadays you would typically use packageUrl...

@brampat please do not hijack this ticket for continuing discussions unrelated to the raised FP.

bc-fips vulnerability is properly detected (Maven plugin 7.1.0). Not sure how to properly validate the PyYAML CVEs, maybe you can retest?

Would need enhancement in DependencyCheck to take `target_sw` CPE attribute into account

Without a packageUrl for this library we cannot fix it and suppression would be up to you, I cannot find where this library originates from.

Without a packageUrl for this library we cannot fix it and suppression would be up to you, I cannot find where this library originates from.