Weston/esta-python-template
Template
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

initial commit

Browse Source
This commit is contained in:
root
2025-10-11 17:03:02 +02:00
commit 08dbb6210e
51 changed files with 3420 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
template/dependency-check-suppressions.xml Normal file
View File

@@ -0,0 +1,43 @@
<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
<suppress>
<notes><![CDATA[
This can be suppressed because it is a transient dependency of the `pre-commit-hooks` dependency, which only uses ruamel-yaml if the YAML-specific hooks are actually run.
Additionally, the vulnerability CVE-2022-3064 (Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.) only applies when parsing untrusted (user-supplied) YAML, which isn't the case here.
The gist: Never trust a user-submitted YAML file! This could DoS your app!
]]></notes>
<packageUrl regex="true">^pkg:pypi/ruamel-yaml-clib@.*$</packageUrl>
<cve>CVE-2022-3064</cve>
</suppress>
<suppress>
<notes><![CDATA[
This can be suppressed because it is a transient dependency of the `pre-commit-hooks` dependency, which only uses ruamel-yaml if the YAML-specific hooks are actually run.
Additionally, the vulnerability CVE-2021-4235 (Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.) only applies when parsing untrusted (user-supplied) YAML, which isn't the case here.
The gist: Never trust a user-submitted YAML file! This could DoS your app!
]]></notes>
<packageUrl regex="true">^pkg:pypi/ruamel-yaml-clib@.*$</packageUrl>
<cve>CVE-2021-4235</cve>
</suppress>
<suppress>
<notes><![CDATA[
This can be suppressed because it is a transient dependency of the `pre-commit-hooks` dependency, which only uses ruamel-yaml if the YAML-specific hooks are actually run.
Additionally, the vulnerability CVE-2022-3064 (Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.) only applies when parsing untrusted (user-supplied) YAML, which isn't the case here.
The gist: Never trust a user-submitted YAML file! This could DoS your app!
]]></notes>
<packageUrl regex="true">^pkg:pypi/ruamel-yaml@.*$</packageUrl>
<cve>CVE-2022-3064</cve>
</suppress>
<suppress>
<notes><![CDATA[
This can be suppressed because it is a transient dependency of the `pre-commit-hooks` dependency, which only uses ruamel-yaml if the YAML-specific hooks are actually run.
Additionally, the vulnerability CVE-2021-4235 (Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.) only applies when parsing untrusted (user-supplied) YAML, which isn't the case here.
The gist: Never trust a user-submitted YAML file! This could DoS your app!
]]></notes>
<packageUrl regex="true">^pkg:pypi/ruamel-yaml@.*$</packageUrl>
<cve>CVE-2021-4235</cve>
</suppress>
</suppressions>