.snyk

# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.25.1
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
  SNYK-JAVA-COMH2DATABASE-31685:
    - '*':
        reason: >-
          H2 have not fixed because only affects insecure environments. See
          CVE-2018-10054 for more details.
          H2 is only enabled in local and test environment
        expires: 2025-02-17T17:40:56.565Z
        created: 2024-12-18T17:40:56.567Z
  SNYK-JAVA-ORGAPACHETOMCATEMBED-8523186:
    - '*':
        reason: >-
          Spring has yet to upgrade their versions with the new tomcat, as this
          is a very recent cre. Check again when this ignore times out next
          month
        expires: 2025-01-18T13:36:23.710Z
        created: 2024-12-19T13:36:23.725Z
patch: {}