From d065b196a6a278836ba52ff55b43c6b1dd5646ed Mon Sep 17 00:00:00 2001
From: sidharth-jain <32795041+sidharth-jain23@users.noreply.github.com>
Date: Fri, 15 May 2026 20:22:35 +0530
Subject: [PATCH] Add suppression for CVE-2026-42154 in global suppressions
Added suppression for CVE-2026-42154 to clarify that it affects the Prometheus server, not the Java client library.
---
dependency-check/global-suppressions.xml | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/dependency-check/global-suppressions.xml b/dependency-check/global-suppressions.xml
index 40f1d19..84e0d52 100644
--- a/dependency-check/global-suppressions.xml
+++ b/dependency-check/global-suppressions.xml
@@ -175,4 +175,15 @@
CVE-2026-5795
+
+
+
+ ^pkg:maven/io\.prometheus/simpleclient.*@.*$
+ CVE-2026-42154
+