From 088c4dbd4b9590d419d460a594f2081b812888b7 Mon Sep 17 00:00:00 2001
From: Marty Pradere <martyp@labkey.com>
Date: Wed, 20 Aug 2025 16:57:09 -0700
Subject: [PATCH 1/3] suppress protobuf

---
 dependencyCheckSuppression.xml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/dependencyCheckSuppression.xml b/dependencyCheckSuppression.xml
index 423ec9f23d..b075c2d09b 100644
--- a/dependencyCheckSuppression.xml
+++ b/dependencyCheckSuppression.xml
@@ -248,4 +248,13 @@
        <packageUrl regex="true">^pkg:maven/com\.google\.code\.gson/gson@.*$</packageUrl>
        <vulnerabilityName>CVE-2025-53864</vulnerabilityName>
     </suppress>
+
+    <suppress>
+        <notes><![CDATA[
+       file name: protobuf-java-util-3.23.2.jar
+       ]]></notes>
+        <packageUrl regex="true">^pkg:maven/com\.google\.protobuf/protobuf-java-util@.*$</packageUrl>
+        <cpe>cpe:/a:google:protobuf</cpe>
+    </suppress>
+
 </suppressions>

From 2ee68498db9ca044bf116009a2cf1d4872688f62 Mon Sep 17 00:00:00 2001
From: Marty Pradere <martyp@labkey.com>
Date: Thu, 21 Aug 2025 05:52:35 -0700
Subject: [PATCH 2/3] comment

---
 dependencyCheckSuppression.xml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/dependencyCheckSuppression.xml b/dependencyCheckSuppression.xml
index b075c2d09b..4d9101bb1e 100644
--- a/dependencyCheckSuppression.xml
+++ b/dependencyCheckSuppression.xml
@@ -249,6 +249,7 @@
        <vulnerabilityName>CVE-2025-53864</vulnerabilityName>
     </suppress>
 
+    <!-- Old version of protobuf brought in as a transitive dependency in Sequence Analysis module. Currently no way to force upgrade.   -->
     <suppress>
         <notes><![CDATA[
        file name: protobuf-java-util-3.23.2.jar

From 3720432319d6c69b928687eaa0bb53ea9c78dd63 Mon Sep 17 00:00:00 2001
From: Marty Pradere <martyp@labkey.com>
Date: Thu, 21 Aug 2025 05:55:09 -0700
Subject: [PATCH 3/3] cve number

---
 dependencyCheckSuppression.xml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/dependencyCheckSuppression.xml b/dependencyCheckSuppression.xml
index 4d9101bb1e..34b3647cdc 100644
--- a/dependencyCheckSuppression.xml
+++ b/dependencyCheckSuppression.xml
@@ -252,10 +252,10 @@
     <!-- Old version of protobuf brought in as a transitive dependency in Sequence Analysis module. Currently no way to force upgrade.   -->
     <suppress>
         <notes><![CDATA[
-       file name: protobuf-java-util-3.23.2.jar
-       ]]></notes>
+        file name: protobuf-java-util-3.23.2.jar
+        ]]></notes>
         <packageUrl regex="true">^pkg:maven/com\.google\.protobuf/protobuf-java-util@.*$</packageUrl>
-        <cpe>cpe:/a:google:protobuf</cpe>
+        <cve>CVE-2024-7254</cve>
     </suppress>
 
 </suppressions>