Merge pull request #7289 from corda/ritu_tmp_SNYK_waivers_remaining

NOTICK: Remaining snyk waivers updated for Corda OS 4.10

.snyk

@@ -196,4 +196,33 @@ ignore:
           they are not susceptible.
         expires: 2023-03-28T11:40:29.871Z
         created: 2022-12-29T11:40:29.896Z
+  SNYK-JAVA-ORGYAML-3152153:
+    - '*':
+        reason: >-
+          There is a transitive dependency on snakeyaml from the third party
+          components jackson-dataformat-yaml and liquidbase-core. The
+          jackson-dataformat-yaml component does not use the snakeyaml
+          databinding layer. For liquidbase we use xml in the changelog files
+          not yaml. So given this Corda is not susceptible to this
+          vulnerability.Cordapp authors should exercise their own judgment if
+          using this library directly in their cordapp.
+        expires: 2023-03-03T11:35:04.385Z
+        created: 2023-01-04T11:35:04.414Z
+  SNYK-JAVA-IONETTY-3167773:
+    - '*':
+        reason: >-
+          Corda does not use Netty HTTP (and does not use HTTP in the P2P
+          protocol) . This is a transitive dependency of Netty comms library,
+          but it is not used in Corda, which uses a custom binary protocol
+          secured by mutually authenticated TLS. The vulnerability relating to
+          HTTP Response splitting is not exposed.
+        expires: 2023-03-03T11:40:51.456Z
+        created: 2023-01-04T11:40:51.467Z
+  SNYK-JAVA-COMH2DATABASE-3146851:
+    - '*':
+        reason: >-
+          Corda does not make use of the H2 web admin console, so it not
+          susceptible to this reported vulnerability
+        expires: 2023-03-03T11:45:11.295Z
+        created: 2023-01-04T11:45:11.322Z
 patch: {}