diff options
| author | Jonatan Rhodin <jonatan.rhodin@mullvad.net> | 2025-05-30 10:43:06 +0200 |
|---|---|---|
| committer | Jonatan Rhodin <jonatan.rhodin@mullvad.net> | 2025-05-30 10:43:06 +0200 |
| commit | 42b53b4bcd3d3155d42ebca7e33c9450ca5dab73 (patch) | |
| tree | 33cd5e167696ab5107367256f4c40f6304335580 | |
| parent | cba7ba90d28654d06df05157af550063070d24cd (diff) | |
| parent | 147939bfe980a67d2e40cf48ba1ab68fa205ff53 (diff) | |
| download | mullvadvpn-42b53b4bcd3d3155d42ebca7e33c9450ca5dab73.tar.xz mullvadvpn-42b53b4bcd3d3155d42ebca7e33c9450ca5dab73.zip | |
Merge branch 'fix-vuln-GHSA-wxr5-93ph-8wr9'
| -rw-r--r-- | android/app/build.gradle.kts | 11 | ||||
| -rw-r--r-- | android/gradle/verification-metadata.xml | 5 |
2 files changed, 10 insertions, 6 deletions
diff --git a/android/app/build.gradle.kts b/android/app/build.gradle.kts index a628476cb6..0655a3b8e0 100644 --- a/android/app/build.gradle.kts +++ b/android/app/build.gradle.kts @@ -356,7 +356,16 @@ dependencies { // Play implementation playImplementation(projects.lib.billing) - implementation(libs.commons.validator) + // This dependency can be replaced when minimum SDK is 29 or higher. + // It can then be replaced with InetAddress.isNumericAddress + implementation(libs.commons.validator) { + // This dependency has a known vulnerability + // https://osv.dev/vulnerability/GHSA-wxr5-93ph-8wr9 + // It is not used so let's exclude it. + // Unfortunately, this is not possible to do using libs.version.toml + // https://github.com/gradle/gradle/issues/26367#issuecomment-2120830998 + exclude("commons-beanutils", "commons-beanutils") + } implementation(libs.androidx.activity.compose) implementation(libs.androidx.datastore) implementation(libs.androidx.coresplashscreen) diff --git a/android/gradle/verification-metadata.xml b/android/gradle/verification-metadata.xml index c4db093314..6222e2f212 100644 --- a/android/gradle/verification-metadata.xml +++ b/android/gradle/verification-metadata.xml @@ -3713,11 +3713,6 @@ <sha256 value="056f3a1e144409f21ed16afc26805f58e9a21f3fce1543c42d400719d250c511" origin="Generated by Gradle"/> </artifact> </component> - <component group="commons-beanutils" name="commons-beanutils" version="1.9.4"> - <artifact name="commons-beanutils-1.9.4.jar"> - <sha256 value="7d938c81789028045c08c065e94be75fc280527620d5bd62b519d5838532368a" origin="Generated by Gradle"/> - </artifact> - </component> <component group="commons-codec" name="commons-codec" version="1.10"> <artifact name="commons-codec-1.10.jar"> <sha256 value="4241dfa94e711d435f29a4604a3e2de5c4aa3c165e23bd066be6fc1fc4309569" origin="Generated by Gradle"/> |