Merge branch 'restore-removed-osv-scanner-ignore'

author: Jonatan Rhodin <jonatan.rhodin@mullvad.net> 2025-02-04 09:50:53 +0100
committer: Jonatan Rhodin <jonatan.rhodin@mullvad.net> 2025-02-04 09:50:53 +0100
commit: e6516783d14e59423de02846cde2d8b1c7dd46ad (patch)
tree: 6880b9fbb62bbf7f10c70b6520a3224d36ff9001
parent: 0c58224a0986aa01550e75dcb091e45f4c511139 (diff)
parent: 4ff3aabb78f1f02798ba04cbeef7d9cf83b3e05e (diff)
download: mullvadvpn-e6516783d14e59423de02846cde2d8b1c7dd46ad.tar.xz
mullvadvpn-e6516783d14e59423de02846cde2d8b1c7dd46ad.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/android/gradle/osv-scanner.toml b/android/gradle/osv-scanner.toml
index d2b14a1f58..b4725bdaf7 100644
--- a/android/gradle/osv-scanner.toml
+++ b/android/gradle/osv-scanner.toml
@@ -66,3 +66,12 @@ reason = "No impact since the app doesn't process externally crafted XML."
 id = "CVE-2024-47535" # GHSA-xq3w-v528-46rv
 ignoreUntil = 2025-02-13
 reason = "Only impacting Windows."
+
+# Several vulns related to bouncy castle that is only being used by lint.
+# These are not used directly in the app.
+[[PackageOverrides]]
+name = "org.bouncycastle:bcprov-jdk18on"
+ecosystem = "Maven"
+ignore = true
+effectiveUntil = 2025-05-02
+reason = "Used by lint and not the app directly."
author	Jonatan Rhodin <jonatan.rhodin@mullvad.net>	2025-02-04 09:50:53 +0100
committer	Jonatan Rhodin <jonatan.rhodin@mullvad.net>	2025-02-04 09:50:53 +0100
commit	e6516783d14e59423de02846cde2d8b1c7dd46ad (patch)
tree	6880b9fbb62bbf7f10c70b6520a3224d36ff9001
parent	0c58224a0986aa01550e75dcb091e45f4c511139 (diff)
parent	4ff3aabb78f1f02798ba04cbeef7d9cf83b3e05e (diff)
download	mullvadvpn-e6516783d14e59423de02846cde2d8b1c7dd46ad.tar.xz mullvadvpn-e6516783d14e59423de02846cde2d8b1c7dd46ad.zip