diff options
| author | Albin <albin@mullvad.net> | 2022-12-08 15:53:59 +0100 |
|---|---|---|
| committer | Albin <albin@mullvad.net> | 2022-12-08 15:53:59 +0100 |
| commit | 81c3e7fc12f29ceefb394f11d1486c83e847bcc7 (patch) | |
| tree | c63536b3d957f5b778a5d70191fc1dfbdd48aaf7 /android/config | |
| parent | 541bbf7c36e6c83ca7e88cc7ff859c8cefbde6c0 (diff) | |
| parent | 8c6954d4c8d0638fe2b408c9147e56522cb79aa8 (diff) | |
| download | mullvadvpn-81c3e7fc12f29ceefb394f11d1486c83e847bcc7.tar.xz mullvadvpn-81c3e7fc12f29ceefb394f11d1486c83e847bcc7.zip | |
Merge branch 'bump-android-project-to-java-11'
Diffstat (limited to 'android/config')
| -rw-r--r-- | android/config/dependency-check-suppression.xml | 63 |
1 files changed, 56 insertions, 7 deletions
diff --git a/android/config/dependency-check-suppression.xml b/android/config/dependency-check-suppression.xml index 3aad669277..109347ab5a 100644 --- a/android/config/dependency-check-suppression.xml +++ b/android/config/dependency-check-suppression.xml @@ -2,23 +2,32 @@ <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd"> <suppress> <notes><![CDATA[ - This CVE only affect Multiplatform Gradle Projects, which this project is not. + This CVE only part of the debugAndroidTestRuntimeClasspath so suppressing in automatic + checks and tracking externally. + + File name: protobuf-lite-3.0.1.jar ]]></notes> - <cve>CVE-2022-24329</cve> + <packageUrl regex="true">^pkg:maven/com\.google\.protobuf/protobuf\-lite@.*$</packageUrl> + <cve>CVE-2021-22569</cve> </suppress> <suppress> <notes><![CDATA[ - This CVE is a false positive as javalite isn't affected according to: - https://cloud.google.com/support/bulletins#gcp-2022-001 + This CVE only part of the debugAndroidTestRuntimeClasspath so suppressing in automatic + checks and tracking externally. + + File name: protobuf-lite-3.0.1.jar ]]></notes> <packageUrl regex="true">^pkg:maven/com\.google\.protobuf/protobuf\-javalite@.*$</packageUrl> - <cve>CVE-2021-22569</cve> + <cve>CVE-2022-3171</cve> </suppress> <suppress> <notes><![CDATA[ - This CVE is tracked externally and is therefore suppressed in the automatic audit checks. + This CVE only part of the debugAndroidTestRuntimeClasspath so suppressing in automatic + checks and tracking externally. + + File name: protobuf-lite-3.0.1.jar ]]></notes> - <packageUrl regex="true">^pkg:maven/com\.google\.protobuf/protobuf\-javalite@.*$</packageUrl> + <packageUrl regex="true">^pkg:maven/com\.google\.protobuf/protobuf\-lite@.*$</packageUrl> <cve>CVE-2022-3171</cve> </suppress> <suppress> @@ -36,4 +45,44 @@ <packageUrl regex="true">^pkg:maven/commons\-.*/commons\-.*@.*$</packageUrl> <cve>CVE-2021-37533</cve> </suppress> + <suppress> + <notes><![CDATA[ + This CVE only part of the debugAndroidTestRuntimeClasspath so suppressing in automatic + checks and tracking externally. + + File name: guava-28.2-android.jar + ]]></notes> + <packageUrl regex="true">^pkg:maven/com\.google\.guava/guava@.*$</packageUrl> + <cve>CVE-2020-8908</cve> + </suppress> + <suppress> + <notes><![CDATA[ + This CVE only part of the debugAndroidTestRuntimeClasspath so suppressing in automatic + checks and tracking externally. + + File name: guava-28.2-android.jar + ]]></notes> + <packageUrl regex="true">^pkg:maven/com\.google\.guava/guava@.*$</packageUrl> + <cve>CVE-2020-8908</cve> + </suppress> + <suppress> + <notes><![CDATA[ + This CVE only part of the debugAndroidTestRuntimeClasspath so suppressing in automatic + checks and tracking externally. + + File name: jsoup-1.12.2.jar + ]]></notes> + <packageUrl regex="true">^pkg:maven/org\.jsoup/jsoup@.*$</packageUrl> + <cve>CVE-2021-37714</cve> + </suppress> + <suppress> + <notes><![CDATA[ + This CVE only part of the debugAndroidTestRuntimeClasspath so suppressing in automatic + checks and tracking externally. + + File name: jsoup-1.12.2.jar + ]]></notes> + <packageUrl regex="true">^pkg:maven/org\.jsoup/jsoup@.*$</packageUrl> + <cve>CVE-2022-36033</cve> + </suppress> </suppressions> |
