Remove OWASP dependency check plugin

The OWASP DependencyCheck plugin has been replaced
with `osv-scanner` which covers our use-case.

2 files changed, 0 insertions, 100 deletions

diff --git a/android/config/dependency-check-suppression-agp-fixes.xml b/android/config/dependency-check-suppression-agp-fixes.xml
deleted file mode 100644
index 16b4bba810..0000000000
--- a/android/config/dependency-check-suppression-agp-fixes.xml
+++ /dev/null
@@ -1,41 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
-    <suppress until="2025-03-01Z">
-        <notes><![CDATA[
-        This and all other supressions in this file are for dependencies only used for tests.
-        These should be excluded by the plugin but this behaviour is broken.
-        Added here until we can fix the plugin behaviour.
-        ]]></notes>
-        <packageUrl regex="true">^pkg:maven/io\.netty/.*@.*$</packageUrl>
-        <cve>CVE-2022-41881</cve>
-        <cve>CVE-2023-44487</cve>
-        <cve>CVE-2023-34462</cve>
-        <cve>CVE-2022-24823</cve>
-        <cve>CVE-2024-29025</cve>
-        <cve>CVE-2022-41915</cve>
-        <cve>CVE-2024-47535</cve>
-    </suppress>
-    <suppress until="2025-03-01Z">
-        <notes><![CDATA[
-        This and all other supressions in this file are for dependencies only used for tests.
-        These should be excluded by the plugin but this behaviour is broken.
-        Added here until we can fix the plugin behaviour.
-        ]]></notes>
-        <packageUrl regex="true">^pkg:maven/com\.google\.protobuf/.*@.*$</packageUrl>
-        <cve>CVE-2024-7254</cve>
-        <cve>CVE-2022-3171</cve>
-        <cve>CVE-2022-3510</cve>
-        <cve>CVE-2021-22569</cve>
-    </suppress>
-    <suppress until="2025-03-01Z">
-        <notes><![CDATA[
-        This and all other supressions in this file are for dependencies only used for tests.
-        These should be excluded by the plugin but this behaviour is broken.
-        Added here until we can fix the plugin behaviour.
-        ]]></notes>
-        <packageUrl regex="true">^pkg:maven/com.google.guava/guava@.*$</packageUrl>
-        <cve>CVE-2023-2976</cve>
-        <cve>CVE-2020-8908</cve>
-    </suppress>
-</suppressions>
-
diff --git a/android/config/dependency-check-suppression.xml b/android/config/dependency-check-suppression.xml
deleted file mode 100644
index 6fa39f3249..0000000000
--- a/android/config/dependency-check-suppression.xml
+++ /dev/null
@@ -1,59 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
-    <suppress until="2025-05-01Z">
-        <notes><![CDATA[
-        This CVE only affect Multiplatform Gradle Projects, which this project is not.
-        https://nvd.nist.gov/vuln/detail/CVE-2022-24329
-        ]]></notes>
-        <packageUrl regex="true">^pkg:maven/org\.jetbrains\.kotlin/kotlin\-stdlib.*@.*$</packageUrl>
-        <cve>CVE-2022-24329</cve>
-    </suppress>
-    <suppress until="2025-03-01Z">
-        <notes><![CDATA[
-          This CVE only affect programs using loadXML and is derived from using ksp.
-          We do not use the loadXML, ksp is used to generate navigation paths in our code
-          and not for processesing any user input.
-        ]]></notes>
-        <packageUrl regex="true">^pkg:maven/com\.google\.devtools\.ksp/symbol\-processing.*@.*$</packageUrl>
-        <cve>CVE-2018-1000840</cve>
-    </suppress>
-    <suppress until="2025-03-01Z">
-        <notes><![CDATA[
-            False-positive only affecting javascript gRPC packages.
-        ]]></notes>
-        <packageUrl regex="true">^pkg:maven/io\.grpc/protoc\-gen\-grpc\-kotlin@.*$</packageUrl>
-        <cve>CVE-2020-7768</cve>
-    </suppress>
-    <suppress until="2025-03-01Z">
-        <notes><![CDATA[
-            No impact on this app since it uses UDS rather than HTTP2.
-        ]]></notes>
-        <packageUrl regex="true">^pkg:maven/io\.grpc/.*@.*$</packageUrl>
-        <cve>CVE-2023-32732</cve>
-        <cve>CVE-2023-33953</cve>
-        <cve>CVE-2023-44487</cve>
-    </suppress>
-    <suppress until="2024-12-26Z">
-        <notes><![CDATA[
-            False-positive related to a NodeJS library and not the one we use.
-        ]]></notes>
-        <packageUrl regex="true">^pkg:maven/commons\-validator/commons\-validator@.*$</packageUrl>
-        <cve>CVE-2021-3765</cve>
-    </suppress>
-    <suppress until="2025-03-01Z">
-        <notes><![CDATA[
-            Denial of service using protobuf.
-            Should not be applicable since client and server are always in sync and we are only
-            communicating locally over UDS.
-        ]]></notes>
-        <packageUrl regex="true">^pkg:maven/com\.google\.protobuf/protobuf-.*@.*$</packageUrl>
-        <cve>CVE-2024-7254</cve>
-    </suppress>
-    <suppress until="2025-04-04Z">
-        <notes><![CDATA[
-            No impact since the app doesn't process externally crafted XML.
-        ]]></notes>
-        <packageUrl regex="true">^pkg:maven/commons-io/commons-io@.*$</packageUrl>
-        <cve>CVE-2024-47554</cve>
-    </suppress>
-</suppressions>