Suppress CVE-2022-3171 from automatic audit checks

This suppression only affects the Android app.

The CVE will instead be tracked externally and will likely be mitigated
by either updating affected dependencies or by identifying that it
doesn't affect the app.

2 files changed, 14 insertions, 0 deletions

diff --git a/android/config/dependency-check-suppression.xml b/android/config/dependency-check-suppression.xml
index 2efc7cff12..c90c64c949 100644
--- a/android/config/dependency-check-suppression.xml
+++ b/android/config/dependency-check-suppression.xml
@@ -14,4 +14,11 @@
         <packageUrl regex="true">^pkg:maven/com\.google\.protobuf/protobuf\-javalite@.*$</packageUrl>
         <cve>CVE-2021-22569</cve>
     </suppress>
+    <suppress>
+        <notes><![CDATA[
+        This CVE is tracked externally and is therefore suppressed in the automatic audit checks.
+        ]]></notes>
+        <packageUrl regex="true">^pkg:maven/com\.google\.protobuf/protobuf\-javalite@.*$</packageUrl>
+        <cve>CVE-2022-3171</cve>
+    </suppress>
 </suppressions>
diff --git a/android/e2e/e2e-suppression.xml b/android/e2e/e2e-suppression.xml
index 42ee64cfcb..86e10bebb2 100644
--- a/android/e2e/e2e-suppression.xml
+++ b/android/e2e/e2e-suppression.xml
@@ -21,4 +21,11 @@
         <packageUrl regex="true">^pkg:maven/com\.google\.protobuf/protobuf\-javalite@.*$</packageUrl>
         <cve>CVE-2021-22569</cve>
     </suppress>
+    <suppress>
+        <notes><![CDATA[
+        This CVE is tracked externally and is therefore suppressed in the automatic audit checks.
+        ]]></notes>
+        <packageUrl regex="true">^pkg:maven/com\.google\.protobuf/protobuf\-javalite@.*$</packageUrl>
+        <cve>CVE-2022-3171</cve>
+    </suppress>
 </suppressions>