Restore osv scanner vuln ignore that is still required

author: Jonatan Rhodin <jonatan.rhodin@mullvad.net> 2025-02-04 08:52:05 +0100
committer: Jonatan Rhodin <jonatan.rhodin@mullvad.net> 2025-02-04 09:49:23 +0100
commit: 4ff3aabb78f1f02798ba04cbeef7d9cf83b3e05e (patch)
tree: 6880b9fbb62bbf7f10c70b6520a3224d36ff9001 /android
parent: 0c58224a0986aa01550e75dcb091e45f4c511139 (diff)
download: mullvadvpn-4ff3aabb78f1f02798ba04cbeef7d9cf83b3e05e.tar.xz
mullvadvpn-4ff3aabb78f1f02798ba04cbeef7d9cf83b3e05e.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/android/gradle/osv-scanner.toml b/android/gradle/osv-scanner.toml
index d2b14a1f58..b4725bdaf7 100644
--- a/android/gradle/osv-scanner.toml
+++ b/android/gradle/osv-scanner.toml
@@ -66,3 +66,12 @@ reason = "No impact since the app doesn't process externally crafted XML."
 id = "CVE-2024-47535" # GHSA-xq3w-v528-46rv
 ignoreUntil = 2025-02-13
 reason = "Only impacting Windows."
+
+# Several vulns related to bouncy castle that is only being used by lint.
+# These are not used directly in the app.
+[[PackageOverrides]]
+name = "org.bouncycastle:bcprov-jdk18on"
+ecosystem = "Maven"
+ignore = true
+effectiveUntil = 2025-05-02
+reason = "Used by lint and not the app directly."
author	Jonatan Rhodin <jonatan.rhodin@mullvad.net>	2025-02-04 08:52:05 +0100
committer	Jonatan Rhodin <jonatan.rhodin@mullvad.net>	2025-02-04 09:49:23 +0100
commit	4ff3aabb78f1f02798ba04cbeef7d9cf83b3e05e (patch)
tree	6880b9fbb62bbf7f10c70b6520a3224d36ff9001 /android
parent	0c58224a0986aa01550e75dcb091e45f4c511139 (diff)
download	mullvadvpn-4ff3aabb78f1f02798ba04cbeef7d9cf83b3e05e.tar.xz mullvadvpn-4ff3aabb78f1f02798ba04cbeef7d9cf83b3e05e.zip