summaryrefslogtreecommitdiffhomepage
path: root/android
diff options
context:
space:
mode:
Diffstat (limited to 'android')
-rw-r--r--android/app/build.gradle.kts8
-rw-r--r--android/build.gradle.kts11
-rw-r--r--android/config/dependency-check-suppression-agp-fixes.xml41
-rw-r--r--android/config/dependency-check-suppression.xml59
-rw-r--r--android/gradle/libs.versions.toml3
-rw-r--r--android/gradle/osv-scanner.toml7
-rw-r--r--android/gradle/verification-keyring.keys45
-rw-r--r--android/gradle/verification-metadata.xml369
-rw-r--r--android/test/e2e/build.gradle.kts9
-rw-r--r--android/test/mockapi/build.gradle.kts9
-rw-r--r--android/test/test-suppression.xml29
11 files changed, 52 insertions, 538 deletions
diff --git a/android/app/build.gradle.kts b/android/app/build.gradle.kts
index 36625c50e4..60a08c4f5e 100644
--- a/android/app/build.gradle.kts
+++ b/android/app/build.gradle.kts
@@ -322,14 +322,6 @@ androidComponents {
}
}
-configure<org.owasp.dependencycheck.gradle.extension.DependencyCheckExtension> {
- // Skip the lintClassPath configuration, which relies on many dependencies that has been flagged
- // to have CVEs, as it's related to the lint tooling rather than the project's compilation class
- // path. The alternative would be to suppress specific CVEs, however that could potentially
- // result in suppressed CVEs in project compilation class path.
- skipConfigurations = listOf("lintClassPath")
-}
-
// This is a safety net to avoid generating too big version codes, since that could potentially be
// hard and inconvenient to recover from.
tasks.register("ensureValidVersionCode") {
diff --git a/android/build.gradle.kts b/android/build.gradle.kts
index f27c5e41e7..5f98f28d5d 100644
--- a/android/build.gradle.kts
+++ b/android/build.gradle.kts
@@ -6,7 +6,6 @@ plugins {
alias(libs.plugins.android.application) apply false
alias(libs.plugins.android.library) apply false
alias(libs.plugins.android.test) apply false
- alias(libs.plugins.dependency.check) apply false
alias(libs.plugins.ktfmt) apply false
alias(libs.plugins.compose) apply false
alias(libs.plugins.play.publisher) apply false
@@ -100,7 +99,6 @@ tasks.withType<DetektCreateBaselineTask>().configureEach {
}
allprojects {
- apply(plugin = rootProject.libs.plugins.dependency.check.get().pluginId)
apply(plugin = rootProject.libs.plugins.ktfmt.get().pluginId)
repositories {
@@ -108,15 +106,6 @@ allprojects {
mavenCentral()
}
- configure<org.owasp.dependencycheck.gradle.extension.DependencyCheckExtension> {
- failBuildOnCVSS = 0F // All severity levels
- suppressionFiles =
- listOf(
- "${rootProject.projectDir}/config/dependency-check-suppression.xml",
- "${rootProject.projectDir}/config/dependency-check-suppression-agp-fixes.xml",
- )
- }
-
// Should be the same as ktfmt config in buildSrc/build.gradle.kts
configure<com.ncorti.ktfmt.gradle.KtfmtExtension> {
kotlinLangStyle()
diff --git a/android/config/dependency-check-suppression-agp-fixes.xml b/android/config/dependency-check-suppression-agp-fixes.xml
deleted file mode 100644
index 16b4bba810..0000000000
--- a/android/config/dependency-check-suppression-agp-fixes.xml
+++ /dev/null
@@ -1,41 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
- <suppress until="2025-03-01Z">
- <notes><![CDATA[
- This and all other supressions in this file are for dependencies only used for tests.
- These should be excluded by the plugin but this behaviour is broken.
- Added here until we can fix the plugin behaviour.
- ]]></notes>
- <packageUrl regex="true">^pkg:maven/io\.netty/.*@.*$</packageUrl>
- <cve>CVE-2022-41881</cve>
- <cve>CVE-2023-44487</cve>
- <cve>CVE-2023-34462</cve>
- <cve>CVE-2022-24823</cve>
- <cve>CVE-2024-29025</cve>
- <cve>CVE-2022-41915</cve>
- <cve>CVE-2024-47535</cve>
- </suppress>
- <suppress until="2025-03-01Z">
- <notes><![CDATA[
- This and all other supressions in this file are for dependencies only used for tests.
- These should be excluded by the plugin but this behaviour is broken.
- Added here until we can fix the plugin behaviour.
- ]]></notes>
- <packageUrl regex="true">^pkg:maven/com\.google\.protobuf/.*@.*$</packageUrl>
- <cve>CVE-2024-7254</cve>
- <cve>CVE-2022-3171</cve>
- <cve>CVE-2022-3510</cve>
- <cve>CVE-2021-22569</cve>
- </suppress>
- <suppress until="2025-03-01Z">
- <notes><![CDATA[
- This and all other supressions in this file are for dependencies only used for tests.
- These should be excluded by the plugin but this behaviour is broken.
- Added here until we can fix the plugin behaviour.
- ]]></notes>
- <packageUrl regex="true">^pkg:maven/com.google.guava/guava@.*$</packageUrl>
- <cve>CVE-2023-2976</cve>
- <cve>CVE-2020-8908</cve>
- </suppress>
-</suppressions>
-
diff --git a/android/config/dependency-check-suppression.xml b/android/config/dependency-check-suppression.xml
deleted file mode 100644
index 6fa39f3249..0000000000
--- a/android/config/dependency-check-suppression.xml
+++ /dev/null
@@ -1,59 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
- <suppress until="2025-05-01Z">
- <notes><![CDATA[
- This CVE only affect Multiplatform Gradle Projects, which this project is not.
- https://nvd.nist.gov/vuln/detail/CVE-2022-24329
- ]]></notes>
- <packageUrl regex="true">^pkg:maven/org\.jetbrains\.kotlin/kotlin\-stdlib.*@.*$</packageUrl>
- <cve>CVE-2022-24329</cve>
- </suppress>
- <suppress until="2025-03-01Z">
- <notes><![CDATA[
- This CVE only affect programs using loadXML and is derived from using ksp.
- We do not use the loadXML, ksp is used to generate navigation paths in our code
- and not for processesing any user input.
- ]]></notes>
- <packageUrl regex="true">^pkg:maven/com\.google\.devtools\.ksp/symbol\-processing.*@.*$</packageUrl>
- <cve>CVE-2018-1000840</cve>
- </suppress>
- <suppress until="2025-03-01Z">
- <notes><![CDATA[
- False-positive only affecting javascript gRPC packages.
- ]]></notes>
- <packageUrl regex="true">^pkg:maven/io\.grpc/protoc\-gen\-grpc\-kotlin@.*$</packageUrl>
- <cve>CVE-2020-7768</cve>
- </suppress>
- <suppress until="2025-03-01Z">
- <notes><![CDATA[
- No impact on this app since it uses UDS rather than HTTP2.
- ]]></notes>
- <packageUrl regex="true">^pkg:maven/io\.grpc/.*@.*$</packageUrl>
- <cve>CVE-2023-32732</cve>
- <cve>CVE-2023-33953</cve>
- <cve>CVE-2023-44487</cve>
- </suppress>
- <suppress until="2024-12-26Z">
- <notes><![CDATA[
- False-positive related to a NodeJS library and not the one we use.
- ]]></notes>
- <packageUrl regex="true">^pkg:maven/commons\-validator/commons\-validator@.*$</packageUrl>
- <cve>CVE-2021-3765</cve>
- </suppress>
- <suppress until="2025-03-01Z">
- <notes><![CDATA[
- Denial of service using protobuf.
- Should not be applicable since client and server are always in sync and we are only
- communicating locally over UDS.
- ]]></notes>
- <packageUrl regex="true">^pkg:maven/com\.google\.protobuf/protobuf-.*@.*$</packageUrl>
- <cve>CVE-2024-7254</cve>
- </suppress>
- <suppress until="2025-04-04Z">
- <notes><![CDATA[
- No impact since the app doesn't process externally crafted XML.
- ]]></notes>
- <packageUrl regex="true">^pkg:maven/commons-io/commons-io@.*$</packageUrl>
- <cve>CVE-2024-47554</cve>
- </suppress>
-</suppressions>
diff --git a/android/gradle/libs.versions.toml b/android/gradle/libs.versions.toml
index 35e3d2526c..e1c8d5a92a 100644
--- a/android/gradle/libs.versions.toml
+++ b/android/gradle/libs.versions.toml
@@ -61,7 +61,6 @@ rust-android-gradle = "0.9.6"
# Misc
commonsvalidator = "1.9.0"
# Upgrading to 12.0.1 results in task failing, DROID-1517
-dependency-check = "10.0.4"
dependency-versions = "0.52.0"
detekt = "1.23.7"
jodatime = "2.13.0"
@@ -195,8 +194,6 @@ grpc-protoc-gen-grpc-kotlin = { id = "io.grpc:protoc-gen-grpc-kotlin", version.r
# Rust Android Gradle
rust-android-gradle = { id = "org.mozilla.rust-android-gradle.rust-android", version.ref = "rust-android-gradle" }
-# Misc
-dependency-check = { id = "org.owasp.dependencycheck", version.ref = "dependency-check" }
dependency-versions = { id = "com.github.ben-manes.versions", version.ref = "dependency-versions" }
detekt = { id = "io.gitlab.arturbosch.detekt", version.ref = "detekt" }
ktfmt = { id = "com.ncorti.ktfmt.gradle", version.ref = "ktfmt" }
diff --git a/android/gradle/osv-scanner.toml b/android/gradle/osv-scanner.toml
index 0b3df29516..d2b14a1f58 100644
--- a/android/gradle/osv-scanner.toml
+++ b/android/gradle/osv-scanner.toml
@@ -1,12 +1,5 @@
# See repository root `osv-scanner.toml` for instructions and rules for this file.
#
-# The OWASP Dependency-Check tool is also used for vulnerability scanning.
-
-# h2database: Cleartext Storage of Sensitive Information
-[[IgnoredVulns]]
-id = "CVE-2022-45868" # GHSA-22wj-vf5f-wrvj
-ignoreUntil = 2025-05-02
-reason = "Used by the dependency-check tool and not the app directly."
# netty: HttpPostRequestDecoder can OOM
[[IgnoredVulns]]
diff --git a/android/gradle/verification-keyring.keys b/android/gradle/verification-keyring.keys
index 9c40722f14..ca118d59a2 100644
--- a/android/gradle/verification-keyring.keys
+++ b/android/gradle/verification-keyring.keys
@@ -833,6 +833,51 @@ TRQWLA7F3f/cHDEcbXPURDwC
-----END PGP PUBLIC KEY BLOCK-----
+pub 21939FF0CA2A6567
+uid Alex Herbert (CODE SIGNING KEY) <aherbert@apache.org>
+
+sub A98BD25BE464EA45
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBFxmwqABEADNTTxqFiBcLLQwARbc0bmPUlxFl0A0Di9dTycUEjn0wTGS2xgF
+dFxWomZd8R4b/lVb9jHf0r+AEul7U7sBoKinjwk0EuPDAZK5PEy3P8ILcAulwQqW
+8lc+lnjGsmTG6GBecCQMEXeRPZv3DM4kUkljBFG7nDiFLNPfdSQqovZFTsQmmepA
+EUu/t6y0GRrsbbTMipWJtVR+J4aGKX6kJlYgB2Nja1mbaTrI77KupK/VYzi6k6Kk
+tzyxzqapJVDCLS4ypBH2JJLKSWWGghcgoVfeXtmB6iAki/nFNSRQODGru32lnLkU
+0toprQkEh+TM8giT7Ph30VKlBqruNq43qxWZso0GYNrKxStvVB2+CA95oLAyROtG
+6QrePLKkkgW1uQDN3e4iluPirLkd+QoZ4jJku44LyW/dJE63wGUKzlMIPZSb+joq
+730rqovBSayI+snQjvJv2ImfO48yGsx0Gaojv+hKhgPTjKNzQo+QxqhWV3AWHjFn
+j6vwSjDYkx45OSKEZSwfkr4AHHnvYMVb3sFuyM1a6/nQdhsGu5cc9mGvNKmXE71U
+ArDBDq1w129pi3qttrCwxXdUdTE/PtnvQyaKlVX9lD5QLORD1Pis62p4t9CEr+x+
+BaZZdy7PeLAV8pobv7H7jpfhVWnb6SrLfhokA3Uy3gMyfcq9dmIs6iteKQARAQAB
+tDVBbGV4IEhlcmJlcnQgKENPREUgU0lHTklORyBLRVkpIDxhaGVyYmVydEBhcGFj
+aGUub3JnPrkCDQRcZsKgARAA26nkY8QpNQFu/NK31KQ7AkAzYQFBtnvHz2wKgxX0
+WtZ2zoDQaVBfXeoTvlKmMcSx/MULVFvcfzP7+4RHRINcwlDFFOr0iKSrRIOHLUhG
+7/VZbDDN2agUOO0qTJplUj5bF4qfD6hAV+bIX7/K8QqaB7YB2K5D4RoSHRAKIOyc
+HJc+Q4MAeXLdlWBCa2xx/3FiBdu0AF2gBaYc7KVdpEZYK6yAURC/j3rj0SVCSmDc
+W07syOg2WckCRGfCWXJk6kRCnFRfeJJTKteUW3xUaYqHQ1yvd1GKduyzDlWKvb2D
+sl5zyKQJortt/iXCGZUHv1DG9se81xViSTvvoKQfLG7sa4RgoZeotpBhlBOCWFO0
+XAwOmIGazxSSwLj/j+ecYVyOCZdDh3S5SUfcrYFofAeGeECtNyOag5tglQ1zli7W
+9Grahi+M1qFJ4ZLHk8p0Teukb+gqMQEP6NZ+zeBrxv8ixjZHAgWTu0KQsX4ajk+/
+DqrRb2zl6DAA3f3ExYjSj9Ds2BIqsrLtOqw/cyQgEqKwBCz5lm3HHED9BchSooEc
+PGMIx/jJalNI9hb7cP+aPgLMtk+f+Gh/DyfL8taZ5xUit6jxJQf1oKR445IW9IDC
+hpcvHrLclcAAe7JxgsRe1+w3HSq6wd6XVmZMdFAlfuS04U1beXiHj4jFMED180yr
+gwUAEQEAAYkCHwQYAQIACQUCXGbCoAIbDAAKCRAhk5/wyiplZ8j8EACytQj6GJMH
+EYbBF+zvdmLMnnX35eXsI/pEFo83iI6yJMPrqFu9v0xMx0WYP95qSEhJYYrjed0K
+GUO+/VZKI0fR9qtKC5+JdTN98vFTFuUtWK4x+1G8YlKZHjJETyWsjpScAt9C9HtL
+aUk653Tu5qB788TCZDSp3uV824W8LgccQ5bTWMfslnAO9c8i4qx1e5ob8pdbWmTv
+O8KFxZbPup45UXQ88XoyT0KvpVJSGzZ+0OFcRCk7XqQZGhdGhKpwGi/QQHikk5wn
+w27W1L0SmdBAfafFj6KLVLDQO3DYu4OmPBUpsgW93PYfh4gaXYsPdNEPXHNDoXv7
+DJIJZWWEKasjoH8hUPLCHahB8I46nJeGL0Th9rCMa8wm4P/fWAaudy+u579nM4f6
+oz8lEs/IYCLzrnqQRqlca6JgUU6wpLr0d0diXIbIxYfh8uS6y+inl8uDd2nqmnwa
+QHdHpSrPAWvUkuY2R7nd/iWDtt3i+dJgJVdpXaO9ItYYEl7jSn4RU6k/vHDQv1k9
+ABpc1kO4cUiT5IC3cj9ZFNgW8Rei23XRaFQ8eXcbaLhBwcXK8m00nNuZlMdGBdFu
+PGiPNb66a9ruAOlc35TcCH52AWNFVPlPVio51JQ0V4kn16Tk6pIHQX9kgMBzZwkj
+NblrOf6LII4Pqx0ip7s95q54JSpekQZ65g==
+=3q/e
+-----END PGP PUBLIC KEY BLOCK-----
+
+
pub 2606D7987FF1CD22
uid Jeff Davidson <jpd@google.com>
diff --git a/android/gradle/verification-metadata.xml b/android/gradle/verification-metadata.xml
index 5a85b40bb2..df8707401f 100644
--- a/android/gradle/verification-metadata.xml
+++ b/android/gradle/verification-metadata.xml
@@ -205,6 +205,7 @@
<trusting group="org.apache.commons"/>
</trusted-key>
<trusted-key id="B83EB43C8884D8D8B2320940C72D9D97378E9A64" group="com.github.triplet.gradle"/>
+ <trusted-key id="BC87A3FD0A54480F0BADBEBD21939FF0CA2A6567" group="commons-codec" name="commons-codec"/>
<trusted-key id="BCC135FC7ED8214F823D73E97FE9900F412D622E" group="com.google.flatbuffers" name="flatbuffers-java"/>
<trusted-key id="BDB5FA4FE719D787FB3D3197F6D4A1D411E9D1AE" group="^com[.]google($|([.].*))" regex="true"/>
<trusted-key id="C0612048F3393B80B22639B4F067A2FD751AE3E4" group="io.github.davidburstrom.contester" name="contester-breakpoint"/>
@@ -2964,72 +2965,11 @@
<sha256 value="edbabcaf6450a4f63eeffb9b6dd31bbf5d0940aed46c9afc14afa78dc2ea9e7e" origin="Generated by Gradle"/>
</artifact>
</component>
- <component group="com.esotericsoftware" name="minlog" version="1.3.1">
- <artifact name="minlog-1.3.1.jar">
- <sha256 value="5d4d632cfbebfe0a7644501cc303570b691406181bee65e9916b921c767d7c72" origin="Generated by Gradle"/>
- </artifact>
- </component>
<component group="com.facebook" name="ktfmt" version="0.53">
<artifact name="ktfmt-0.53.jar">
<sha256 value="8a65258b547ff3de28d62e8cd2989bafb543b49e165f10e85aaa91557fa55fc6" origin="Generated by Gradle"/>
</artifact>
</component>
- <component group="com.fasterxml.jackson.core" name="jackson-annotations" version="2.17.2">
- <artifact name="jackson-annotations-2.17.2.jar">
- <sha256 value="873a606e23507969f9bbbea939d5e19274a88775ea5a169ba7e2d795aa5156e1" origin="Generated by Gradle"/>
- </artifact>
- <artifact name="jackson-annotations-2.17.2.module">
- <sha256 value="28cc43e98e7881803e1e828521e38ab7aed2f977a36c2551dd1790f430f3ebcf" origin="Generated by Gradle"/>
- </artifact>
- </component>
- <component group="com.fasterxml.jackson.core" name="jackson-core" version="2.17.2">
- <artifact name="jackson-core-2.17.2.jar">
- <sha256 value="721a189241dab0525d9e858e5cb604d3ecc0ede081e2de77d6f34fa5779a5b46" origin="Generated by Gradle"/>
- </artifact>
- <artifact name="jackson-core-2.17.2.module">
- <sha256 value="38282fb75c733d2395dd34dc0b59eccbb43aa7cc31a21a2616baaa8afcb7f236" origin="Generated by Gradle"/>
- </artifact>
- </component>
- <component group="com.fasterxml.jackson.core" name="jackson-databind" version="2.17.2">
- <artifact name="jackson-databind-2.17.2.jar">
- <sha256 value="c04993f33c0f845342653784f14f38373d005280e6359db5f808701cfae73c0c" origin="Generated by Gradle"/>
- </artifact>
- <artifact name="jackson-databind-2.17.2.module">
- <sha256 value="f470bde8944d57d6b150caa8bf53bb982a99eb1d6591e731afcb972ab3dd771f" origin="Generated by Gradle"/>
- </artifact>
- </component>
- <component group="com.fasterxml.jackson.dataformat" name="jackson-dataformat-yaml" version="2.17.2">
- <artifact name="jackson-dataformat-yaml-2.17.2.jar">
- <sha256 value="941bcd8b1381bb3b0d726fab41624fa8ece0ee7b6cf2860ad95e8157ce673376" origin="Generated by Gradle"/>
- </artifact>
- <artifact name="jackson-dataformat-yaml-2.17.2.module">
- <sha256 value="b276d25157f88beea69d3f4434658564b71f31acde1d4b1a14f8984be953c343" origin="Generated by Gradle"/>
- </artifact>
- </component>
- <component group="com.fasterxml.jackson.datatype" name="jackson-datatype-jsr310" version="2.17.2">
- <artifact name="jackson-datatype-jsr310-2.17.2.jar">
- <sha256 value="9b80024a9822e70b07f6bb13824c76c137c1064a1b5eb518374ab141870fdbcc" origin="Generated by Gradle"/>
- </artifact>
- <artifact name="jackson-datatype-jsr310-2.17.2.module">
- <sha256 value="850e9b2edfab154d1b41501b0197351ad67a2baf7e4829a6566212200252a68d" origin="Generated by Gradle"/>
- </artifact>
- </component>
- <component group="com.fasterxml.jackson.module" name="jackson-module-afterburner" version="2.17.2">
- <artifact name="jackson-module-afterburner-2.17.2.jar">
- <sha256 value="5e442a2817a1e70038beed7d46f16d42b8f7ac0e6dd89e769f02f68d9c579ebf" origin="Generated by Gradle"/>
- </artifact>
- <artifact name="jackson-module-afterburner-2.17.2.module">
- <sha256 value="e3c8154af9d83b06dc70905f4d4c015291e513d07a8b04d4222ea2aa91c1b017" origin="Generated by Gradle"/>
- </artifact>
- </component>
- <component group="com.fasterxml.jackson.module" name="jackson-module-blackbird" version="2.17.2">
- <artifact name="jackson-module-blackbird-2.17.2.jar">
- <sha256 value="f5f7b3cd73726d353be4dc40405546b42bbef9d7c4379a89d1248564898e358a" origin="Generated by Gradle"/>
- </artifact>
- <artifact name="jackson-module-blackbird-2.17.2.module">
- <sha256 value="c8b4bbf43a57334e3a6def85013f2241a863bdd5f191b9f3e8a60280c19ced96" origin="Generated by Gradle"/>
- </artifact>
- </component>
<component group="com.github.ben-manes" name="gradle-versions-plugin" version="0.52.0">
<artifact name="gradle-versions-plugin-0.52.0.jar">
<sha256 value="cee8a151d2e0be9f3a85ca2e5d87a0da5c91a481edf1bc7f7b57b56308fd3c0d" origin="Generated by Gradle"/>
@@ -3038,16 +2978,6 @@
<sha256 value="afa70be4ed21eb8e9027684f15fa5e2975f3d2e46d22937bea39a10e48f79ddd" origin="Generated by Gradle"/>
</artifact>
</component>
- <component group="com.github.package-url" name="packageurl-java" version="1.5.0">
- <artifact name="packageurl-java-1.5.0.jar">
- <sha256 value="e45551727707acc0c56ac62d56964332ea0f138d6cc3656d988b9369150f5247" origin="Generated by Gradle"/>
- </artifact>
- </component>
- <component group="com.github.spullara.mustache.java" name="compiler" version="0.9.6">
- <artifact name="compiler-0.9.6.jar">
- <sha256 value="c4d697fd3619cb616cc5e22e9530c8a4fd4a8e9a76953c0655ee627cb2d22318" origin="Generated by Gradle"/>
- </artifact>
- </component>
<component group="com.github.triplet.gradle" name="android-publisher" version="3.12.1">
<artifact name="android-publisher-3.12.1.jar">
<sha256 value="97b478e2a8c0a27e2256a58a182d8dd509b2c107b32d838f4d42cbb2c687dca5" origin="Generated by Gradle"/>
@@ -3250,11 +3180,6 @@
<sha256 value="d1f3c66aa91ac52549e00ae3b208ba4b9af7d72d68f230643553beb38e6118ac" origin="Generated by Gradle"/>
</artifact>
</component>
- <component group="com.google.errorprone" name="error_prone_annotations" version="2.26.1">
- <artifact name="error_prone_annotations-2.26.1.jar">
- <sha256 value="de25f2d9a2156529bd765f51d8efdfc0dfa7301e04efb9cc75b7f10cf5d0e0fb" origin="Generated by Gradle"/>
- </artifact>
- </component>
<component group="com.google.errorprone" name="error_prone_annotations" version="2.30.0">
<artifact name="error_prone_annotations-2.30.0.jar">
<sha256 value="144f3aefbd6e27daec55d3753b2c6b13c1afdaf0cf04816cdb564588ed92f1bd" origin="Generated by Gradle"/>
@@ -3318,14 +3243,6 @@
<sha256 value="f5fff7642c12e7627bc14289fd267e2602c17f9590e23522c3e63107f61c2942" origin="Generated by Gradle"/>
</artifact>
</component>
- <component group="com.google.guava" name="guava" version="33.2.1-jre">
- <artifact name="guava-33.2.1-jre.jar">
- <sha256 value="452b2d9787b7d366fa8cf5ed9a1c40404542d05effa7a598da03bbbbb76d9f31" origin="Generated by Gradle"/>
- </artifact>
- <artifact name="guava-33.2.1-jre.module">
- <sha256 value="d23eda6a1c2c0bd25f8a3346cddeec43b51f75bf819b931eaa98326ea6447422" origin="Generated by Gradle"/>
- </artifact>
- </component>
<component group="com.google.guava" name="guava" version="33.3.1-android">
<artifact name="guava-33.3.1-android.jar">
<sha256 value="2c3e41d1b380f2044d257947a3aa82dabf3ae4b978622745254aa18b6cf89ab0" origin="Generated by Gradle"/>
@@ -3471,21 +3388,6 @@
<sha256 value="757bfe906193b8b651e79dc26cd67d6b55d0770a2cdfb0381591504f779d4a76" origin="Generated by Gradle"/>
</artifact>
</component>
- <component group="com.h2database" name="h2" version="2.1.214">
- <artifact name="h2-2.1.214.jar">
- <sha256 value="d623cdc0f61d218cf549a8d09f1c391ff91096116b22e2475475fce4fbe72bd0" origin="Generated by Gradle"/>
- </artifact>
- </component>
- <component group="com.h3xstream.retirejs" name="retirejs-core" version="3.0.4">
- <artifact name="retirejs-core-3.0.4.jar">
- <sha256 value="ef429049b1e828bfce0a98869765a7f10d7daf41acb03201fcd3404f424d0c37" origin="Generated by Gradle"/>
- </artifact>
- </component>
- <component group="com.hankcs" name="aho-corasick-double-array-trie" version="1.2.3">
- <artifact name="aho-corasick-double-array-trie-1.2.3.jar">
- <sha256 value="564f0fc690d50702a313510b9a72e9505ace6e81108e84f65de4feb0da244eb8" origin="Generated by Gradle"/>
- </artifact>
- </component>
<component group="com.jakewharton.android.repackaged" name="dalvik-dx" version="9.0.0_r3">
<artifact name="dalvik-dx-9.0.0_r3.jar">
<sha256 value="b29c1c21e52ed6238cd3fed39d880a17ecf2360118604548cea8821be6801e1c" origin="Generated by Gradle"/>
@@ -3507,11 +3409,6 @@
<sha256 value="84b26973004dad1f990279400f29bbc7130cda8e1e9925239ebb71f42bb5f1d4" origin="Generated by Gradle"/>
</artifact>
</component>
- <component group="com.moandjiezana.toml" name="toml4j" version="0.7.2">
- <artifact name="toml4j-0.7.2.jar">
- <sha256 value="f5475e63e7e89e5db62223489aec7a56bd303543772077a17c2cb54c19ca3a20" origin="Generated by Gradle"/>
- </artifact>
- </component>
<component group="com.ncorti.ktfmt.gradle" name="plugin" version="0.21.0">
<artifact name="plugin-0.21.0.jar">
<sha256 value="68a17af8ec1b9e5c305dec02b76eca40d63de2d4da9f07860f00d931f53fb99f" origin="Generated by Gradle"/>
@@ -3520,11 +3417,6 @@
<sha256 value="3414537fd7a6294ad9b9516e481b2ebeb535f5ab58f97bc309025230f48da9e3" origin="Generated by Gradle"/>
</artifact>
</component>
- <component group="com.samskivert" name="jmustache" version="1.15">
- <artifact name="jmustache-1.15.jar">
- <sha256 value="1aeb96b9dc17bc29540b8c3342e8e91ee974d5c604165ecd469dd76b041c250c" origin="Generated by Gradle"/>
- </artifact>
- </component>
<component group="com.squareup" name="javapoet" version="1.10.0">
<artifact name="javapoet-1.10.0.jar">
<sha256 value="20ef4b82e43ff7c652281a21313cf3b941092467add3fa73509c26f6969efdab" origin="Generated by Gradle"/>
@@ -3742,11 +3634,6 @@
<sha256 value="056f3a1e144409f21ed16afc26805f58e9a21f3fce1543c42d400719d250c511" origin="Generated by Gradle"/>
</artifact>
</component>
- <component group="com.vaadin.external.google" name="android-json" version="0.0.20131108.vaadin1">
- <artifact name="android-json-0.0.20131108.vaadin1.jar">
- <sha256 value="dfb7bae2f404cfe0b72b4d23944698cb716b7665171812a0a4d0f5926c0fac79" origin="Generated by Gradle"/>
- </artifact>
- </component>
<component group="commons-beanutils" name="commons-beanutils" version="1.9.4">
<artifact name="commons-beanutils-1.9.4.jar">
<sha256 value="7d938c81789028045c08c065e94be75fc280527620d5bd62b519d5838532368a" origin="Generated by Gradle"/>
@@ -3757,9 +3644,9 @@
<sha256 value="4241dfa94e711d435f29a4604a3e2de5c4aa3c165e23bd066be6fc1fc4309569" origin="Generated by Gradle"/>
</artifact>
</component>
- <component group="commons-codec" name="commons-codec" version="1.17.1">
- <artifact name="commons-codec-1.17.1.jar">
- <sha256 value="f9f6cb103f2ddc3c99a9d80ada2ae7bf0685111fd6bffccb72033d1da4e6ff23" origin="Generated by Gradle"/>
+ <component group="commons-codec" name="commons-codec" version="1.15">
+ <artifact name="commons-codec-1.15.jar">
+ <sha256 value="b3e9f6d63a790109bf0d056611fbed1cf69055826defeb9894a71369d246ed63" origin="Generated by Gradle"/>
</artifact>
</component>
<component group="commons-collections" name="commons-collections" version="3.2.2">
@@ -3777,11 +3664,6 @@
<sha256 value="671eaa39688dac2ffaa4645b3c9980ae2d0ea2471e4ae6a5da199cd15ae23666" origin="Generated by Gradle"/>
</artifact>
</component>
- <component group="commons-io" name="commons-io" version="2.16.1">
- <artifact name="commons-io-2.16.1.jar">
- <sha256 value="f41f7baacd716896447ace9758621f62c1c6b0a91d89acee488da26fc477c84f" origin="Generated by Gradle"/>
- </artifact>
- </component>
<component group="commons-logging" name="commons-logging" version="1.2">
<artifact name="commons-logging-1.2.jar">
<sha256 value="daddea1ea0be0f56978ab3006b8ac92834afeefbd9b7e4e6316fca57df0fa636" origin="Generated by Gradle"/>
@@ -4000,22 +3882,6 @@
<sha256 value="9990a2039778f6b4cc94790141c2868864eacee0620c6c459451121a901cd5b5" origin="Generated by Gradle"/>
</artifact>
</component>
- <component group="io.github.jeremylong" name="jcs3-slf4j" version="1.0.5">
- <artifact name="jcs3-slf4j-1.0.5.jar">
- <sha256 value="5b2129a9115d17c9fb65b143f375ab0c15f850248fd5aa0f3307d2cc618df09b" origin="Generated by Gradle"/>
- </artifact>
- <artifact name="jcs3-slf4j-1.0.5.module">
- <sha256 value="5c15b09d4344c64b9b1fe2f38d247467e4b775a5908a4c4af9f01f8fd7a14ecf" origin="Generated by Gradle"/>
- </artifact>
- </component>
- <component group="io.github.jeremylong" name="open-vulnerability-clients" version="6.1.7">
- <artifact name="open-vulnerability-clients-6.1.7.jar">
- <sha256 value="1d037f9461f4ee3d5013c3bb81a2bd6efebde8751fc9c7db36f1354df7b6d3a2" origin="Generated by Gradle"/>
- </artifact>
- <artifact name="open-vulnerability-clients-6.1.7.module">
- <sha256 value="17f21d9805d82024a325f1bce5e00924f5728c8f3e4f59a5a99a78aafe8304f3" origin="Generated by Gradle"/>
- </artifact>
- </component>
<component group="io.github.raamcosta.compose-destinations" name="codegen" version="2.1.0-beta15">
<artifact name="codegen-2.1.0-beta15.jar">
<sha256 value="4c1ba3c51dfaebd74173f6a5d3a92abaa8268f10eb42e90167ceb6651388c53e" origin="Generated by Gradle"/>
@@ -4867,21 +4733,11 @@
<sha256 value="8b0a0f52fa8b05c5431921a063ed866efaa41dadf2e3a7ee3e1961f2b0d9645b" origin="Generated by Gradle"/>
</artifact>
</component>
- <component group="jakarta.transaction" name="jakarta.transaction-api" version="1.3.3">
- <artifact name="jakarta.transaction-api-1.3.3.jar">
- <sha256 value="0b02a194dd04ee2e192dc9da9579e10955dd6e8ac707adfc91d92f119b0e67ab" origin="Generated by Gradle"/>
- </artifact>
- </component>
<component group="jakarta.xml.bind" name="jakarta.xml.bind-api" version="2.3.2">
<artifact name="jakarta.xml.bind-api-2.3.2.jar">
<sha256 value="69156304079bdeed9fc0ae3b39389f19b3cc4ba4443bc80508995394ead742ea" origin="Generated by Gradle"/>
</artifact>
</component>
- <component group="javax.activation" name="javax.activation-api" version="1.2.0">
- <artifact name="javax.activation-api-1.2.0.jar">
- <sha256 value="43fdef0b5b6ceb31b0424b208b930c74ab58fac2ceeb7b3f6fd3aeb8b5ca4393" origin="Generated by Gradle"/>
- </artifact>
- </component>
<component group="javax.annotation" name="javax.annotation-api" version="1.3.2">
<artifact name="javax.annotation-api-1.3.2.jar">
<sha256 value="e04ba5195bcd555dc95650f7cc614d151e4bcd52d29a10b8aa2197f3ab89ab9b" origin="Generated by Gradle"/>
@@ -4892,21 +4748,6 @@
<sha256 value="91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ff" origin="Generated by Gradle"/>
</artifact>
</component>
- <component group="javax.ws.rs" name="javax.ws.rs-api" version="2.0.1">
- <artifact name="javax.ws.rs-api-2.0.1.jar">
- <sha256 value="38607d626f2288d8fbc1b1f8a62c369e63806d9a313ac7cbc5f9d6c94f4b466d" origin="Generated by Gradle"/>
- </artifact>
- </component>
- <component group="javax.xml.bind" name="jaxb-api" version="2.3.1">
- <artifact name="jaxb-api-2.3.1.jar">
- <sha256 value="88b955a0df57880a26a74708bc34f74dcaf8ebf4e78843a28b50eae945732b06" origin="Generated by Gradle"/>
- </artifact>
- </component>
- <component group="joda-time" name="joda-time" version="2.10.4">
- <artifact name="joda-time-2.10.4.jar">
- <sha256 value="ac6fda8989775776f428df8b5a4517cdb06d923465abf9bda0746ec07dfcc657" origin="Generated by Gradle"/>
- </artifact>
- </component>
<component group="joda-time" name="joda-time" version="2.13.0">
<artifact name="joda-time-2.13.0.jar">
<sha256 value="a9b450d96d90616f9fe5657a29385b4d0077f99f8bc80841f93e2545a3cd623e" origin="Generated by Gradle"/>
@@ -4932,11 +4773,6 @@
<sha256 value="461ec3017f1445b0af42d4e5f08eb6f5032fa4039ad737f3fcc4b2a12a38f984" origin="Generated by Gradle"/>
</artifact>
</component>
- <component group="net.gpedro.integrations.slack" name="slack-webhook" version="1.4.0">
- <artifact name="slack-webhook-1.4.0.jar">
- <sha256 value="b9a660e20beab43392847d922c13045c5319eccabf4292b96ff91a74ee8d9865" origin="Generated by Gradle"/>
- </artifact>
- </component>
<component group="net.java.dev.jna" name="jna" version="5.6.0">
<artifact name="jna-5.6.0.jar">
<sha256 value="5557e235a8aa2f9766d5dc609d67948f2a8832c2d796cea9ef1d6cbe0b3b7eaf" origin="Generated by Gradle"/>
@@ -4957,51 +4793,11 @@
<sha256 value="f264dd9f79a1fde10ce5ecc53221eff24be4c9331c830b7d52f2f08a7b633de2" origin="Generated by Gradle"/>
</artifact>
</component>
- <component group="org.anarres.jdiagnostics" name="jdiagnostics" version="1.0.7">
- <artifact name="jdiagnostics-1.0.7.jar">
- <sha256 value="7c7fe5347ce2d147ff7bc372f4b2e110d60261fb0f2809e719e3c56ca52ee3d7" origin="Generated by Gradle"/>
- </artifact>
- </component>
- <component group="org.apache.commons" name="commons-collections4" version="4.4">
- <artifact name="commons-collections4-4.4.jar">
- <sha256 value="1df8b9430b5c8ed143d7815e403e33ef5371b2400aadbe9bda0883762e0846d1" origin="Generated by Gradle"/>
- </artifact>
- </component>
<component group="org.apache.commons" name="commons-compress" version="1.21">
<artifact name="commons-compress-1.21.jar">
<sha256 value="6aecfd5459728a595601cfa07258d131972ffc39b492eb48bdd596577a2f244a" origin="Generated by Gradle"/>
</artifact>
</component>
- <component group="org.apache.commons" name="commons-compress" version="1.27.0">
- <artifact name="commons-compress-1.27.0.jar">
- <sha256 value="50816a36aaaaa823247fe2e932b1f2d8aa026ca3515d9163c44be89fdb6b872b" origin="Generated by Gradle"/>
- </artifact>
- </component>
- <component group="org.apache.commons" name="commons-dbcp2" version="2.12.0">
- <artifact name="commons-dbcp2-2.12.0.jar">
- <sha256 value="9b81ea663b9db255bcec6b08a9245edd05bddb155c49343eef09b6d81558ed3e" origin="Generated by Gradle"/>
- </artifact>
- </component>
- <component group="org.apache.commons" name="commons-jcs3-core" version="3.2.1">
- <artifact name="commons-jcs3-core-3.2.1.jar">
- <sha256 value="12c6fe08223820089f60969b6088e6ac5d358aa872de78357585cdacb6c61049" origin="Generated by Gradle"/>
- </artifact>
- </component>
- <component group="org.apache.commons" name="commons-lang3" version="3.15.0">
- <artifact name="commons-lang3-3.15.0.jar">
- <sha256 value="4905090022def3809e97963832fc8b2421fda800853c94d3cdbf1ad3011d9756" origin="Generated by Gradle"/>
- </artifact>
- </component>
- <component group="org.apache.commons" name="commons-pool2" version="2.12.0">
- <artifact name="commons-pool2-2.12.0.jar">
- <sha256 value="6d3bd18df8410f3e31b031aca582cc109342358a62a2759ebd0c4cdf30d06f8b" origin="Generated by Gradle"/>
- </artifact>
- </component>
- <component group="org.apache.commons" name="commons-text" version="1.12.0">
- <artifact name="commons-text-1.12.0.jar">
- <sha256 value="de023257ff166044a56bd1aa9124e843cd05dac5806cc705a9311f3556d5a15f" origin="Generated by Gradle"/>
- </artifact>
- </component>
<component group="org.apache.httpcomponents" name="httpclient" version="4.5.14">
<artifact name="httpclient-4.5.14.jar">
<sha256 value="c8bc7e1c51a6d4ce72f40d2ebbabf1c4b68bfe76e732104b04381b493478e9d6" origin="Generated by Gradle"/>
@@ -5022,51 +4818,6 @@
<sha256 value="0b2b1102c18d3c7e05a77214b9b7501a6f6056174ae5604e0e256776eda7553e" origin="Generated by Gradle"/>
</artifact>
</component>
- <component group="org.apache.httpcomponents.client5" name="httpclient5" version="5.3.1">
- <artifact name="httpclient5-5.3.1.jar">
- <sha256 value="08346a757c617f6ecc66af9f099260adde1f3a1351fa81cb22fc17482b31f823" origin="Generated by Gradle"/>
- </artifact>
- </component>
- <component group="org.apache.httpcomponents.core5" name="httpcore5" version="5.2.4">
- <artifact name="httpcore5-5.2.4.jar">
- <sha256 value="a7f62496113f66f9e27c26b84c44f5ce4555c6270083cdf2d45f255336cd52af" origin="Generated by Gradle"/>
- </artifact>
- </component>
- <component group="org.apache.httpcomponents.core5" name="httpcore5-h2" version="5.2.4">
- <artifact name="httpcore5-h2-5.2.4.jar">
- <sha256 value="dc1a95e73eb04db93451533d390ce02c53b301a10dc343d08c862f2934b3d30e" origin="Generated by Gradle"/>
- </artifact>
- </component>
- <component group="org.apache.lucene" name="lucene-analyzers-common" version="8.11.3">
- <artifact name="lucene-analyzers-common-8.11.3.jar">
- <sha256 value="99392f2d8acb9a9e8676951f96b0c191604c541d3f2bf623c60f1801dfa2b1b9" origin="Generated by Gradle"/>
- </artifact>
- </component>
- <component group="org.apache.lucene" name="lucene-core" version="8.11.3">
- <artifact name="lucene-core-8.11.3.jar">
- <sha256 value="a28ab240d1894806dc7d26dfc19606065baf0f39b08233fd9ed7898f38e55f48" origin="Generated by Gradle"/>
- </artifact>
- </component>
- <component group="org.apache.lucene" name="lucene-queries" version="8.11.3">
- <artifact name="lucene-queries-8.11.3.jar">
- <sha256 value="a51bf95e88507bb855dce62e634902bfa4efb6b8e2e9e673a3bb85c146f8ee25" origin="Generated by Gradle"/>
- </artifact>
- </component>
- <component group="org.apache.lucene" name="lucene-queryparser" version="8.11.3">
- <artifact name="lucene-queryparser-8.11.3.jar">
- <sha256 value="5a2fff4cbc3ea6b0dfe1bb66034ddc9875e7a78a15cc0fbbeca97526ec857136" origin="Generated by Gradle"/>
- </artifact>
- </component>
- <component group="org.apache.lucene" name="lucene-sandbox" version="8.11.3">
- <artifact name="lucene-sandbox-8.11.3.jar">
- <sha256 value="aa6da440f02d8b36915cf56d2aec6d6a31cee75d9476da16567b046ee362ecae" origin="Generated by Gradle"/>
- </artifact>
- </component>
- <component group="org.apache.velocity" name="velocity-engine-core" version="2.3">
- <artifact name="velocity-engine-core-2.3.jar">
- <sha256 value="b086cee8fd8183e240b4afcf54fe38ec33dd8eb0da414636e5bf7aa4d9856629" origin="Generated by Gradle"/>
- </artifact>
- </component>
<component group="org.apiguardian" name="apiguardian-api" version="1.1.2">
<artifact name="apiguardian-api-1.1.2.jar">
<sha256 value="b509448ac506d607319f182537f0b35d71007582ec741832a1f111e5b5b70b38" origin="Generated by Gradle"/>
@@ -5080,11 +4831,6 @@
<sha256 value="808fb3166f3e67dad9811c331029ab1681242fd52b735bc3f33f281167fcc72e" origin="Generated by Gradle"/>
</artifact>
</component>
- <component group="org.bouncycastle" name="bcpg-jdk18on" version="1.71">
- <artifact name="bcpg-jdk18on-1.71.jar">
- <sha256 value="57f9ab76a8358abbea90ba1ef8e553b8ae3d07b2337078a4ca20b1cbd48b4ec5" origin="Generated by Gradle"/>
- </artifact>
- </component>
<component group="org.bouncycastle" name="bcpkix-jdk18on" version="1.77">
<artifact name="bcpkix-jdk18on-1.77.jar">
<sha256 value="1ac7fe8efd5b2f38cdc165be5a0675734fe44808dab92707201f03a535d6f1b8" origin="Generated by Gradle"/>
@@ -5116,14 +4862,6 @@
<sha256 value="7258a769dcaa26b98154d229d85cc72e5b3666b0bcb637d2daf16ec498956638" origin="Generated by Gradle"/>
</artifact>
</component>
- <component group="org.checkerframework" name="checker-qual" version="3.42.0">
- <artifact name="checker-qual-3.42.0.jar">
- <sha256 value="ccaedd33af0b7894d9f2f3b644f4d19e43928e32902e61ac4d10777830f5aac7" origin="Generated by Gradle"/>
- </artifact>
- <artifact name="checker-qual-3.42.0.module">
- <sha256 value="e0fa622b7de63eae11047ef6e91b4c2ad0f1f0e13cb903ff52080a47f57a5746" origin="Generated by Gradle"/>
- </artifact>
- </component>
<component group="org.checkerframework" name="checker-qual" version="3.43.0">
<artifact name="checker-qual-3.43.0.jar">
<sha256 value="3fbc2e98f05854c3df16df9abaa955b91b15b3ecac33623208ed6424640ef0f6" origin="Generated by Gradle"/>
@@ -5147,21 +4885,6 @@
<sha256 value="c720e6e5bcbe6b2f48ded75a47bccdb763eede79d14330102e0d352e3d89ed92" origin="Generated by Gradle"/>
</artifact>
</component>
- <component group="org.eclipse.packager" name="packager-core" version="0.19.0">
- <artifact name="packager-core-0.19.0.jar">
- <sha256 value="f57988a8b36da005353ba5d5a3414766e198aa54e1fb7d363aff1e3dd847d48a" origin="Generated by Gradle"/>
- </artifact>
- </component>
- <component group="org.eclipse.packager" name="packager-rpm" version="0.19.0">
- <artifact name="packager-rpm-0.19.0.jar">
- <sha256 value="f2550b2f4eb1d667e766815d98a3d43c95a3de7e68cb19065515980be689f13d" origin="Generated by Gradle"/>
- </artifact>
- </component>
- <component group="org.glassfish" name="javax.json" version="1.1.4">
- <artifact name="javax.json-1.1.4.jar">
- <sha256 value="17fdeb7e22375a7fb40bb0551306f6dcf2b5743078668adcdf6c642c9a9ec955" origin="Generated by Gradle"/>
- </artifact>
- </component>
<component group="org.glassfish.jaxb" name="jaxb-runtime" version="2.3.2">
<artifact name="jaxb-runtime-2.3.2.jar">
<sha256 value="e6e0a1e89fb6ff786279e6a0082d5cef52dc2ebe67053d041800737652b4fd1b" origin="Generated by Gradle"/>
@@ -6366,21 +6089,6 @@
<sha256 value="0ff70e2131f2a6575822f7611c05e283c4ae08173303f410494cb41289bd3ef6" origin="Generated by Gradle"/>
</artifact>
</component>
- <component group="org.jsoup" name="jsoup" version="1.17.2">
- <artifact name="jsoup-1.17.2.jar">
- <sha256 value="f60b33b38e9d7ac93eaaa68a6c70f706bb99036494b2e2add2bfee11d09ac6f5" origin="Generated by Gradle"/>
- </artifact>
- </component>
- <component group="org.junit" name="junit-bom" version="5.10.0">
- <artifact name="junit-bom-5.10.0.module">
- <sha256 value="eb3ee6127608010694a898056e7407d117296003aba5f5db801df430b9887fcf" origin="Generated by Gradle"/>
- </artifact>
- </component>
- <component group="org.junit" name="junit-bom" version="5.10.1">
- <artifact name="junit-bom-5.10.1.module">
- <sha256 value="21b0afcfffe2ecb3770f5eb00ae7a19feaee94e771fa3918173850dae78067b7" origin="Generated by Gradle"/>
- </artifact>
- </component>
<component group="org.junit" name="junit-bom" version="5.10.2">
<artifact name="junit-bom-5.10.2.module">
<sha256 value="de23b114b3e4119a8fe6eb17bed5a3852816698bace67071579d6d927ebb080a" origin="Generated by Gradle"/>
@@ -6391,11 +6099,6 @@
<sha256 value="8f632f8965e9b6f4069e3d58b9ea26b9a5bc76a98e89b43233777ace6dadb237" origin="Generated by Gradle"/>
</artifact>
</component>
- <component group="org.junit" name="junit-bom" version="5.11.0-M2">
- <artifact name="junit-bom-5.11.0-M2.module">
- <sha256 value="86477abcf490d6ca059aa9973cb108d22a506f49d1a5569bb32cc6cbf43c2cce" origin="Generated by Gradle"/>
- </artifact>
- </component>
<component group="org.junit" name="junit-bom" version="5.11.1">
<artifact name="junit-bom-5.11.1.module">
<sha256 value="e362fb8167202d6f0d4a5b16707c5324510fd2903d53649888c4496ac81c337e" origin="Generated by Gradle"/>
@@ -6580,32 +6283,9 @@
<sha256 value="37a6414d36641973f1af104937c95d6d921b2ddb4d612c66c5a9f2b13fc14211" origin="Generated by Gradle"/>
</artifact>
</component>
- <component group="org.owasp" name="dependency-check-core" version="10.0.4">
- <artifact name="dependency-check-core-10.0.4.jar">
- <sha256 value="46608cb7b45fa42b0d902f264eadfc7ecad01da00764b37d0a6c49a257a30aae" origin="Generated by Gradle"/>
- </artifact>
- </component>
- <component group="org.owasp" name="dependency-check-gradle" version="10.0.4">
- <artifact name="dependency-check-gradle-10.0.4.jar">
- <sha256 value="16eb74f015d1ed54eebb826db03f45790a9c92ac6590cfe7ff59ad670b96a14e" origin="Generated by Gradle"/>
- </artifact>
- <artifact name="dependency-check-gradle-10.0.4.module">
- <sha256 value="3494c8e433828dadc76e1ca2117ef9d12d476a7e070a027271e0cee3cae03c50" origin="Generated by Gradle"/>
- </artifact>
- </component>
- <component group="org.owasp" name="dependency-check-utils" version="10.0.4">
- <artifact name="dependency-check-utils-10.0.4.jar">
- <sha256 value="71528712cde651f9f1d24f5d33b2dd6ec2ef9dd18f54dfb8e45a53ff8f54f12b" origin="Generated by Gradle"/>
- </artifact>
- </component>
- <component group="org.semver4j" name="semver4j" version="5.3.0">
- <artifact name="semver4j-5.3.0.jar">
- <sha256 value="dece0c947a8e10f62e1f4a417d462e6fe69c1a20fe07ac8d4e0cfe495cdc3dba" origin="Generated by Gradle"/>
- </artifact>
- </component>
- <component group="org.slf4j" name="slf4j-api" version="1.7.36">
- <artifact name="slf4j-api-1.7.36.jar">
- <sha256 value="d3ef575e3e4979678dc01bf1dcce51021493b4d11fb7f1be8ad982877c16a1c0" origin="Generated by Gradle"/>
+ <component group="org.slf4j" name="slf4j-api" version="1.7.30">
+ <artifact name="slf4j-api-1.7.30.jar">
+ <sha256 value="cdba07964d1bb40a0761485c6b1e8c2f8fd9eb1d19c53928ac0d7f9510105c57" origin="Generated by Gradle"/>
</artifact>
</component>
<component group="org.slf4j" name="slf4j-api" version="2.0.16">
@@ -6618,45 +6298,10 @@
<sha256 value="4053f878c171692aab8782f53a3974f43e55e2b6ed12c3682b36a46968c5ded1" origin="Generated by Gradle"/>
</artifact>
</component>
- <component group="org.sonatype.goodies" name="package-url-java" version="1.1.1">
- <artifact name="package-url-java-1.1.1.jar">
- <sha256 value="15297862342b494a535742fba90ea8a321cd13e1d0dc4c61b7a3b18ce385e1a8" origin="Generated by Gradle"/>
- </artifact>
- </component>
- <component group="org.sonatype.ossindex" name="ossindex-service-api" version="1.8.2">
- <artifact name="ossindex-service-api-1.8.2.jar">
- <sha256 value="61fb04e93cf2991718057956f92534cbf1494ed5e74250b9dfd6c012bc379aa8" origin="Generated by Gradle"/>
- </artifact>
- </component>
- <component group="org.sonatype.ossindex" name="ossindex-service-client" version="1.8.2">
- <artifact name="ossindex-service-client-1.8.2.jar">
- <sha256 value="ef692b99e11e558524036447daedf7cb98285407d4db7af579a5914c265f981b" origin="Generated by Gradle"/>
- </artifact>
- </component>
<component group="org.tensorflow" name="tensorflow-lite-metadata" version="0.1.0-rc2">
<artifact name="tensorflow-lite-metadata-0.1.0-rc2.jar">
<sha256 value="2c2a264f842498c36d34d2a7b91342490d9a962862c85baac1acd54ec2fca6d9" origin="Generated by Gradle"/>
</artifact>
</component>
- <component group="org.tukaani" name="xz" version="1.9">
- <artifact name="xz-1.9.jar">
- <sha256 value="211b306cfc44f8f96df3a0a3ddaf75ba8c5289eed77d60d72f889bb855f535e5" origin="Generated by Gradle"/>
- </artifact>
- </component>
- <component group="org.whitesource" name="pecoff4j" version="0.0.2.1">
- <artifact name="pecoff4j-0.0.2.1.jar">
- <sha256 value="847373828e0490babdfaed2b048ed3908dc1a8de82d4c8e6ebab9bfd0a294ed6" origin="Generated by Gradle"/>
- </artifact>
- </component>
- <component group="org.yaml" name="snakeyaml" version="2.2">
- <artifact name="snakeyaml-2.2.jar">
- <sha256 value="1467931448a0817696ae2805b7b8b20bfb082652bf9c4efaed528930dc49389b" origin="Generated by Gradle"/>
- </artifact>
- </component>
- <component group="us.springett" name="cpe-parser" version="2.1.0">
- <artifact name="cpe-parser-2.1.0.jar">
- <sha256 value="236563451f0923ee0e9ed0af0ceb72d2813300004fd4cb25b12eac128c56c476" origin="Generated by Gradle"/>
- </artifact>
- </component>
</components>
</verification-metadata>
diff --git a/android/test/e2e/build.gradle.kts b/android/test/e2e/build.gradle.kts
index 500a1e27cd..5fc0c600cf 100644
--- a/android/test/e2e/build.gradle.kts
+++ b/android/test/e2e/build.gradle.kts
@@ -136,15 +136,6 @@ androidComponents {
}
}
-configure<org.owasp.dependencycheck.gradle.extension.DependencyCheckExtension> {
- // Skip the lintClassPath configuration, which relies on many dependencies that has been flagged
- // to have CVEs, as it's related to the lint tooling rather than the project's compilation class
- // path. The alternative would be to suppress specific CVEs, however that could potentially
- // result in suppressed CVEs in project compilation class path.
- skipConfigurations = listOf("lintClassPath")
- suppressionFile = "$projectDir/../test-suppression.xml"
-}
-
dependencies {
implementation(projects.test.common)
implementation(projects.lib.endpoint)
diff --git a/android/test/mockapi/build.gradle.kts b/android/test/mockapi/build.gradle.kts
index 166a389553..a224b8c53f 100644
--- a/android/test/mockapi/build.gradle.kts
+++ b/android/test/mockapi/build.gradle.kts
@@ -61,15 +61,6 @@ android {
}
}
-configure<org.owasp.dependencycheck.gradle.extension.DependencyCheckExtension> {
- // Skip the lintClassPath configuration, which relies on many dependencies that has been flagged
- // to have CVEs, as it's related to the lint tooling rather than the project's compilation class
- // path. The alternative would be to suppress specific CVEs, however that could potentially
- // result in suppressed CVEs in project compilation class path.
- skipConfigurations = listOf("lintClassPath")
- suppressionFile = "$projectDir/../test-suppression.xml"
-}
-
dependencies {
implementation(projects.lib.endpoint)
implementation(projects.test.common)
diff --git a/android/test/test-suppression.xml b/android/test/test-suppression.xml
deleted file mode 100644
index cb6bd25a19..0000000000
--- a/android/test/test-suppression.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
- <suppress until="2024-09-01Z">
- <notes><![CDATA[
- False-positive related to Drupal rather than Android development.
- https://nvd.nist.gov/vuln/detail/CVE-2014-9152
- ]]></notes>
- <packageUrl regex="true">^pkg:maven/androidx\.test\.services/storage@.*$</packageUrl>
- <cve>CVE-2014-9152</cve>
- </suppress>
- <suppress until="2024-12-01Z">
- <notes><![CDATA[
- No impact on this app since it uses UDS rather than HTTP2.
- ]]></notes>
- <packageUrl regex="true">^pkg:maven/io\.grpc/grpc.*-stub@.*$</packageUrl>
- <cve>CVE-2023-32732</cve>
- <cve>CVE-2023-33953</cve>
- <cve>CVE-2023-44487</cve>
- </suppress>
- <suppress until="2024-12-01Z">
- <notes><![CDATA[
- Denial of service using protobuf.
- Should not be applicable since client and server are always in sync and we are only
- communicating locally over UDS.
- ]]></notes>
- <packageUrl regex="true">^pkg:maven/com\.google\.protobuf/protobuf-.*@.*$</packageUrl>
- <cve>CVE-2024-7254</cve>
- </suppress>
-</suppressions>
Copyright © 2025 - 2026 Wayne Cole. WTFPL. Attribution appreciated. No warranty. Not liable for bodily damages.