summaryrefslogtreecommitdiffhomepage
path: root/android/config/dependency-check-suppression.xml
AgeCommit message (Collapse)AuthorFilesLines
2025-02-04Remove OWASP dependency check pluginAlbin1-59/+0
The OWASP DependencyCheck plugin has been replaced with `osv-scanner` which covers our use-case.
2025-02-03Bump dates of depependency check suppressionsJonatan Rhodin1-1/+1
2025-01-07Extend CVE suppressionDavid Göransson1-1/+1
2024-12-17Extend expiry dateDavid Göransson1-4/+4
2024-11-01Push suppression of CVE-2022-24329Albin1-1/+1
2024-10-04Suppress CVE-2024-47554Albin1-0/+7
2024-09-23Suppress CVE-2024-7254Jonatan Rhodin1-0/+9
2024-09-17Remove old false-postive CVE suppressionDavid Göransson1-8/+0
2024-09-17Extend CVE suppression for ksp false-positiveDavid Göransson1-1/+1
2024-06-27Suppress false-postive CVEDavid Göransson1-0/+7
2024-06-07Suppress gRPC CVEsAlbin1-0/+16
These CVEs are a combination of a false-positive and CVEs not affecting our app.
2024-06-07Remove outdated suppression for CVE-2023-3635Albin1-10/+0
2024-06-07Push suppression of CVE-2018-1000840Albin1-1/+1
Pushing the suppression a few months so that we can revisit it after bumping to K2.
2024-05-06Push suppression date for CVE-2022-24329Albin1-1/+1
Reasons: * Not affecting our project. * Transitive dependency that require update in upstream dependencies.
2024-05-06Remove outdated suppression rulesAlbin1-42/+0
2024-04-15Suppress Joda-Time CVE-2024-23080Albin1-0/+9
2024-03-12Suppress false-positive CVE-2014-9152Albin1-0/+8
2023-12-14Add compose destinations navigation dependencyDavid Göransson1-0/+9
2023-12-06Update CVE suppressionDavid Göransson1-1/+1
2023-11-06Push suppression date for unfixed non-critical CVEsAlbin1-3/+3
2023-09-14Push suppression date for CVE-2023-2976Albin1-1/+1
Pushing the suppression date since not much new information is available and no upstream release has been made of the affected library (espresso).
2023-07-27Suppress CVE-2023-3635Albin1-0/+10
2023-06-07Update gradle dependency suppressionsAlbin1-69/+7
2023-05-19Bump kotlin and agpAlbin1-0/+8
2023-05-03Push suppression review dateAlbin1-7/+7
New review date: 2023-06-01
2023-01-10Suppress CVE-2021-4277Albin1-0/+20
2022-12-16Update compose to 1.3.2Albin1-11/+0
This fixes the following transitive CVEs in Compose: - CVE-2022-3171 - CVE-2022-3510 However, the mentioned CVEs are still present via the espresso-contrib dependency.
2022-12-13Set CVE suppression expiration to 2023-05-01Albin1-8/+8
2022-12-13Suppress CVE-2022-3510Albin1-0/+1
2022-12-08Suppress test framework CVEsAlbin1-0/+40
CVEs: - CVE-2020-8908 - CVE-2021-37714 - CVE-2022-36033
2022-12-08Update suppression of CVE-2022-3171Albin1-1/+14
2022-12-08Update suppression of CVE-2021-22569Albin1-3/+5
2022-12-08Remove suppression of CVE-2022-24329Albin1-6/+0
This CVE has been fixed upstream.
2022-12-08Suppress CVE-2021-37533Albin1-0/+15
This CVE affects the Apache Commons Net's FTP client that this app doesn't use. https://www.openwall.com/lists/oss-security/2022/12/03/1 File names: - commons-beanutils-1.9.4.jar - commons-collections-3.2.2.jar - commons-digester-2.1.jar - commons-logging-1.2.jar - commons-validator-1.7.jar
2022-10-07Suppress CVE-2022-3171 from automatic audit checksAlbin1-0/+7
This suppression only affects the Android app. The CVE will instead be tracked externally and will likely be mitigated by either updating affected dependencies or by identifying that it doesn't affect the app.
2022-06-15Suppress false positive CVE-2021-22569Albin1-0/+8
2022-03-09Suppress false positive Android CVEAlbin1-0/+9
The CVE (CVE-2022-24329) only affects "Multiplatform Gradle Projects" according to the CVE description, which this is not, and therefore it's considered a false positive.
Copyright © 2025 - 2026 Wayne Cole. WTFPL. Attribution appreciated. No warranty. Not liable for bodily damages.