| Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
|
|
|
|
This fixes the following transitive CVEs in Compose:
- CVE-2022-3171
- CVE-2022-3510
However, the mentioned CVEs are still present via the
espresso-contrib dependency.
|
|
|
|
|
|
CVEs:
- CVE-2020-8908
- CVE-2021-37714
- CVE-2022-36033
|
|
|
|
|
|
This CVE has been fixed upstream.
|
|
This CVE affects the Apache Commons Net's FTP client that this app doesn't use.
https://www.openwall.com/lists/oss-security/2022/12/03/1
File names:
- commons-beanutils-1.9.4.jar
- commons-collections-3.2.2.jar
- commons-digester-2.1.jar
- commons-logging-1.2.jar
- commons-validator-1.7.jar
|
|
This suppression only affects the Android app.
The CVE will instead be tracked externally and will likely be mitigated
by either updating affected dependencies or by identifying that it
doesn't affect the app.
|
|
|
|
The CVE (CVE-2022-24329) only affects "Multiplatform Gradle Projects"
according to the CVE description, which this is not, and therefore it's
considered a false positive.
|