summaryrefslogtreecommitdiffhomepage
path: root/android/config
AgeCommit message (Collapse)AuthorFilesLines
2024-06-07Push suppression of CVE-2018-1000840Albin1-1/+1
Pushing the suppression a few months so that we can revisit it after bumping to K2.
2024-05-29Migrate to gRPCDavid Göransson1-11/+11
Co-authored-by: Jonatan Rhodin <jonatan.rhodin@mullvad.net> Co-authored-by: Markus Pettersson <markus.pettersson@mullvad.net> Co-authored-by: David Lönnhager <david.l@mullvad.net>
2024-05-06Push suppression date for CVE-2022-24329Albin1-1/+1
Reasons: * Not affecting our project. * Transitive dependency that require update in upstream dependencies.
2024-05-06Remove outdated suppression rulesAlbin1-42/+0
2024-04-15Suppress Joda-Time CVE-2024-23080Albin1-0/+9
2024-03-20Remove suppression of tapjackingJonatan Rhodin1-3/+0
2024-03-12Suppress false-positive CVE-2014-9152Albin1-0/+8
2024-02-19Allow any length for test namesJonatan Rhodin1-0/+1
2024-02-05Add baselineDavid Göransson1-0/+616
2024-02-05Apply custom compose, report and other detekt rulesDavid Göransson1-37/+163
2024-02-05Add default generated detekt configDavid Göransson1-0/+784
2023-12-14Add compose destinations navigation dependencyDavid Göransson1-0/+9
2023-12-06Update CVE suppressionDavid Göransson1-1/+1
2023-11-22Add mobsf config to suppress and document issuesAlbin1-0/+28
2023-11-06Push suppression date for unfixed non-critical CVEsAlbin1-3/+3
2023-09-14Push suppression date for CVE-2023-2976Albin1-1/+1
Pushing the suppression date since not much new information is available and no upstream release has been made of the affected library (espresso).
2023-07-27Suppress CVE-2023-3635Albin1-0/+10
2023-06-13Set lint to ignore typography ellipsis errorsJonatan Rhodin1-0/+2
2023-06-07Update gradle dependency suppressionsAlbin1-69/+7
2023-05-19Bump kotlin and agpAlbin1-0/+8
2023-05-15Ignore unused resource warning for stringsAlbin1-0/+3
2023-05-03Push suppression review dateAlbin1-7/+7
New review date: 2023-06-01
2023-03-28Ignore localization workflow related lint rulesAlbin1-1/+3
2023-03-16Ignore MissingTranslation issuesAlbin1-0/+2
2023-03-16Add empty lint configAlbin1-0/+3
2023-01-10Suppress CVE-2021-4277Albin1-0/+20
2022-12-16Update compose to 1.3.2Albin1-11/+0
This fixes the following transitive CVEs in Compose: - CVE-2022-3171 - CVE-2022-3510 However, the mentioned CVEs are still present via the espresso-contrib dependency.
2022-12-13Set CVE suppression expiration to 2023-05-01Albin1-8/+8
2022-12-13Suppress CVE-2022-3510Albin1-0/+1
2022-12-08Suppress test framework CVEsAlbin1-0/+40
CVEs: - CVE-2020-8908 - CVE-2021-37714 - CVE-2022-36033
2022-12-08Update suppression of CVE-2022-3171Albin1-1/+14
2022-12-08Update suppression of CVE-2021-22569Albin1-3/+5
2022-12-08Remove suppression of CVE-2022-24329Albin1-6/+0
This CVE has been fixed upstream.
2022-12-08Suppress CVE-2021-37533Albin1-0/+15
This CVE affects the Apache Commons Net's FTP client that this app doesn't use. https://www.openwall.com/lists/oss-security/2022/12/03/1 File names: - commons-beanutils-1.9.4.jar - commons-collections-3.2.2.jar - commons-digester-2.1.jar - commons-logging-1.2.jar - commons-validator-1.7.jar
2022-10-07Suppress CVE-2022-3171 from automatic audit checksAlbin1-0/+7
This suppression only affects the Android app. The CVE will instead be tracked externally and will likely be mitigated by either updating affected dependencies or by identifying that it doesn't affect the app.
2022-06-15Suppress false positive CVE-2021-22569Albin1-0/+8
2022-03-09Suppress false positive Android CVEAlbin1-0/+9
The CVE (CVE-2022-24329) only affects "Multiplatform Gradle Projects" according to the CVE description, which this is not, and therefore it's considered a false positive.
Copyright © 2025 - 2026 Wayne Cole. WTFPL. Attribution appreciated. No warranty. Not liable for bodily damages.