summaryrefslogtreecommitdiffhomepage
path: root/android/config/dependency-check-suppression.xml
blob: 067a8c8d679f75c109dda545f5809ec2512133e5 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54

<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
    <suppress until="2024-05-01Z">
        <notes><![CDATA[
        This CVE only part of the debugAndroidTestRuntimeClasspath so suppressing in automatic
        checks and tracking externally.

        File name: guava-28.2-android.jar
        ]]></notes>
        <packageUrl regex="true">^pkg:maven/com\.google\.guava/guava@.*$</packageUrl>
        <cve>CVE-2020-8908</cve>
    </suppress>
    <suppress until="2024-03-01Z">
        <notes><![CDATA[
        This CVE only part of the debugAndroidTestRuntimeClasspath so suppressing in automatic
        checks and tracking externally.

        Fix released in: https://github.com/google/guava/releases/tag/v32.0.0

        File name: guava-28.2-android.jar
        ]]></notes>
        <packageUrl regex="true">^pkg:maven/com\.google\.guava/guava@.*$</packageUrl>
        <cve>CVE-2023-2976</cve>
    </suppress>
    <suppress until="2024-05-01Z">
        <notes><![CDATA[
        This CVE only part of the debugAndroidTestRuntimeClasspath so suppressing in automatic
        checks and tracking externally.

        File name: jsoup-1.12.2.jar
        ]]></notes>
        <packageUrl regex="true">^pkg:maven/org\.jsoup/jsoup@.*$</packageUrl>
        <cve>CVE-2022-36033</cve>
        <cve>CVE-2021-37714</cve>
    </suppress>
    <suppress until="2024-05-01Z">
        <notes><![CDATA[
        This CVE only affect Multiplatform Gradle Projects, which this project is not.
        https://nvd.nist.gov/vuln/detail/CVE-2022-24329
        ]]></notes>
        <packageUrl regex="true">^pkg:maven/org\.jetbrains\.kotlin/kotlin\-stdlib.*@.*$</packageUrl>
        <cve>CVE-2022-24329</cve>
    </suppress>
    <suppress until="2024-06-01Z">
        <notes><![CDATA[
        This CVE only affect the leakCanary build type which is limited to memory leak testing etc.
        This will most likely be solved by bumping to a future version of the leakcanary dependency
        where a fixed version of okio is used.
        https://nvd.nist.gov/vuln/detail/CVE-2023-3635
        ]]></notes>
        <packageUrl regex="true">^pkg:maven/com\.squareup\.okio/okio@.*$</packageUrl>
        <cve>CVE-2023-3635</cve>
    </suppress>
</suppressions>
Copyright © 2025 - 2026 Wayne Cole. WTFPL. Attribution appreciated. No warranty. Not liable for bodily damages.