2023-02-02 15:10:48 +01:00
|
|
|
---
|
|
|
|
|
|
|
|
security:
|
|
|
|
ignore-vulnerabilities:
|
|
|
|
52495:
|
|
|
|
reason: setuptools comes from Debian
|
|
|
|
expires: '2025-01-31'
|
2023-09-20 10:10:15 +02:00
|
|
|
60350:
|
|
|
|
reason: GitPython comes from Debian https://security-tracker.debian.org/tracker/CVE-2023-40267
|
|
|
|
expires: '2025-01-31'
|
2023-10-10 09:33:51 +02:00
|
|
|
60789:
|
|
|
|
reason: GitPython comes from Debian https://security-tracker.debian.org/tracker/CVE-2023-40590
|
|
|
|
expires: '2025-01-31'
|
|
|
|
60841:
|
|
|
|
reason: GitPython comes from Debian https://security-tracker.debian.org/tracker/CVE-2023-41040
|
|
|
|
expires: '2025-01-31'
|
2023-11-30 17:49:55 +01:00
|
|
|
62044:
|
|
|
|
reason: "F-Droid doesn't fetch pip dependencies directly from hg/mercurial repositories: https://data.safetycli.com/v/62044/f17/"
|
|
|
|
expires: '2025-01-31'
|
2024-02-14 17:46:09 +01:00
|
|
|
63687:
|
|
|
|
reason: Only affects Windows https://security-tracker.debian.org/tracker/CVE-2024-22190
|
|
|
|
expires: '2026-01-31'
|
2024-05-13 10:33:33 +02:00
|
|
|
67599:
|
|
|
|
reason: Only affects pip when using --extra-index-url, which is never the case in fdroidserver CI.
|
|
|
|
expires: '2026-05-31'
|
2024-06-07 12:04:07 +02:00
|
|
|
70612:
|
|
|
|
reason: jinja2 is not used by fdroidserver, nor any dependencies I could find via debtree and pipdeptree.
|
|
|
|
expires: '2026-05-31'
|