From ef247bc97a78354be3aa3eb89f1c95c430d3486d Mon Sep 17 00:00:00 2001
From: Hans-Christoph Steiner <hans@eds.org>
Date: Mon, 19 Aug 2024 11:59:43 +0200
Subject: [PATCH] safety: make CVE-2024-5569 just a warning

We get these packages from Debian, zipp is not used in production, and its
only a DoS.
---
 .safety-policy.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.safety-policy.yml b/.safety-policy.yml
index 73283975..6324a25f 100644
--- a/.safety-policy.yml
+++ b/.safety-policy.yml
@@ -26,3 +26,6 @@ security:
     70612:
       reason: jinja2 is not used by fdroidserver, nor any dependencies I could find via debtree and pipdeptree.
       expires: '2026-05-31'
+    72132:
+      reason: We get these packages from Debian, zipp is not used in production, and its only a DoS.
+      expires: '2026-08-31'