1
0
mirror of https://gitlab.com/fdroid/fdroidserver.git synced 2024-11-16 20:00:11 +01:00
Commit Graph

11 Commits

Author SHA1 Message Date
Hans-Christoph Steiner
3c03fef28f safety: clarify reason to ignore CVE 2024-09-09 15:52:28 +00:00
Hans-Christoph Steiner
d9e9618c56 gitlab-ci: port to Safety 3.x and move to own job
https://docs.safetycli.com/safety-docs/installation/gitlab
https://docs.safetycli.com/safety-docs/administration/safety-policy-files
2024-09-04 13:38:44 +00:00
Hans-Christoph Steiner
b1084c0b8a WIP safety: make CVE-2024-6345 just a warning 2024-09-04 13:38:44 +00:00
Hans-Christoph Steiner
ef247bc97a safety: make CVE-2024-5569 just a warning
We get these packages from Debian, zipp is not used in production, and its
only a DoS.
2024-09-04 13:38:44 +00:00
Hans-Christoph Steiner
6e489b78b3
safety: ignore false positive
jinja2 is not used by fdroidserver, nor any dependencies I could find via
debtree and pipdeptree.
2024-06-07 12:04:12 +02:00
Hans-Christoph Steiner
6bebd8b160
safety: ignore CVE-2018-20225, should never affect fdroidserver
https://data.safetycli.com/v/67599/97c
2024-05-13 10:33:37 +02:00
Hans-Christoph Steiner
b36153b06c
safety: ignore CVE-2024-22190 it only affects Windows
https://security-tracker.debian.org/tracker/CVE-2024-22190
2024-02-14 17:46:12 +01:00
Michael Pöhn
ac2a3896aa
🩹 fix bandit warning
F-Droid server doesn't fetch pip dependencies directly from mercurial/hg
repositories. So https://data.safetycli.com/v/62044/f17/ is not
affecting us. Hence we can ingore it.
2023-11-30 17:49:55 +01:00
Hans-Christoph Steiner
667567abb8
safety: ignore CVEs patched in Debian 2023-10-10 09:33:51 +02:00
Hans-Christoph Steiner
17cb026d97 safety: ignore 60350, it is being handled in Debian
* https://security-tracker.debian.org/tracker/CVE-2023-40267
2023-09-20 10:10:15 +02:00
Hans-Christoph Steiner
98769d8405 gitlab-ci: ignore setuptools DoS error from safety 2023-02-02 15:49:20 +01:00