1
0
mirror of https://gitlab.com/fdroid/fdroidserver.git synced 2024-11-04 22:40:12 +01:00
fdroidserver/.safety-policy.yml
Michael Pöhn ac2a3896aa
🩹 fix bandit warning
F-Droid server doesn't fetch pip dependencies directly from mercurial/hg
repositories. So https://data.safetycli.com/v/62044/f17/ is not
affecting us. Hence we can ingore it.
2023-11-30 17:49:55 +01:00

20 lines
718 B
YAML

---
security:
ignore-vulnerabilities:
52495:
reason: setuptools comes from Debian
expires: '2025-01-31'
60350:
reason: GitPython comes from Debian https://security-tracker.debian.org/tracker/CVE-2023-40267
expires: '2025-01-31'
60789:
reason: GitPython comes from Debian https://security-tracker.debian.org/tracker/CVE-2023-40590
expires: '2025-01-31'
60841:
reason: GitPython comes from Debian https://security-tracker.debian.org/tracker/CVE-2023-41040
expires: '2025-01-31'
62044:
reason: "F-Droid doesn't fetch pip dependencies directly from hg/mercurial repositories: https://data.safetycli.com/v/62044/f17/"
expires: '2025-01-31'