Merge pull request #1174 from corda/nargas-ritu-patch-1

CORE-5821: Updated snyk file with the latest reported issues
corda · Jul 11, 2023 · 148bf0a · 148bf0a
2 parents 3c97529 + 4071eac
commit 148bf0a
Showing 1 changed file with 5 additions and 23 deletions.
diff --git a/.snyk b/.snyk
@@ -2,23 +2,14 @@
 version: v1.25.0
 # ignores vulnerabilities until expiry date; change duration by modifying expiry date
 ignore:
- SNYK-JAVA-ORGJETBRAINSKOTLIN-2628385:
- - '*':
- reason: >-
- Gradle plugins use the version of Kotlin provided by Gradle itself, so
- it is not susceptible to this vulnerability. In addition, this is a 
- build-time vulnerability, released artifacts are not affected due to
- this.
- expires: 2022-10-22T10:40:55.991Z
- created: 2022-09-22T10:40:55.995Z
- SNYK-JAVA-ORGJETBRAINSKOTLIN-2393744:
+ SNYK-JAVA-ORGJETBRAINSKOTLIN-2393744:
  - '*':
  reason: >-
  This vulnerability relates to information exposure via creation of
  temporary files via Kotlin functions with insecure permissions. Corda
  does not use any of the vulnerable functions so it not susceptible to
  this vulnerability.
- expires: 2023-06-19T10:40:55.991Z
+ expires: 2023-10-19T10:40:55.991Z
  created: 2022-09-22T10:40:55.995Z
  SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424:
  - '*':
@@ -27,16 +18,7 @@ ignore:
  where this dependency originates, this is used at compile / build time
  only for Kdoc generation and not shipped in any of our releasable
  artifacts.
- expires: 2023-06-19T10:40:55.991Z
- created: 2022-12-20T10:40:55.995Z
- SNYK-JAVA-ORGJSOUP-2989728:
- - '*':
- reason: >-
- Corda5 Shippable artifacts do not make use of dokka-core, which is
- where this dependency originates, this is used at compile / build time
- only for Kdoc generation and not shipped in any of our releasable
- artifacts.
- expires: 2023-06-19T10:40:55.991Z
+ expires: 2023-10-19T10:40:55.991Z
  created: 2022-12-20T10:40:55.995Z
  SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426:
  - '*':
@@ -45,7 +27,7 @@ ignore:
  where this dependency originates, this is used at compile / build time
  only for Kdoc generation and not shipped in any of our releasable
  artifacts.
- expires: 2023-06-19T10:40:55.991Z
+ expires: 2023-10-19T10:40:55.991Z
  created: 2022-12-20T10:40:55.995Z
  SNYK-JAVA-COMFASTERXMLWOODSTOX-3091135:
  - '*':
@@ -54,6 +36,6 @@ ignore:
  where this dependency originates, this is used at compile / build time
  only for Kdoc generation and not shipped in any of our releasable
  artifacts.
- expires: 2023-06-19T13:28:02.582Z
+ expires: 2023-10-19T13:28:02.582Z
  created: 2023-03-20T13:28:02.597Z
 patch: {}