Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CORE-5821: Updated snyk file with the latest reported issues #1174

Merged
merged 1 commit into from
Jul 11, 2023
Merged

CORE-5821: Updated snyk file with the latest reported issues #1174

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 5 additions & 23 deletions .snyk
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,23 +2,14 @@
version: v1.25.0
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
SNYK-JAVA-ORGJETBRAINSKOTLIN-2628385:
- '*':
reason: >-
Gradle plugins use the version of Kotlin provided by Gradle itself, so
it is not susceptible to this vulnerability. In addition, this is a
build-time vulnerability, released artifacts are not affected due to
this.
expires: 2022-10-22T10:40:55.991Z
created: 2022-09-22T10:40:55.995Z
SNYK-JAVA-ORGJETBRAINSKOTLIN-2393744:
SNYK-JAVA-ORGJETBRAINSKOTLIN-2393744:
- '*':
reason: >-
This vulnerability relates to information exposure via creation of
temporary files via Kotlin functions with insecure permissions. Corda
does not use any of the vulnerable functions so it not susceptible to
this vulnerability.
expires: 2023-06-19T10:40:55.991Z
expires: 2023-10-19T10:40:55.991Z
created: 2022-09-22T10:40:55.995Z
SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424:
- '*':
Expand All @@ -27,16 +18,7 @@ ignore:
where this dependency originates, this is used at compile / build time
only for Kdoc generation and not shipped in any of our releasable
artifacts.
expires: 2023-06-19T10:40:55.991Z
created: 2022-12-20T10:40:55.995Z
SNYK-JAVA-ORGJSOUP-2989728:
- '*':
reason: >-
Corda5 Shippable artifacts do not make use of dokka-core, which is
where this dependency originates, this is used at compile / build time
only for Kdoc generation and not shipped in any of our releasable
artifacts.
expires: 2023-06-19T10:40:55.991Z
expires: 2023-10-19T10:40:55.991Z
created: 2022-12-20T10:40:55.995Z
SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426:
- '*':
Expand All @@ -45,7 +27,7 @@ ignore:
where this dependency originates, this is used at compile / build time
only for Kdoc generation and not shipped in any of our releasable
artifacts.
expires: 2023-06-19T10:40:55.991Z
expires: 2023-10-19T10:40:55.991Z
created: 2022-12-20T10:40:55.995Z
SNYK-JAVA-COMFASTERXMLWOODSTOX-3091135:
- '*':
Expand All @@ -54,6 +36,6 @@ ignore:
where this dependency originates, this is used at compile / build time
only for Kdoc generation and not shipped in any of our releasable
artifacts.
expires: 2023-06-19T13:28:02.582Z
expires: 2023-10-19T13:28:02.582Z
created: 2023-03-20T13:28:02.597Z
patch: {}