fdroidserver

mirror of https://github.com/f-droid/fdroidserver.git synced 2025-11-04 14:30:30 +03:00

Author	SHA1	Message	Date
Hans-Christoph Steiner	3c03fef28f	safety: clarify reason to ignore CVE	2024-09-09 15:52:28 +00:00
Hans-Christoph Steiner	d9e9618c56	gitlab-ci: port to Safety 3.x and move to own job https://docs.safetycli.com/safety-docs/installation/gitlab https://docs.safetycli.com/safety-docs/administration/safety-policy-files	2024-09-04 13:38:44 +00:00
Hans-Christoph Steiner	b1084c0b8a	WIP safety: make CVE-2024-6345 just a warning	2024-09-04 13:38:44 +00:00
Hans-Christoph Steiner	ef247bc97a	safety: make CVE-2024-5569 just a warning We get these packages from Debian, zipp is not used in production, and its only a DoS.	2024-09-04 13:38:44 +00:00
Hans-Christoph Steiner	6e489b78b3	safety: ignore false positive jinja2 is not used by fdroidserver, nor any dependencies I could find via debtree and pipdeptree.	2024-06-07 12:04:12 +02:00
Hans-Christoph Steiner	6bebd8b160	safety: ignore CVE-2018-20225, should never affect fdroidserver https://data.safetycli.com/v/67599/97c	2024-05-13 10:33:37 +02:00
Hans-Christoph Steiner	b36153b06c	safety: ignore CVE-2024-22190 it only affects Windows https://security-tracker.debian.org/tracker/CVE-2024-22190	2024-02-14 17:46:12 +01:00
Michael Pöhn	ac2a3896aa	🩹 fix bandit warning F-Droid server doesn't fetch pip dependencies directly from mercurial/hg repositories. So https://data.safetycli.com/v/62044/f17/ is not affecting us. Hence we can ingore it.	2023-11-30 17:49:55 +01:00
Hans-Christoph Steiner	667567abb8	safety: ignore CVEs patched in Debian	2023-10-10 09:33:51 +02:00
Hans-Christoph Steiner	17cb026d97	safety: ignore 60350, it is being handled in Debian * https://security-tracker.debian.org/tracker/CVE-2023-40267	2023-09-20 10:10:15 +02:00
Hans-Christoph Steiner	98769d8405	gitlab-ci: ignore setuptools DoS error from safety	2023-02-02 15:49:20 +01:00

11 commits