NOTICK: Snyk waivers added for Corda5-Beta1 release (#18)

2023-02-08 07:29:50 +00:00 · 2023-02-08 07:29:50 +00:00 · df70f31002
commit df70f31002
parent 2a0cf58c9b
1 changed files with 22 additions and 0 deletions
--- a/.snyk
+++ b/.snyk
@ -0,0 +1,22 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.25.0
+# ignores vulnerabilities until expiry date; change duration by modifying expiry date
+ignore:
+  SNYK-JAVA-ORGJETBRAINSKOTLIN-2393744:
+    - '*':
+        reason: >-
+          This vulnerability relates to information exposure via creation of
+          temporary files (via Kotlin functions) with insecure permissions.
+          Corda does not use any of the vulnerable functions so it is not
+          susceptible to this vulnerability
+        expires: 2023-06-19T17:15:26.836Z
+        created: 2023-02-02T17:15:26.839Z
+  SNYK-JAVA-ORGJETBRAINSKOTLIN-2628385:
+    - '*':
+        reason: >-
+          corda-simulator-runtime is a testRuntimeOnly dependency, as such this
+          dependency  will not be included in any cordaApp produced by the CSDE
+          project Template
+        expires: 2023-06-19T17:16:00.009Z
+        created: 2023-02-02T17:16:00.016Z
+patch: {}