NOTICK: Remaining snyk waivers updated for Corda OS 4.10

This commit is contained in:
Ritu 2023-01-04 11:56:03 +00:00
parent 14ab3f38c2
commit a98f17922c

29
.snyk
View File

@ -196,4 +196,33 @@ ignore:
they are not susceptible.
expires: 2023-03-28T11:40:29.871Z
created: 2022-12-29T11:40:29.896Z
SNYK-JAVA-ORGYAML-3152153:
- '*':
reason: >-
There is a transitive dependency on snakeyaml from the third party
components jackson-dataformat-yaml and liquidbase-core. The
jackson-dataformat-yaml component does not use the snakeyaml
databinding layer. For liquidbase we use xml in the changelog files
not yaml. So given this Corda is not susceptible to this
vulnerability.Cordapp authors should exercise their own judgment if
using this library directly in their cordapp.
expires: 2023-02-03T11:35:04.385Z
created: 2023-01-04T11:35:04.414Z
SNYK-JAVA-IONETTY-3167773:
- '*':
reason: >-
Corda does not use Netty HTTP (and does not use HTTP in the P2P
protocol) . This is a transitive dependency of Netty comms library,
but it is not used in Corda, which uses a custom binary protocol
secured by mutually authenticated TLS. The vulnerability relating to
HTTP Response splitting is not exposed.
expires: 2023-02-03T11:40:51.456Z
created: 2023-01-04T11:40:51.467Z
SNYK-JAVA-COMH2DATABASE-3146851:
- '*':
reason: >-
Corda does not make use of the H2 web admin console, so it not
susceptible to this reported vulnerability
expires: 2023-02-03T11:45:11.295Z
created: 2023-01-04T11:45:11.322Z
patch: {}