libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

Ignore license compliance warnings

Browse source 
Resolves #11225
This commit is contained in:
Bruno Oliveira da Silva 2022-04-11 16:17:05 -03:00
parent 20d037a4ad
commit bde2744650
1 changed files with 43 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

47
.github/snyk/.snyk vendored
View file

@ -1,7 +1,7 @@
version: v1.22.2 version: v1.22.2
ignore: ignore:
SNYK-JAVA-ORGKEYCLOAK-1062507: SNYK-JAVA-ORGKEYCLOAK-1062507:
- '*': - "*":
reason: > reason: >
The Keycloak core module is not affected by Open Redirect The Keycloak core module is not affected by Open Redirect
Vulnerability (CVE-2020-1723), that relates to Gatekeeper, an old Vulnerability (CVE-2020-1723), that relates to Gatekeeper, an old
@ -10,13 +10,13 @@ ignore:
- https://www.keycloak.org/2020/08/sunsetting-louketo-project.adoc - https://www.keycloak.org/2020/08/sunsetting-louketo-project.adoc
- https://hub.docker.com/r/keycloak/keycloak-gatekeeper - https://hub.docker.com/r/keycloak/keycloak-gatekeeper
SNYK-JAVA-ORGKEYCLOAK-1088339: SNYK-JAVA-ORGKEYCLOAK-1088339:
- '*': - "*":
reason: > reason: >
The Keycloak services module is not affected by CVE-2021-3461 anymore, The Keycloak services module is not affected by CVE-2021-3461 anymore,
the issue was fixed on Keycloak 14.0.0 last year. More details: the issue was fixed on Keycloak 14.0.0 last year. More details:
- https://issues.redhat.com/browse/KEYCLOAK-17495 - https://issues.redhat.com/browse/KEYCLOAK-17495
SNYK-JAVA-IONETTY-1042268: SNYK-JAVA-IONETTY-1042268:
- '*': - "*":
reason: > reason: >
There is no fixed version for io.netty:netty-handler. More details: There is no fixed version for io.netty:netty-handler. More details:
- https://github.com/netty/netty/issues/10806 - https://github.com/netty/netty/issues/10806
@ -26,5 +26,44 @@ ignore:
Netty Handler is a transitive dependency coming from Quarkus, Netty Handler is a transitive dependency coming from Quarkus,
according to the Netty team, the fix should be available on Netty 5. according to the Netty team, the fix should be available on Netty 5.
The expiry date was set as a reminder for us to upgrade, once they The expiry date was set as a reminder for us to upgrade, once they
provide the fix. provide the fix.
expires: 2022-05-31T00:00:00.000Z expires: 2022-05-31T00:00:00.000Z
# License warnings
snyk:lic:maven:org.eclipse.sisu:org.eclipse.sisu.plexus:EPL-1.0:
- "*":
reason: >
Suppress Snyk license compliance warnings for EPL. Transitive dependency from arquillian-phantom-driver.
snyk:lic:maven:org.eclipse.sisu:org.eclipse.sisu.inject:EPL-1.0:
- "*":
reason: >
Suppress Snyk license compliance warnings for EPL. Transitive dependency from arquillian-phantom-driver.
snyk:lic:maven:com.openshift:openshift-restclient-java:EPL-1.0:
- "*":
reason: >
Suppress Snyk license compliance warnings for EPL. Required by keycloak-services.
snyk:lic:maven:org.mariadb.jdbc:mariadb-java-client:LGPL-2.1:
- "*":
reason: >
Suppress Snyk license compliance warnings for EPL. Transitive dependency from quarkus-jdbc-mariadb.
snyk:lic:maven:org.jboss.narayana.jts:narayana-jts-integration:LGPL-2.1:
- "*":
reason: >
Suppress Snyk license compliance warnings for EPL. Transitive dependency from quarkus-hibernate-orm.
snyk:lic:maven:org.jboss.narayana.jta:narayana-jta:LGPL-2.1:
- "*":
reason: >
Suppress Snyk license compliance warnings for EPL. Transitive dependency from quarkus-hibernate-orm.
snyk:lic:maven:org.hibernate:hibernate-graalvm:LGPL-2.1:
- "*":
reason: >
Suppress Snyk license compliance warnings for EPL. Transitive dependency from quarkus-hibernate-orm.
snyk:lic:maven:org.hibernate:hibernate-core:LGPL-2.1:
- "*":
reason: >
Suppress Snyk license compliance warnings for EPL. Required by keycloak-model-jpa.
snyk:lic:maven:org.hibernate.common:hibernate-commons-annotations:LGPL-2.1:
- "*":
reason: >
Suppress Snyk license compliance warnings for EPL. Required by keycloak-model-jpa.