safety: make CVE-2024-5569 just a warning

We get these packages from Debian, zipp is not used in production, and its only a DoS.
2026-05-15 19:34:34 -04:00 · 2024-08-19 11:59:43 +02:00
parent 3a1bbb54aa
commit ef247bc97a
1 changed files with 3 additions and 0 deletions
--- a/.safety-policy.yml
+++ b/.safety-policy.yml
@@ -26,3 +26,6 @@ security:
    70612:
      reason: jinja2 is not used by fdroidserver, nor any dependencies I could find via debtree and pipdeptree.
      expires: '2026-05-31'
+    72132:
+      reason: We get these packages from Debian, zipp is not used in production, and its only a DoS.
+      expires: '2026-08-31'