Add CVE supression

android/app/src/main/kotlin/net/mullvad/mullvadvpn/viewmodel/ReportProblemViewModel.kt

@@ -7,11 +7,9 @@ import kotlinx.coroutines.delay
 import kotlinx.coroutines.flow.MutableSharedFlow
 import kotlinx.coroutines.flow.MutableStateFlow
 import kotlinx.coroutines.flow.SharingStarted
+import kotlinx.coroutines.flow.asSharedFlow
 import kotlinx.coroutines.flow.combine
 import kotlinx.coroutines.flow.stateIn
-import kotlinx.coroutines.flow.asSharedFlow
-import kotlinx.coroutines.flow.asStateFlow
-import kotlinx.coroutines.flow.update
 import kotlinx.coroutines.launch
 import net.mullvad.mullvadvpn.constant.MINIMUM_LOADING_TIME_MILLIS
 import net.mullvad.mullvadvpn.dataproxy.MullvadProblemReport
@@ -37,6 +35,7 @@ sealed interface ReportProblemSideEffect {
     data class ShowConfirmNoEmail(val email: String, val description: String) :
         ReportProblemSideEffect
 }
+
 class ReportProblemViewModel(
     private val mullvadProblemReporter: MullvadProblemReport,
     private val problemReportRepository: ProblemReportRepository

android/config/dependency-check-suppression.xml

@@ -51,4 +51,13 @@
         <packageUrl regex="true">^pkg:maven/com\.squareup\.okio/okio@.*$</packageUrl>
         <cve>CVE-2023-3635</cve>
     </suppress>
+    <suppress>
+        <notes><![CDATA[
+          This CVE only affect programs using loadXML and is derived from using ksp.
+          We do not use the loadXML, ksp is used to generate navigation paths in our code
+          and not for processesing any user input.
+        ]]></notes>
+        <packageUrl regex="true">^pkg:maven/com\.google\.devtools\.ksp/symbol\-processing.*@.*$</packageUrl>
+        <cve>CVE-2018-1000840</cve>
+    </suppress>
 </suppressions>