Skip to content

Commit

Permalink
[Unticketed] Ignore vulnerability for issue with pending fix (#3310)
Browse files Browse the repository at this point in the history 
## Summary

### Time to review: __2 mins__

## Changes proposed
Ignore
[GHSA-v778-237x-gjrc](GHSA-v778-237x-gjrc)

Cleaned up old ignores that _should_ be fixed by now

## Context for reviewers
This vulnerability is in a dependency pulled in by the Github CLI. A
[fix was
made](cli/cli@1af4210)
but no new release has occurred, likely due to the holidays.
https://github.com/cli/cli/releases

As this vulnerability already would exist in our image, ignoring it for
now seems uneventful, and the issue shouldn't persist beyond the
holidays.
  • Loading branch information
@chouinar
chouinar authored Dec 19, 2024
1 parent f9ec087 commit 0525398
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions .grype.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,3 +23,8 @@ ignore:
- vulnerability: CVE-2024-34158
- vulnerability: CVE-2024-34156
- vulnerability: CVE-2024-34155
# Issue due to crypto package pulled in by GitHub CLI
# Will be fixed in next GitHub CLI release
# Last Checked: Dec 19th, 2024
- vulnerability: GHSA-v778-237x-gjrc
- vulnerability: GHSA-w32m-9786-jp63

0 comments on commit 0525398

Please sign in to comment.