From 052539860361bf317117d70b9c7fd4e4a80e4785 Mon Sep 17 00:00:00 2001
From: Michael Chouinard <46358556+chouinar@users.noreply.github.com>
Date: Thu, 19 Dec 2024 10:42:23 -0500
Subject: [PATCH] [Unticketed] Ignore vulnerability for issue with pending fix
 (#3310)

## Summary

### Time to review: __2 mins__

## Changes proposed
Ignore
[GHSA-v778-237x-gjrc](https://github.com/advisories/GHSA-v778-237x-gjrc)

Cleaned up old ignores that _should_ be fixed by now

## Context for reviewers
This vulnerability is in a dependency pulled in by the Github CLI. A
[fix was
made](https://github.com/cli/cli/commit/1af421012e5e7a648577e091e5a094a80b75d720)
but no new release has occurred, likely due to the holidays.
https://github.com/cli/cli/releases

As this vulnerability already would exist in our image, ignoring it for
now seems uneventful, and the issue shouldn't persist beyond the
holidays.
---
 .grype.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.grype.yml b/.grype.yml
index 5f44af0d0..1cf95162a 100644
--- a/.grype.yml
+++ b/.grype.yml
@@ -23,3 +23,8 @@ ignore:
   - vulnerability: CVE-2024-34158
   - vulnerability: CVE-2024-34156
   - vulnerability: CVE-2024-34155
+  # Issue due to crypto package pulled in by GitHub CLI
+  # Will be fixed in next GitHub CLI release
+  # Last Checked: Dec 19th, 2024
+  - vulnerability: GHSA-v778-237x-gjrc
+  - vulnerability: GHSA-w32m-9786-jp63