generated from giantswarm/template-operator
-
Notifications
You must be signed in to change notification settings - Fork 2
/
.nancy-ignore
35 lines (30 loc) · 1.29 KB
/
.nancy-ignore
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
# Ignore CVE fixed in prometheus 2.7.1 as the tag version is using a newer prometheus version
CVE-2019-3826
# pkg:golang/github.com/gin-gonic/gin@v1.4.0
# imported from: github.com/giantswarm/operatorkit/v7@v7.0.1
sonatype-2020-0921 until=2022-11-01
CVE-2020-28483 until=2022-11-01
# pkg:golang/github.com/hashicorp/consul/api@v1.12.0
# imported from: github.com/spf13/viper@v1.11.0 (current latest)
CVE-2022-29153 until=2022-11-01
CVE-2022-24687 until=2022-11-01
# pkg:golang/github.com/hashicorp/consul/sdk@v0.8.0
# imported from:
# - github.com/giantswarm/exporterkit@v1.0.0
# - github.com/giantswarm/operatorkit/v7@v7.0.1
# - github.com/giantswarm/microendpoint@v1.0.0
# - github.com/giantswarm/microkit@v1.0.0
# - sigs.k8s.io/cluster-api@v1.0.5
CVE-2022-29153 until=2022-11-01
CVE-2022-24687 until=2022-11-01
# pkg:golang/github.com/urfave/negroni@v1.0.0
# imported from: github.com/giantswarm/operatorkit/v7@v7.0.1
sonatype-2021-1485 until=2022-11-01
# pkg:golang/go.mongodb.org/mongo-driver@v1.1.2
# imported from:
# - github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring@v0.52.1
# - github.com/giantswarm/operatorkit/v7@v7.0.1
# - k8s.io/apiextensions-apiserver@v0.22.3
# - sigs.k8s.io/cluster-api@v1.0.5
# - sigs.k8s.io/controller-runtime@v0.10.3
CVE-2021-20329 until=2022-11-01