chore(ci): ignore snyk finding to allow time to validate fix path

snyk · Jan 8, 2025 · e02a33d · e02a33d
1 parent be96577
commit e02a33d
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 4 deletions.
diff --git a/.snyk b/.snyk
@@ -1,10 +1,12 @@
 # Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
-version: v1.25.0
+version: v1.25.1
 # ignores vulnerabilities until expiry date; change duration by modifying expiry date
 ignore:
   'snyk:lic:npm:shescape:MPL-2.0':
     - '*':
-        reason: --about lists all dependency licenses which is a requirement of MPL-2.0
+        reason: >-
+          --about lists all dependency licenses which is a requirement of
+          MPL-2.0
         expires: 2122-12-14T16:35:38.252Z
         created: 2022-11-14T16:35:38.260Z
   SNYK-JS-CROSSSPAWN-8303230:
@@ -17,11 +19,9 @@ ignore:
         reason: Not directely exploitable
         expires: 2025-01-01T00:12:20.523Z
         created: 2024-11-08T10:22:20.531Z
-
 patch: {}
 exclude:
   code:
     - test/**
-    # Remove the following line, once we can apply consistent ignores via the Web UIs
     - scripts/upgrade-snyk-go-dependencies.go
     - release-scripts/write-ls-protocol-version.go
diff --git a/cliv2/.snyk b/cliv2/.snyk
@@ -124,4 +124,9 @@ ignore:
         reason: Affected functionality is not used.
         expires: 2023-09-14T08:43:11.340Z
         created: 2022-09-14T08:43:11.370Z
+  SNYK-GOLANG-GITHUBCOMGOGITGOGITV5PLUMBING-8602520:
+    - '*':
+        reason: No immeditiately exploitable path. More time required to validate safety of upgrade
+        expires: 2025-02-07T12:38:43.627Z
+        created: 2025-01-08T12:38:43.632Z
 patch: {}