2023-05-03 14:49:32 +00:00
|
|
|
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
|
|
|
|
version: v1.25.0
|
|
|
|
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
|
2023-10-26 15:28:37 +00:00
|
|
|
ignore:
|
2023-11-28 16:58:54 +00:00
|
|
|
# in case snyk wants werkzeug v3, in the future:
|
2023-10-26 15:28:37 +00:00
|
|
|
# we cannot upgrade werkzeug because it breaks connexion
|
|
|
|
# and we can't upgrade connexion because it downgrades werkzeug.
|
2024-05-13 14:28:58 +00:00
|
|
|
# this means we cannot satisfy the snyk requirement to upgrade werkzeug to v3.
|
2023-11-15 19:54:03 +00:00
|
|
|
# we have a ticket to workaround it:
|
2023-10-26 15:28:37 +00:00
|
|
|
# https://github.com/sartography/spiff-arena/issues/592
|
2024-02-01 19:02:49 +00:00
|
|
|
# SNYK-PYTHON-CRYPTOGRAPHY-6050294:
|
|
|
|
# - '*':
|
|
|
|
# reason: No current resolution
|
|
|
|
# expires: 2024-12-15T19:52:08.948Z
|
|
|
|
# created: 2023-11-15T19:52:08.954Z
|
2024-04-16 14:22:57 +00:00
|
|
|
SNYK-PYTHON-GUNICORN-6615672:
|
|
|
|
- '*':
|
|
|
|
reason: No current resolution
|
|
|
|
expires: 2024-05-16T14:21:10.348Z
|
|
|
|
created: 2024-04-16T14:21:10.357Z
|
|
|
|
SNYK-PYTHON-CRYPTOGRAPHY-6592767:
|
|
|
|
- '*':
|
|
|
|
reason: No current resolution
|
|
|
|
expires: 2024-05-16T14:21:30.321Z
|
|
|
|
created: 2024-04-16T14:21:30.331Z
|
2024-05-02 17:24:37 +00:00
|
|
|
SNYK-PYTHON-FLASKCORS-6670412:
|
|
|
|
- '*':
|
|
|
|
reason: no fix available
|
|
|
|
expires: 2024-11-01T00:00:00.000Z
|
|
|
|
created: 2024-05-02T17:22:47.098Z
|
2024-05-13 14:28:58 +00:00
|
|
|
SNYK-PYTHON-WERKZEUG-6808933:
|
|
|
|
- '*':
|
|
|
|
reason: unable to upgrade. see above comment.
|
|
|
|
expires: 2024-11-01T00:00:00.000Z
|
|
|
|
created: 2024-05-13T17:22:47.098Z
|
2023-11-15 19:54:03 +00:00
|
|
|
|
2023-05-03 14:49:32 +00:00
|
|
|
patch: {}
|
2023-10-19 18:22:52 +00:00
|
|
|
|
|
|
|
# when running snyk ignore to ignore issues with "snyk code test"
|
|
|
|
# make sure to EXCLUDE the id option. Otherwise a bad file is created.
|
|
|
|
#
|
|
|
|
# Works:
|
|
|
|
# snyk ignore --file-path=src/spiffworkflow_backend/routes/debug_controller.py
|
|
|
|
#
|
|
|
|
# Des not work:
|
|
|
|
# snyk ignore --file-path=src/spiffworkflow_backend/routes/debug_controller.py --id=whatever
|
|
|
|
#
|
|
|
|
# a single vulnerability cannot be ignored for "snyk code test". Only whole files can be ingored.
|
|
|
|
exclude:
|
|
|
|
global:
|
|
|
|
- src/spiffworkflow_backend/routes/debug_controller.py
|