# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. version: v1.25.0 # ignores vulnerabilities until expiry date; change duration by modifying expiry date ignore: # in case snyk wants werkzeug v3, in the future: # we cannot upgrade werkzeug because it breaks connexion # and we can't upgrade connexion because it downgrades werkzeug. # this means we cannot satisfy the snyk requirement to upgrade werkzeug to v3. # we have a ticket to workaround it: # https://github.com/sartography/spiff-arena/issues/592 # SNYK-PYTHON-CRYPTOGRAPHY-6050294: # - '*': # reason: No current resolution # expires: 2024-12-15T19:52:08.948Z # created: 2023-11-15T19:52:08.954Z SNYK-PYTHON-GUNICORN-6615672: - '*': reason: No current resolution expires: 2024-05-16T14:21:10.348Z created: 2024-04-16T14:21:10.357Z SNYK-PYTHON-CRYPTOGRAPHY-6592767: - '*': reason: No current resolution expires: 2024-05-16T14:21:30.321Z created: 2024-04-16T14:21:30.331Z SNYK-PYTHON-FLASKCORS-6670412: - '*': reason: no fix available expires: 2024-11-01T00:00:00.000Z created: 2024-05-02T17:22:47.098Z SNYK-PYTHON-WERKZEUG-6808933: - '*': reason: unable to upgrade. see above comment. expires: 2024-11-01T00:00:00.000Z created: 2024-05-13T17:22:47.098Z patch: {} # when running snyk ignore to ignore issues with "snyk code test" # make sure to EXCLUDE the id option. Otherwise a bad file is created. # # Works: # snyk ignore --file-path=src/spiffworkflow_backend/routes/debug_controller.py # # Des not work: # snyk ignore --file-path=src/spiffworkflow_backend/routes/debug_controller.py --id=whatever # # a single vulnerability cannot be ignored for "snyk code test". Only whole files can be ingored. exclude: global: - src/spiffworkflow_backend/routes/debug_controller.py