status-im
/
consul
mirror of https://github.com/status-im/consul.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

security: triage false positive for go-jose/v3 (#20901) 

Per https://osv.dev/vulnerability/GO-2024-2631 this vulnerability is not
present in the version currently used (go-jose/v3@3.0.3).
This commit is contained in:
Michael Zalimeni 2024-03-26 17:27:50 -04:00 committed by GitHub
parent d7f25631ce
commit cc959dcdf4
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 22 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
.release/security-scan.hcl
View File

@ -67,4 +67,15 @@ binary {
] ]
} }
} }
# Triage items that are _safe_ to ignore here. Note that this list should be
# periodically cleaned up to remove items that are no longer found by the scanner.
triage {
suppress {
# N.b. `vulnerabilites` is the correct spelling for this tool.
vulnerabilites = [
"GO-2024-2631", # go-jose/v3@v3.0.3 (false positive)
]
}
}
} }

11
scan.hcl
View File

@ -22,4 +22,15 @@ repository {
secrets { secrets {
all = true all = true
} }
# Triage items that are _safe_ to ignore here. Note that this list should be
# periodically cleaned up to remove items that are no longer found by the scanner.
triage {
suppress {
# N.b. `vulnerabilites` is the correct spelling for this tool.
vulnerabilites = [
"GO-2024-2631", # go-jose/v3@v3.0.3 (false positive)
]
}
}
} }