-
Notifications
You must be signed in to change notification settings - Fork 1
/
.snyk
142 lines (142 loc) · 6.08 KB
/
.snyk
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.25.1
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
SNYK-PYTHON-JUPYTERSERVER-6099119:
- '*':
reason: >-
If a user is logged in to the Jupyter Server (which we do not use),
and an error occurs, other users can see the errors. At most, it will
include where a particular file is stored, and therefore is not
sensitive to us at all. Exception approved by email between Andreas,
Martin and Søren on 2023-12-07.
created: 2023-12-14T08:00:06.167Z
SNYK-PYTHON-MLFLOW-6069159:
- '*':
reason: >-
Vulnerability in MLFlow server, which we do not use. Exception
approved via Slack huddle between Andreas and Martin on 2023-12-14.
created: 2023-12-14T08:01:30.546Z
SNYK-PYTHON-MLFLOW-6117546:
- '*':
reason: >-
Vulnerability in MLFlow server, which we do not use. Exception
approved via Slack huddle between Andreas and Martin on 2023-12-14.
created: 2023-12-14T08:01:38.020Z
SNYK-PYTHON-MLFLOW-6124044:
- '*':
reason: >-
Vulnerability if streaming datasets from a web server, allowing them
to write to a directory outside of the current directory. Streaming
datasets from the web with mlflow is not allowed, and writing to a
directory is a relatively minor vulnerability. Exception approved via
Slack huddle between Andreas and Martin on 2023-12-14.
created: 2023-12-14T08:03:24.839Z
SNYK-PYTHON-MLFLOW-6134596:
- '*':
reason: >-
Vulnerability in running mlflow-server and mlflow-ui which we do not
use, and which requires access to the host server. Exception approved
via zoom call between Andreas and Lasse on 2024-01-04.
created: 2024-01-04T08:00:00.000Z
SNYK-PYTHON-MLFLOW-6615820:
- '*':
reason: >-
Vulnerability in MLFlow server, which we do not use. Exception
approved via Slack conversation on 2024-04-26.
created: 2024-04-26T11:12:00.000Z
SNYK-PYTHON-GUNICORN-6615672:
- '*':
reason: >-
Vulnerability in server, which we do not use. Exception approved via
Slack conversation on 2024-04-26.
created: 2024-04-26T11:12:00.000Z
SNYK-PYTHON-JOBLIB-6913425:
- '*':
reason: >-
Unpickling is dangerous in general, not specific to joblib. Exception
approved via Slack conversation in snyk-alerts channel on 2024-05-22.
expires: 2024-06-21T06:14:12.328Z
created: 2024-05-22T06:14:12.354Z
SNYK-PYTHON-WANDB-6860240:
- '*':
reason: >-
Vulnerability in wandb, which we do not use. Exception approved via
Slack conversation in snyk-alerts channel on 2024-05-27.
created: 2024-05-27T06:59:50.944Z
SNYK-PYTHON-PYTORCHLIGHTNING-7218866:
- '*':
reason: >-
Vulnerability in pytorch lightning if exposing lightning.app
endpoints which we do not. Exception approved via Slack conversation
in programming channel on 2024-06-12.
created: 2024-06-18T06:59:50.944Z
SNYK-PYTHON-TORCH-7231127:
- '*':
reason: >-
Vulnerability in torch if training multi-node, which we do not.
Exception approved via Slack conversation in programming channel on
2024-06-18.
created: 2024-06-18T06:59:50.944Z
SNYK-PYTHON-MLFLOW-7210332:
- '*':
reason: 'See Slack #programming for 25/06/2024'
created: 2024-06-25T11:57:53.860Z
SNYK-PYTHON-MLFLOW-7210311:
- '*':
reason: 'See Slack #programming for 25/06/2024'
created: 2024-06-25T11:59:14.109Z
SNYK-PYTHON-MLFLOW-7210309:
- '*':
reason: 'See Slack #programming for 25/06/2024'
created: 2024-06-25T11:59:14.109Z
SNYK-PYTHON-MLFLOW-7210300:
- '*':
reason: 'See Slack #programming for 25/06/2024'
created: 2024-06-25T11:59:14.109Z
SNYK-PYTHON-MLFLOW-7210331:
- '*':
reason: 'See Slack #programming for 25/06/2024'
created: 2024-06-25T11:59:14.109Z
SNYK-PYTHON-MLFLOW-7210333:
- '*':
reason: 'See Slack #programming for 25/06/2024'
created: 2024-06-25T11:59:14.109Z
SNYK-PYTHON-MLFLOW-7210334:
- '*':
reason: 'See Slack #programming for 25/06/2024'
created: 2024-06-25T11:59:14.109Z
SNYK-PYTHON-MLFLOW-7210335:
- '*':
reason: 'See Slack #programming for 25/06/2024'
created: 2024-06-25T11:59:14.109Z
SNYK-PYTHON-MLFLOW-7210336:
- '*':
reason: 'See Slack #programming for 25/06/2024'
created: 2024-06-25T11:59:14.109Z
SNYK-PYTHON-PYTORCHLIGHTNING-7411413:
- '*':
reason: >-
Vulnerability in pytorch lightning through the /v1/runs API endpoint
when extracting tar.gz files which we do not. Exception approved via
Slack conversation in programming channel on 2024-08-05.
created: 2024-08-01T15:45:50.944Z
SNYK-PYTHON-NLTK-7411380:
- '*':
reason: >-
Vulnerability in nltk which we do not use Exception approved via Slack
conversation in programming channel on 2024-08-05.
created: 2024-08-01T15:50:53.944Z
SNYK-PYTHON-TRANSFORMERS-8400823:
- '*':
reason: Vulnerability related to loading in malicious model files, which is not relevant for us. Exception approved via Slack conversation in programming channel on 03/06/2024.
created: 2024-12-03T08:02:34.487Z
SNYK-PYTHON-TRANSFORMERS-8400822:
- '*':
reason: Vulnerability related to loading in malicious model files, which is not relevant for us. Exception approved via Slack conversation in programming channel on 03/06/2024.
created: 2024-12-03T08:02:58.812Z
SNYK-PYTHON-TRANSFORMERS-8400820:
- '*':
reason: Vulnerability related to loading in malicious model files, which is not relevant for us. Exception approved via Slack conversation in programming channel on 03/06/2024.
created: 2024-12-03T08:03:06.650Z
patch: {}