fix: cves should be permitted

- we should permit .releaseNotes.cves since the docs mention them and populate-release-notes-images requires them Signed-off-by: Scott Hebert <[email protected]>
konflux-ci · Nov 15, 2024 · 99e6abc · 99e6abc
1 parent 9e39fca
commit 99e6abc
Showing 1 changed file with 24 additions and 0 deletions.
diff --git a/schema/dataKeys.json b/schema/dataKeys.json
@@ -152,6 +152,30 @@
             "type": "string"
           }
         },
+        "cves": {
+          "type": "array",
+          "items": {
+            "additionalProperties": false,
+            "type": "object",
+            "properties": {
+              "key": {
+                "type": "string",
+                "description": "The key of the CVE e.g. CVE-3414"
+              },
+              "component": {
+                "type": "string",
+                "description": "The name of the component"
+              },
+              "packages": {
+                "type": "array",
+                "description": "A list of packages that fixed the CVE e.g. [ 'pkg:golang/golang.org/x/net/[email protected]' ]",
+                "items": {
+                  "type": "string"
+                }
+              }
+            }
+          }
+        },
         "issues": {
           "type": "object",
           "additionalProperties": false,