From 99e6abcd4dd91c66f55fa9aa548acaabf8777b9a Mon Sep 17 00:00:00 2001
From: Scott Hebert <scoheb@gmail.com>
Date: Fri, 15 Nov 2024 12:28:52 -0500
Subject: [PATCH] fix: cves should be permitted

- we should permit .releaseNotes.cves since the docs mention
  them and populate-release-notes-images requires them

Signed-off-by: Scott Hebert <scoheb@gmail.com>
---
 schema/dataKeys.json | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/schema/dataKeys.json b/schema/dataKeys.json
index 0d38beccc..34babc77a 100644
--- a/schema/dataKeys.json
+++ b/schema/dataKeys.json
@@ -152,6 +152,30 @@
             "type": "string"
           }
         },
+        "cves": {
+          "type": "array",
+          "items": {
+            "additionalProperties": false,
+            "type": "object",
+            "properties": {
+              "key": {
+                "type": "string",
+                "description": "The key of the CVE e.g. CVE-3414"
+              },
+              "component": {
+                "type": "string",
+                "description": "The name of the component"
+              },
+              "packages": {
+                "type": "array",
+                "description": "A list of packages that fixed the CVE e.g. [ 'pkg:golang/golang.org/x/net/http2@1.11.1' ]",
+                "items": {
+                  "type": "string"
+                }
+              }
+            }
+          }
+        },
         "issues": {
           "type": "object",
           "additionalProperties": false,