Skip to content

Commit

Permalink
chore: snyk ignore golang.org CWE-226
Browse files Browse the repository at this point in the history 
We are currently getting [CWE-226](https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXSYSUNIX-3310442) alerts while using esbuild in our container

This is due to the esbuild maintainers fixing the golang version to v0.0.0
see:
evanw/esbuild@fd13718
evanw/esbuild#3254
evanw/esbuild#3248

As we cannot resolve this ourselves, we will ignore it for the next 6 months
  • Loading branch information
@naseberry
naseberry committed Sep 11, 2023
1 parent 9487c3a commit 7f1b482
Showing 1 changed file with 10 additions and 0 deletions.
10 changes: 10 additions & 0 deletions .snyk
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.25.0
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
SNYK-GOLANG-GOLANGORGXSYSUNIX-3310442:
- '*':
reason: esbuild's go dependency fixed to v0.0.0
expires: 2024-03-07T08:00:00.000Z
created: 2023-09-08T08:00:00.000Z
patch: {}

0 comments on commit 7f1b482

Please sign in to comment.