Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Unticketed] Ignore vulnerability for issue with pending fix #3310

Merged
merged 3 commits into from
Dec 19, 2024
Merged

[Unticketed] Ignore vulnerability for issue with pending fix #3310

merged 3 commits into from
Dec 19, 2024

Conversation

chouinar
Copy link
Collaborator

Summary

Time to review: 2 mins

Changes proposed

Ignore GHSA-v778-237x-gjrc

Cleaned up old ignores that should be fixed by now

Context for reviewers

This vulnerability is in a dependency pulled in by the Github CLI. A fix was made but no new release has occurred, likely due to the holidays. https://github.com/cli/cli/releases

As this vulnerability already would exist in our image, ignoring it for now seems uneventful, and the issue shouldn't persist beyond the holidays.

@chouinar chouinar requested a review from coilysiren December 19, 2024 15:22
@chouinar chouinar requested a review from mdragon as a code owner December 19, 2024 15:22
mdragon
mdragon approved these changes Dec 19, 2024
View reviewed changes
Copy link
Collaborator

@mdragon mdragon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving this, pending the clean vuln scans

@chouinar chouinar merged commit 0525398 into main Dec 19, 2024
15 checks passed
@chouinar chouinar deleted the chouinar/vuln-fixes branch December 19, 2024 15:42
doug-s-nava pushed a commit that referenced this pull request Dec 30, 2024
@chouinar @doug-s-nava
[Unticketed] Ignore vulnerability for issue with pending fix (#3310)
0b03627 
## Summary

### Time to review: __2 mins__

## Changes proposed
Ignore
[GHSA-v778-237x-gjrc](GHSA-v778-237x-gjrc)

Cleaned up old ignores that _should_ be fixed by now

## Context for reviewers
This vulnerability is in a dependency pulled in by the Github CLI. A
[fix was
made](cli/cli@1af4210)
but no new release has occurred, likely due to the holidays.
https://github.com/cli/cli/releases

As this vulnerability already would exist in our image, ignoring it for
now seems uneventful, and the issue shouldn't persist beyond the
holidays.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mdragon mdragon mdragon approved these changes

@coilysiren coilysiren Awaiting requested review from coilysiren

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@chouinar @mdragon