-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.nancy-ignore
More file actions
21 lines (18 loc) · 886 Bytes
/
.nancy-ignore
File metadata and controls
21 lines (18 loc) · 886 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
# The go-libp2p dependency is not used directly in this plugin so the following
# issue can be ignored within the scope of this repo. Container should consult
# https://ossindex.sonatype.org/vulnerability/CVE-2022-23492?component-type=golang&component-name=github.com%2Flibp2p%2Fgo-libp2p&utm_source=nancy-client&utm_medium=integration&utm_content=1.0.42
# for more info on the following vulnerability.
CVE-2022-23492
# Replaced or removed dependencies to eliminate vulnerabilities
CVE-2021-3121
CVE-2022-36640
# Skip indirect/transitive dependencies where code path not hit, or affected library features are not utilized.
CVE-2022-23328
sonatype-2021-0076
CVE-2022-37450
sonatype-2019-0772
sonatype-2022-3945
CVE-2021-42219
# golang.org/x/net is not used directly by anything in this repo, however
# go-ethereum may use it. container applications should be cautioned
CVE-2022-41723