-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy path.pants-ignore
36 lines (36 loc) · 1.57 KB
/
.pants-ignore
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
{
"ignore": [
{
"id": "sonatype-2023-1611",
"reason": "No patched version of openssl (nor openssl-sys) is available at this time."
},
{
"id": "CVE-2023-26964",
"reason": "From the project issue: you can just safely ignore ... If you're using a client, with HTTP/2, but you're talking to your own servers, or you at least control the URLs to talk to servers you trust to not attack your client (most businesses), ignore. Vulnerability still flagged in [email protected]"
},
{
"id": "CVE-2023-1255",
"reason": "Low priority issue in [email protected]. Ignore for now, will upgrade if a patched version is published."
},
{
"id": "CVE-2023-3446",
"reason": "Ignore for now. Update after openssl-sys 0.9.90+ patch is released. see: https://github.com/openssl/openssl/pull/21451"
},
{
"id": "CVE-2023-2975",
"reason": "Ignore as project states issue is low severity. Review if openssl-sys 0.9.90+ 'AES-SIV cipher with empty associated data entries' patch is released."
},
{
"id": "CVE-2023-5363",
"reason": "Ignore as issue is low severity and ssl is not affected. Review if openssl-sys 0.9.94+ patch is released."
},
{
"id": "CVE-2024-0727",
"reason": "Allow time for Fast-Track process to possibly re-categorize this vulnerability. The external links all describe the issue as 'low severity'."
},
{
"id": "CVE-2024-3296",
"reason": "Ignore while debate rages in https://github.com/sfackler/rust-openssl/issues/2171"
}
]
}