From 5a7722fd1839d563a1d94305d8320f4a6697f36d Mon Sep 17 00:00:00 2001 From: Romain LE JEUNE Date: Tue, 25 Oct 2022 18:08:05 +0200 Subject: [PATCH] GODT-1645: ignore CVE gobinsec false positive --- utils/gobinsec_conf.yml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/utils/gobinsec_conf.yml b/utils/gobinsec_conf.yml index 1df79ae6..4b0d0382 100644 --- a/utils/gobinsec_conf.yml +++ b/utils/gobinsec_conf.yml @@ -8,5 +8,14 @@ file: expiration: "24h" ignore: - # golang.org/x/net wrong match, we are using 2871e0cb, fixed by 37e1c6af + # golang.org/x/net wrong match, we are using v0.1.0, fixed by 37e1c6af in v0.0.xxx - "CVE-2021-33194" + # golang.org/x/crypto wrong match, we are using v0.1.0 all of this have been fixed in vO.O.xx + - "CVE-2019-11840" + - "CVE-2020-29652" + - "CVE-2021-43565" + - "CVE-2022-27191" + - "CVE-2020-9283" + - "CVE-2017-3204" + # golang.org/x/text wrong match, we are using v0.4.0, fixed in a previous version + - "CVE-2020-14040"