[Issue #2582] Ignore CVEs in upstream golang CLI (#2606)

coilysiren · web-flow · commit ff57a80c02bf · 2024-10-28T09:50:26.000-07:00
## Summary Relates to #2582 ### Time to review: __1 mins__ ## Changes proposed Ignores the CVE originally found in #2572
diff --git a/.grype.yml b/.grype.yml
@@ -18,3 +18,8 @@ ignore:
   - fix-state: not-fixed
   - fix-state: wont-fix
   - fix-state: unknown
+
+  # https://github.com/HHS/simpler-grants-gov/issues/2582
+  - vulnerability: CVE-2024-34158
+  - vulnerability: CVE-2024-34156
+  - vulnerability: CVE-2024-34155
diff --git a/analytics/Makefile b/analytics/Makefile
@@ -200,3 +200,4 @@ percent-complete:
 sprint-reports: sprint-burndown percent-complete
 
 sprint-reports-with-latest-data: gh-data-export sprint-reports
+

Original file line number	Diff line number	Diff line change
`@@ -200,3 +200,4 @@ percent-complete:`
`200`	`200`	`sprint-reports: sprint-burndown percent-complete`
`201`	`201`
`202`	`202`	`sprint-reports-with-latest-data: gh-data-export sprint-reports`
	`203`	`+`