Symfony: ignore bogus CVEs

Author: glaubinix

src/SecurityAdvisory/GitHubSecurityAdvisoriesSource.php

@@ -28,6 +28,11 @@ class GitHubSecurityAdvisoriesSource implements SecurityAdvisorySourceInterface
 {
     public const SOURCE_NAME = 'GitHub';
 
+    private const IGNORE_CVES = [
+        'CVE-2024-36611', // @see https://phpc.social/@wouterj/113588554019692959
+        'CVE-2024-36610', // @see https://phpc.social/@wouterj/113588554019692959
+    ];
+
     /**
      * @param list<string> $fallbackGhTokens
      */
@@ -95,6 +100,10 @@ public function getAdvisories(ConsoleIO $io): ?RemoteSecurityAdvisoryCollection
                     continue;
                 }
 
+                if (in_array($cve, self::IGNORE_CVES, true)) {
+                    continue;
+                }
+
                 $packageName = strtolower($node['package']['name']);
 
                 // GitHub adds spaces everywhere e.g. > 1.0, adjust to be able to match other advisories