CMSgov/dpc-app

View on GitHub
.snyk

Summary

Maintainability
Test Coverage
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.22.1
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
  SNYK-JAVA-IONETTY-564897:
    - '*':
        reason: not using the vulnerable version
        created: 2021-09-15T15:32:25.107Z
  SNYK-JAVA-ORGGLASSFISHJERSEYMEDIA-595972:
    - '*':
        reason: Used by tests only (see DPC-1672)
        created: 2021-09-30T17:56:02.919Z
  SNYK-JAVA-ORGMOCKSERVER-1566476:
    - '*':
        reason: 'this is test code, signed off in DPC-1737'
        created: 2021-09-29T14:56:29.781Z
  SNYK-JAVA-ORGECLIPSEJETTY-1300835:
    - '*':
        reason: signed off in DPC-1775
        created: 2021-10-14T15:25:20.041Z
  SNYK-JAVA-CAUHNHAPIFHIR-1290498:
    - '*':
        reason: see DPC-1675
        created: 2021-10-23T22:16:31.218Z
  SNYK-RUBY-OMNIAUTH-174820:
    - '*':
        reason: mitigated with omniauth-rails_csrf_protection gem
        created: 2021-11-17T09:55:0.0Z
  SNYK-PYTHON-IPADDRESS-1290073:
    - '*':
        reason: see DPC-1767
        created: 2021-11-10T15:44:18.882Z
  SNYK-PYTHON-IPADDRESS-1041793:
    - '*':
        reason: see DPC-1767
        created: 2021-11-10T15:44:47.119Z
  SNYK-PYTHON-IPADDRESS-590065:
    - '*':
        reason: see DPC-1767
        created: 2021-11-10T15:45:04.084Z
  SNYK-PYTHON-CRYPTOGRAPHY-1022152:
    - '*':
        reason: see DPC-1757, used only for kicking off smoke tests
        created: 2021-11-10T15:36:14.559Z
  SNYK-RUBY-NOKOGIRI-1726792:
    - '*':
        reason: false positive; alert says to upgrade to already-installed version
        created: 2021-11-17T13:35:10.514Z
  SNYK-JAVA-ORGHIBERNATE-568162:
    - '*':
        reason: see DPC-1749
        created: 2021-11-19T16:01:0.0Z
  SNYK-JAVA-ORGHIBERNATE-569100:
    - '*':
        reason: see DPC-1749
        created: 2021-11-19T16:01:0.0Z
  SNYK-JAVA-ORGECLIPSEJETTY-1080611:
    - '*':
        reason: see DPC-1758
        created: 2021-11-19T16:01:0.0Z
  SNYK-JAVA-NETMINIDEV-1298655:
    - '*':
        reason: false positive; already upgraded
        created: 2021-12-14T15:24:0.0Z
  SNYK-JAVA-ORGJSOUP-1567345:
    - '*':
        reason: false positive; already upgraded
        created: 2021-12-22T12:17:0.0Z
  SNYK-JAVA-ORGAPACHECOMMONS-1316638:
    - '*':
        reason: see DPC-1675
        created: 2021-12-22T12:27:0.0Z
  SNYK-JAVA-ORGAPACHECOMMONS-1316639:
    - '*':
        reason: see DPC-1675
        created: 2021-12-22T12:27:0.0Z
  SNYK-JAVA-ORGAPACHECOMMONS-1316640:
    - '*':
        reason: see DPC-1675
        created: 2021-12-22T12:27:0.0Z
  SNYK-JAVA-ORGAPACHECOMMONS-1316641:
    - '*':
        reason: see DPC-1675
        created: 2021-12-22T12:27:0.0Z
  SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2321524:
    - '*':
        reason: false positive; already upgraded
        created: 2021-12-22T12:46:0.0Z
  SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2320014:
    - '*':
        reason: false positive; already upgraded
        created: 2021-12-22T12:46:0.0Z
patch: {}