Add nancy-ignore to make it pass with current dependencies (#7590)

Signed-off-by: Marcel Müller <marcel@giantswarm.io>
2025-03-13 19:28:55 +00:00 · 2023-06-19 19:30:23 +02:00 · 2023-06-19 19:30:23 +02:00 · 2a2be0ae5a
commit 2a2be0ae5a
parent 3786e49cad
2 changed files with 31 additions and 0 deletions
--- a/.github/workflows/nancy.yaml
+++ b/.github/workflows/nancy.yaml
@ -2,6 +2,9 @@ name: Nancy

 on:
  push:
+    branches:
+      - '*'
+  pull_request:
    branches:
      - 'main'
      - 'release*'
--- a/.nancy-ignore
+++ b/.nancy-ignore
@ -0,0 +1,28 @@
+# golang/github.com/hashicorp/consul/api@v1.18.0
+# golang/github.com/hashicorp/consul/sdk@v0.3.0
+CVE-2022-29153 until=2023-07-31
+# golang/github.com/nats-io/jwt@v0.3.2
+# golang/github.com/nats-io/nats-server/v2@v2.1.2
+CVE-2020-26892 until=2023-07-31
+CVE-2021-3127 until=2023-07-31
+CVE-2022-24450 until=2023-07-31
+CVE-2020-26521 until=2023-07-31
+CVE-2020-28466 until=2023-07-31
+CVE-2022-29946 until=2023-07-31
+CVE-2022-42709 until=2023-07-31
+CVE-2022-42708 until=2023-07-31
+CVE-2021-32026 until=2023-07-31
+# golang/github.com/notaryproject/notation-go@v1.0.0-rc.3
+CVE-2023-33959 until=2023-07-31
+CVE-2023-33958 until=2023-07-31
+CVE-2023-33957 until=2023-07-31
+# golang/github.com/sigstore/rekor@v1.0.1
+CVE-2023-30551 until=2023-07-31
+CVE-2023-33199 until=2023-07-31
+# golang/github.com/valyala/fasthttp@v1.16.0
+CVE-2022-21221 until=2023-07-31
+# golang/go.etcd.io/etcd/v3@v3.6.0-alpha.0
+CVE-2021-28235 until=2023-07-31
+CVE-2023-0296 until=2023-07-31
+# golang/k8s.io/apiserver@v0.27.3
+CVE-2020-8561 until=2023-07-31