This repository has been archived by the owner on Apr 21, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 24
/
Copy path.snyk
69 lines (69 loc) · 3.43 KB
/
.snyk
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.13.5
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
SNYK-PYTHON-BEAKER-575115:
- '*':
reason: >-
No remediation available yet; Not affecting us since the storage is not accessible to any other client
expires: 2021-02-10T06:00:00.000Z
SNYK-PYTHON-SQLALCHEMY-173678:
- '*':
reason: >-
No remediation path available for CKAN2.3 (not compatible with SQLALCHEMY > 2.7.x). Need to resolve moving to
CKAN2.8 for catalog (https://github.com/GSA/datagov-ckan-multi/issues/298). Reviewed group_by and order_by
usage manually, all user input sanitized.
expires: 2021-02-23T06:00:00.000Z
SNYK-PYTHON-SQLALCHEMY-590109:
- '*':
reason: >-
No remediation path available for CKAN2.3 (not compatible with SQLALCHEMY > 2.7.x). Need to resolve moving to
CKAN2.8 for catalog (https://github.com/GSA/datagov-ckan-multi/issues/298). Reviewed group_by and order_by
usage manually, all user input sanitized.
expires: 2021-02-23T06:00:00.000Z
SNYK-PYTHON-JINJA2-455616:
- '*':
reason: >-
No remediation path available for CKAN2.3 (not compatible with Jinja > 2.6.0). Need to resolve moving to
CKAN2.8 for catalog (https://github.com/GSA/datagov-ckan-multi/issues/298). Forms for data.gov only
accessible to government users, risk is acceptable.
expires: 2021-02-23T06:00:00.000Z
SNYK-PYTHON-JINJA2-40028:
- '*':
reason: >-
No remediation path available for CKAN2.3 (not compatible with Jinja > 2.6.0). Need to resolve moving to
CKAN2.8 for catalog (https://github.com/GSA/datagov-ckan-multi/issues/298). Local user needed to exploit
this issue, current user security enough to make risk acceptable.
expires: 2021-03-01T06:00:00.000Z
SNYK-PYTHON-JINJA2-174126:
- '*':
reason: >-
No remediation path available for CKAN2.3 (not compatible with Jinja > 2.6.0). Need to resolve moving to
CKAN2.8 for catalog (https://github.com/GSA/datagov-ckan-multi/issues/298). Forms for data.gov only
accessible to government users, risk is acceptable.
expires: 2021-03-01T06:00:00.000Z
SNYK-PYTHON-WEBOB-40490:
- '*':
reason: >-
No remediation path available for CKAN2.3 (not compatible with webob > 1.0.8). Need to resolve moving to
CKAN2.8 for catalog (https://github.com/GSA/datagov-ckan-multi/issues/298)
expires: 2021-03-01T06:00:00.000Z
SNYK-PYTHON-PIP-609855:
- '*':
reason: >-
Defunct issue, installed pip is 20.0.2 (confirmed locally and on server systems). Not actually an issue.
expires: 2021-03-01T06:00:00.000Z
SNYK-PYTHON-SOLRPY-598893:
- '*':
reason: >-
No remediation path available, and eval function is not used. Upstream uses pysolr, which will resolve
the issue.
expires: 2021-02-23T06:00:00.000Z
SNYK-PYTHON-URLLIB3-1014645:
- '*':
reason: >-
No remediation path available for CKAN2.3 (not compatible with urllib3 > 1.24). Need to resolve moving to
CKAN2.8 for catalog (https://github.com/GSA/datagov-ckan-multi/issues/298). `method` parameter is not
utilized for any user input value, risk is acceptable.
expires: 2021-02-23T06:00:00.000Z
patch: {}