ignore nancy warning

2025-11-04 01:15:14 +00:00 · 2023-02-24 21:16:17 +10:00
parent 83e432793b
commit 0eeed1695c
1 changed files with 4 additions and 14 deletions
--- a/backend/.nancy-ignore
+++ b/backend/.nancy-ignore
@@ -1,41 +1,31 @@
 # If you need to ignore any of nancy's warnings add them
-
 # here with a reference to the package/version that
-
 # triggers them and rational for ignoring it.
-
 # pkg:golang/github.com/coreos/etcd@3.3.10
-
 # etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation
-
 CVE-2020-15115

 # pkg:golang/github.com/coreos/etcd@3.3.10
-
 # In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records
-
 CVE-2020-15136

 # pkg:golang/github.com/coreos/etcd@3.3.10
-
 # In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access
-
 CVE-2020-15114

 # pkg:golang/github.com/gorilla/websocket@1.4.0
-
 # Integer Overflow or Wraparound
-
 CWE-190

 # jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrict...
-
 CVE-2020-26160

 # https://ossindex.sonatype.org/vulnerability/sonatype-2021-1485
-
 sonatype-2021-1485

 # CWE-770: Allocation of Resources Without Limits or Throttling
-
 CVE-2022-41717
+CVE-2022-41723
+
+# CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')
+CVE-2022-41723