Ignore github.com/go-git/go-git/v5 vulnerabilities

This package is only used by tooling and bumping to a fixed version requires bumping the Go version. Signed-off-by: Tom Pantelis <tompantelis@gmail.com>
submariner-io · Jan 9, 2025 · 0754969 · 0754969
1 parent 752eddd
commit 0754969
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/.grype.yaml b/.grype.yaml
@@ -20,3 +20,9 @@ ignore:
   - vulnerability: GHSA-jw44-4f3j-q396
     package:
       name: helm.sh/helm/v3
+  - vulnerability: GHSA-r9px-m959-cxf4
+    package:
+      name: github.com/go-git/go-git/v5
+  - vulnerability: GHSA-v725-9546-7q7m
+    package:
+      name: github.com/go-git/go-git/v5