Skip to content

Commit

Permalink
[Unticketed] Ignore vulnerability for issue fixed in upcoming Python …
Browse files Browse the repository at this point in the history 
…release (#3422)

### Time to review: __1 mins__

## Changes proposed
Ignore vulnerability https://nvd.nist.gov/vuln/detail/CVE-2024-12254

## Context for reviewers
Grype is saying it wants us to upgrade to python 3.14a which releases in
October and is not yet prod ready

The fix is also in 3.13, but not yet released (should be February)
  • Loading branch information
@chouinar
chouinar authored Jan 7, 2025
1 parent afa02d7 commit 671dcf0
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions .grype.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,3 +28,6 @@ ignore:
# Last Checked: Dec 19th, 2024
- vulnerability: GHSA-v778-237x-gjrc
- vulnerability: GHSA-w32m-9786-jp63
# Issue with asyncio library in Python, should be fixed
# in 3.13.2 (early February 2025)
- vulnerability: CVE-2024-12254

0 comments on commit 671dcf0

Please sign in to comment.