kubernetes-monitor/.snyk at staging · snyk/kubernetes-monitor · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.25.1
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
  SNYK-RHEL9-GNUPG2-15127565:
    - '*':
        reason: >-
          Red Hat marks CVE-2026-24881 as "Not affected" for the RHEL 9 gnupg2
          RPM — no RHSA will be issued. See
          https://access.redhat.com/security/cve/CVE-2026-24881
        expires: 2026-11-14T12:00:00.000Z
        created: 2026-01-28T21:21:29.840Z
  SNYK-RHEL9-GNUPG2-15127613:
    - '*':
        reason: >-
          Red Hat marks CVE-2026-24882 as "Not affected" for the RHEL 9 gnupg2
          RPM — no RHSA will be issued. See
          https://access.redhat.com/security/cve/CVE-2026-24882
        expires: 2026-11-14T12:00:00.000Z
        created: 2026-01-28T21:21:43.745Z
  SNYK-RHEL9-VIMMINIMAL-15884750:
    - '*':
        reason: >-
          Red Hat marks CVE-2026-34714 as "Not affected" for the RHEL 9 vim
          RPM — no RHSA will be issued. See
          https://access.redhat.com/security/cve/CVE-2026-34714
        expires: 2026-11-14T12:00:00.000Z
        created: 2026-04-07T12:00:00.000Z
  SNYK-RHEL9-PYTHON3PIPWHEEL-14916305:
    - '*':
        reason: >-
          CVE-2024-47081 - Red Hat has assessed this advisory as not relevant
          for RHEL 9. The vulnerability does not affect this distribution.
  SNYK-RHEL9-PYTHON311PIPWHEEL-14916327:
    - '*':
        reason: >-
          Same vulnerability class as SNYK-RHEL9-PYTHON3PIPWHEEL-14916305 but
          for the python3.11 RPM we install for gcloud (Python 3.9 is past
          EOL for the gcloud CLI). Red Hat assesses this advisory as not
          relevant for RHEL 9; the vulnerability does not affect this
          distribution.
  SNYK-RHEL9-TAR-15041307:
    - '*':
        reason: >-
          Likely Snyk misclassification: CVE-2026-23950 is a node-tar (npm)
          vulnerability and Red Hat marks the RHEL 9 GNU tar RPM as "Not
          affected" — no RHSA will be issued. The npm-side issue is tracked
          separately via SNYK-JS-TAR-*. See
          https://access.redhat.com/security/cve/CVE-2026-23950
        expires: 2026-11-14T12:00:00.000Z
        created: 2026-01-28T18:27:07.114Z
  SNYK-RHEL9-TAR-15041355:
    - '*':
        reason: >-
          Likely Snyk misclassification: CVE-2026-23745 is a node-tar (npm)
          vulnerability and Red Hat marks the RHEL 9 GNU tar RPM as "Not
          affected" — no RHSA will be issued. The npm-side issue is tracked
          separately via SNYK-JS-TAR-*. See
          https://access.redhat.com/security/cve/CVE-2026-23745
        expires: 2026-11-14T12:00:00.000Z
        created: 2026-01-28T18:27:23.304Z
  SNYK-RHEL9-TAR-15145598:
    - '*':
        reason: >-
          Likely Snyk misclassification: CVE-2026-24842 is a node-tar (npm)
          vulnerability and Red Hat marks the RHEL 9 GNU tar RPM as "Not
          affected" — no RHSA will be issued. The npm-side issue is tracked
          separately via SNYK-JS-TAR-*. See
          https://access.redhat.com/security/cve/CVE-2026-24842
        expires: 2026-11-14T12:00:00.000Z
        created: 2026-01-29T16:33:39.950Z
patch: {}