Merge pull request #5024 from oasisprotocol/ptrus/internal/nancy-ignore

go: Ignore CVE-2022-44797 until tendermint uses newer btcd
oasisprotocol · Nov 8, 2022 · af58921 · af58921
2 parents c3243ac + 53e8a0c
commit af58921
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 1 deletion.
diff --git a/.changelog/5024.internal.md b/.changelog/5024.internal.md
@@ -0,0 +1 @@
+go: Ignore CVE-2022-44797 until tendermint uses newer btcd
diff --git a/go/.nancy-ignore b/go/.nancy-ignore
@@ -1,2 +1,2 @@
 CVE-2022-30591 # quic-go resource exhaustion through 0.27.0, 0.27.1 imported, false positive?
-sonatype-2022-3945 # remove after upgrade to go-libp2p 0.21.0
+CVE-2022-44797 # remove once tendermint uses btcd above or 0.23.2
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		go: Ignore CVE-2022-44797 until tendermint uses newer btcd