Ignore github.com/coredns/coredns vulnerability

Bumping to a fixed version requires bumping Go and K8s versions as well which are problematic in a dot release. Signed-off-by: Tom Pantelis <[email protected]>
submariner-io · Oct 2, 2024 · 8be4ac7 · 8be4ac7
1 parent 95434cd
commit 8be4ac7
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/.grype.yaml b/.grype.yaml
@@ -10,3 +10,8 @@ ignore:
   - vulnerability: CVE-2021-22570
     package:
       name: google.golang.org/protobuf
+  # Bumping to a fixed version requires bumping Go and K8s versions as well which
+  # are problematic in a dot release.
+  - vulnerability: GHSA-hfmw-7g3m-gj6q
+    package:
+      name: github.com/coredns/coredns