From ff57a80c02bfe5a40a434ca7ae1ca4de48c3c1a5 Mon Sep 17 00:00:00 2001
From: "kai [they]" <coilysiren@gmail.com>
Date: Mon, 28 Oct 2024 09:50:26 -0700
Subject: [PATCH] [Issue #2582] Ignore CVEs in upstream golang CLI (#2606)

## Summary

Relates to #2582

### Time to review: __1 mins__

## Changes proposed

Ignores the CVE originally found in
https://github.com/HHS/simpler-grants-gov/pull/2572
---
 .grype.yml         | 5 +++++
 analytics/Makefile | 1 +
 2 files changed, 6 insertions(+)

diff --git a/.grype.yml b/.grype.yml
index 917b19b09..5f44af0d0 100644
--- a/.grype.yml
+++ b/.grype.yml
@@ -18,3 +18,8 @@ ignore:
   - fix-state: not-fixed
   - fix-state: wont-fix
   - fix-state: unknown
+
+  # https://github.com/HHS/simpler-grants-gov/issues/2582
+  - vulnerability: CVE-2024-34158
+  - vulnerability: CVE-2024-34156
+  - vulnerability: CVE-2024-34155
diff --git a/analytics/Makefile b/analytics/Makefile
index 34fff47be..1b22a9452 100644
--- a/analytics/Makefile
+++ b/analytics/Makefile
@@ -200,3 +200,4 @@ percent-complete:
 sprint-reports: sprint-burndown percent-complete
 
 sprint-reports-with-latest-data: gh-data-export sprint-reports
+