From 16f70232498ff146a818cdbf7fe952c65a435747 Mon Sep 17 00:00:00 2001
From: Kai Siren <kaisiren@navapbc.com>
Date: Mon, 28 Oct 2024 09:31:35 -0700
Subject: [PATCH 1/2] ignore CVE in upstream golang CLI

---
 .grype.yml         | 3 +++
 analytics/Makefile | 1 +
 2 files changed, 4 insertions(+)

diff --git a/.grype.yml b/.grype.yml
index 917b19b09..0d2aad70d 100644
--- a/.grype.yml
+++ b/.grype.yml
@@ -18,3 +18,6 @@ ignore:
   - fix-state: not-fixed
   - fix-state: wont-fix
   - fix-state: unknown
+
+  # https://github.com/HHS/simpler-grants-gov/issues/2582
+  - vulnerability: CVE-2024-34158
diff --git a/analytics/Makefile b/analytics/Makefile
index 34fff47be..1b22a9452 100644
--- a/analytics/Makefile
+++ b/analytics/Makefile
@@ -200,3 +200,4 @@ percent-complete:
 sprint-reports: sprint-burndown percent-complete
 
 sprint-reports-with-latest-data: gh-data-export sprint-reports
+

From 3035b0768243c8611153356651ee4faa668d0bd6 Mon Sep 17 00:00:00 2001
From: Kai Siren <kaisiren@navapbc.com>
Date: Mon, 28 Oct 2024 09:43:16 -0700
Subject: [PATCH 2/2] ignore related vulns

---
 .grype.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.grype.yml b/.grype.yml
index 0d2aad70d..5f44af0d0 100644
--- a/.grype.yml
+++ b/.grype.yml
@@ -21,3 +21,5 @@ ignore:
 
   # https://github.com/HHS/simpler-grants-gov/issues/2582
   - vulnerability: CVE-2024-34158
+  - vulnerability: CVE-2024-34156
+  - vulnerability: CVE-2024-34155