.snyk

# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.13.5
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
  SNYK-PYTHON-BEAKER-575115:
    - '*':
        reason: >-
          No remediation available yet; Not affecting us since the storage is not accessible to any other client
        expires: 2021-01-10T06:00:00.000Z
  SNYK-PYTHON-SQLALCHEMY-173678:
    - '*':
        reason: >-
          No remediation path available for CKAN2.3 (not compatible with Alchemy > 1.x). Need to resolve moving to
          CKAN2.8 for inventory (https://github.com/GSA/datagov-deploy/issues/993). Reviewed group_by and order_by
          usage manually, all user input sanitized.
        expires: 2020-11-14T06:00:00.000Z
  SNYK-PYTHON-SQLALCHEMY-590109:
    - '*':
      reason: >-
        No remediation path available for CKAN2.3 (not compatible with SQLALCHEMY > 2.7.x). Need to resolve moving to
        CKAN2.8 for catalog (https://github.com/GSA/datagov-ckan-multi/issues/298). Reviewed group_by and order_by
        usage manually, all user input sanitized.
      expires: 2020-11-27T06:00:00.000Z
  SNYK-PYTHON-PYYAML-590151:
    - '*':
      reason: >-
        There is no fix for PyYaml at this time. Currently, also uses for pyyaml call the safe_load or safe_load_all functions.
      expires: 2020-11-27T06:00:00.000Z
  SNYK-PYTHON-IPADDRESS-590065:
    - '*':
      reason: >-
        Fix not available. No known usage of this library inside the CKAN app or it's extensions.
      expires: 2020-12-16T06:00:00.000Z
  SNYK-PYTHON-PIP-609855:
    - '*':
      reason: >-
        Defunct issue, installed pip is 20.0.2 (confirmed locally and on server systems). Not actually an issue.
      expires: 2021-03-01T06:00:00.000Z
  SNYK-PYTHON-SOLRPY-598893:
    - '*':
      reason: >-
        No remediation path available, and eval function is not used. Upstream uses pysolr, which will resolve the issue.
      expires: 2020-11-17T06:00:00.000Z
patch: {}