chore: ignore semver vuln since snyk advisory has not been updated ye…

…t with the new backported patches (#557)
mongodb-js · Jul 12, 2023 · 5f0e8ee · 5f0e8ee
1 parent 82fddb0
commit 5f0e8ee
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 0 deletions.
diff --git a/.prettierignore b/.prettierignore
@@ -13,3 +13,4 @@ syntaxes
 CHANGELOG.md
 README.md
 constants.json
+.sbom
diff --git a/.snyk b/.snyk
@@ -0,0 +1,10 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.25.0
+# ignores vulnerabilities until expiry date; change duration by modifying expiry date
+ignore:
+  SNYK-JS-SEMVER-3247795:
+    - '*':
+        reason: "Security patches released for semver 5.x (5.7.2) and 6.x (6.3.1) are not yet known to Snyk which is why we would like to ignore this vulnerability until the mentioned expiry."
+        expires: 2023-08-11T09:00:55.553Z
+        created: 2023-07-12T09:00:55.557Z
+patch: {}