Vulnerablities not getting overidden : set-value:0.2.0

[kvy1kor]

Hello Team,

i have written the resolutions for vulnerablities and rule_violations inside my .ort.yml file as mentioned below.

But the overide information is not working for vulnerbalities and but it's only taking rule_violations as input.

.ort.yml file

resolutions:
  vulnerabilities:
  - id: "GHSA-4jqc-8m5r-9rpr"
    reason: "INEFFECTIVE_VULNERABILITY"
    comment: "GHSA-4jqc-8m5r-9rpr is a false positive"
  rule_violations:
  - message: ".*NPM::konyvtar-js:1.5.1.*"
    reason: "CANT_FIX_EXCEPTION"
    comment: "A comment further explaining why the reason above is applicable."  

Component Used : set-value:0.2.0

Could someone look into it and provide the feedback.

Thank You,

[kvy1kor]

Hello Team,

Could someone look into it and provide the feedback.

Thank You, Kavya B S

[sschuberth]

Hi @kvy1kor,

please understand that, despite this project being used in production by many commercial adopters, the maintainer team is a group of volunteers. As such we cannot always respond to issues within a few days only due to other day-job duties.

If you need commercial-grade support for ORT, there are a few companies that offer this by now. Feel free to reach out to me privately in case you're interested.

[kvy1kor]

Hello @sschuberth, Thank you very much for your response.

[sschuberth]

@tsteenbe offered to try reproducing the issue.

[sschuberth]

@tsteenbe offered to try reproducing the issue.

Do we have any update here @tsteenbe? Is the issue still reproducible with the latest ORT release @kvy1kor?

[sschuberth]

Is this issue reproducible by anyone using ORT 66.0.1?