minder icon indicating copy to clipboard operation
minder copied to clipboard
verified publisher icon stacklok

The OSV evaluator should allow ignoring CVEs

Open jhrozek opened this issue 1 year ago • 1 comments

Some packages have CVEs that will never be fixed. This might mean that updates bumping that package as a dep would perpetually be marked as changes requested by minder.

We should extend the OSV evaluator to allow for ignoring CVEs.

jhrozek avatar Jul 24 '24 07:07 jhrozek

Will revisit once we refactor our OSV rule.

mesembria avatar Nov 19 '24 14:11 mesembria