email-notifier/.grype.yaml at main · mojaloop/email-notifier · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
scan-type: source
ignore:
  - vulnerability: CVE-2025-60876
    include-aliases: true
    reason: "Alpine base image package (apk): busybox - no npm fix available as of 2026-02-06 (moderate severity)"
  - vulnerability: GHSA-34x7-hfp2-rc4v
    include-aliases: true
    reason: >-
      tar 6.2.1/7.4.3 bundled inside npm in Node.js Docker image (node:22.22.0-alpine3.23) - not an application
      dependency, no npm fix available as of 2026-02-10
  - vulnerability: GHSA-r6q2-hw4h-h46w
    include-aliases: true
    reason: >-
      tar 6.2.1/7.4.3 bundled inside npm in Node.js Docker image (node:22.22.0-alpine3.23) - not an application
      dependency, no npm fix available as of 2026-02-10
  - vulnerability: GHSA-8qq5-rm4j-mr97
    include-aliases: true
    reason: >-
      tar 6.2.1/7.4.3 bundled inside npm in Node.js Docker image (node:22.22.0-alpine3.23) - not an application
      dependency, no npm fix available as of 2026-02-10
  - vulnerability: GHSA-3ppc-4f35-3m26
    include-aliases: true
    reason: >-
      Base image npm package: minimatch - bundled in Node.js base image, not fixable via application dependencies as of
      2026-02-23 (high severity)
  - vulnerability: GHSA-83g3-92jg-28cx
    include-aliases: true
    reason: >-
      Base image npm package: tar - bundled in Node.js base image, not fixable via application dependencies as of
      2026-02-23 (high severity)
  - vulnerability: GHSA-73rr-hh4g-fpgx
    include-aliases: true
    reason: >-
      Base image npm package: diff - bundled in Node.js base image, not fixable via application dependencies as of
      2026-02-23 (low severity)
  - vulnerability: CVE-2026-27171
    include-aliases: true
    reason: "Alpine base image package (apk): zlib - no npm fix available as of 2026-02-23 (moderate severity)"
  - vulnerability: GHSA-87r5-mp6g-5w5j
    include-aliases: true
    reason: "Unfixable npm transitive vulnerability: jsonpath (high severity) as of 2026-02-23"
  - vulnerability: GHSA-2g4f-4pwh-qvx6
    include-aliases: true
    reason: "Unfixable npm transitive vulnerability: unknown (unknown severity) as of 2026-02-23"
output:
  - table
  - json
search:
  scope: squashed
quiet: false
check-for-app-update: false