From 660362b3e5ff59158260803132ee20c80b2d4f27 Mon Sep 17 00:00:00 2001
From: Eric Fried <efried@redhat.com>
Date: Thu, 5 Sep 2024 10:55:12 -0500
Subject: [PATCH] Snyk: Ignore azidentity

Ignore https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMAZUREAZURESDKFORGOSDKAZIDENTITY-7246767

This is a Moderate CVE, fixed in mce-2.6 and later, thus deemed
acceptable to disregard since it would be difficult to resolve.

HIVE-2532
---
 .snyk | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.snyk b/.snyk
index 223fceea557..1573f31d6d2 100644
--- a/.snyk
+++ b/.snyk
@@ -6,3 +6,7 @@ exclude:
     - vendor/**
     - apis/vendor/**
     - "**/*_test.go"
+ignore:
+  'SNYK-GOLANG-GITHUBCOMAZUREAZURESDKFORGOSDKAZIDENTITY-7246767':
+  - '* > github.com/Azure/azure-sdk-for-go/sdk/azidentity':
+    reason: 'Updated azidentity lib incompatible with vendored installer code; and revendoring is hard here; and this is fixed in mce-2.6 and later, which is acceptable for a Moderate issue.'