build: ignore testng vulnerability false positive

padamstx · padamstx · commit 80824d049853 · 2023-01-04T14:38:50.000-05:00
Signed-off-by: Phil Adams &lt;phil_adams@us.ibm.com&gt;
diff --git a/.cra/.cveignore b/.cra/.cveignore
@@ -1,2 +1,7 @@
 [
+    {
+        "cve": "SNYK-JAVA-ORGTESTNG-3040285",
+        "alwaysOmit": true,
+        "comment": "The 'Zip Slip' vulnerability does not apply to this project because we merely use TestNG to execute testcases during our maven build, and we do not deliver a jar containing test classes."
+    }
 ]

Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,7 @@`
`1`	`1`	`[`
	`2`	`+ {`
	`3`	`+ "cve": "SNYK-JAVA-ORGTESTNG-3040285",`
	`4`	`+ "alwaysOmit": true,`
	`5`	`+ "comment": "The 'Zip Slip' vulnerability does not apply to this project because we merely use TestNG to execute testcases during our maven build, and we do not deliver a jar containing test classes."`
	`6`	`+ }`
`2`	`7`	`]`