From eb152172432d1532720d5bf391795669ea411da8 Mon Sep 17 00:00:00 2001
From: Juan Antonio Osorio <ozz@stacklok.com>
Date: Thu, 10 Oct 2024 10:10:35 +0300
Subject: [PATCH] Add `CVE-2024-47534` to trivyignore file (#4712)

We're not vulnerable.

Signed-off-by: Juan Antonio Osorio <ozz@stacklok.com>
---
 .trivyignore | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.trivyignore b/.trivyignore
index bcc8029163..5dc4f55610 100644
--- a/.trivyignore
+++ b/.trivyignore
@@ -1,2 +1,5 @@
 # We don't use the affected constructs and thus are not vulnerable.
 CVE-2024-42473
+# We actually use go-tuf v2. v0.7.0 (which is vulnerable) is merely
+# a transitive dependency and we're not affected by the CVE.
+CVE-2024-47534