fix(security): Ignore Go stdlib CVEs in oven/bun base image

Strehk · claude · Strehk · commit 1deb0ce55111 · 2026-02-16T11:08:30.000+01:00
Add CVE-2025-68121 (crypto/tls session resumption) and CVE-2025-61730 (TLS 1.3 handshake) to .trivyignore. These are Go stdlib vulnerabilities in the oven/bun Docker base image and are not exploitable in this Node.js/Bun application. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
diff --git a/.trivyignore b/.trivyignore
@@ -16,3 +16,5 @@ CVE-2025-68973
 # Go stdlib vulnerabilities from oven/bun base image - not exploitable in Node.js/Bun app
 CVE-2025-61726
 CVE-2025-61728
+CVE-2025-68121
+CVE-2025-61730
