[tmp] Revert "Add vulnerability ignore rules"

corneliusludmann · corneliusludmann · commit 8fe8e9e8759c · 2025-05-08T09:39:41.000Z
This reverts commit d7bd126.
diff --git a/WORKSPACE.yaml b/WORKSPACE.yaml
@@ -33,18 +33,6 @@ provenance:
   slsa: true
 sbom:
   enabled: true
-  ignoreVulnerabilities:
-    - vulnerability: GHSA-fx4w-v43j-vc45
-      reason: |
-        This vulnerability in TypeORM's findOne / findOneOrFail functions can improperly interpret a crafted JSON object
-        and concatenate it into raw SQL, potentially allowing SQL injection attacks.
-
-        In Gitpod’s usage, TypeORM is not exposed to arbitrary user input. For example, DB migrations run preset queries;
-        the server/bridge code does not hand raw JSON from external sources to findOne. Therefore, there is no path for
-        injecting malicious JSON into a query, rendering the vulnerability non-exploitable.
-    - vulnerability: GHSA-2jcg-qqmg-46q6
-      reason: |
-        This is a false positive. See https://github.com/browserify/resolve/issues/303
 environmentManifest:
   - name: "go"
     command: ["sh", "-c", "go version | sed s/arm/amd/"]
