.grype.yaml

---
ignore:
  # These vulnerabilities are disputed or awaiting analysis by the NumPy, Scikit-learn, or Python communities
  - vulnerability: CVE-2020-13092
  - vulnerability: CVE-2021-41495
  - vulnerability: CVE-2021-41496
  - vulnerability: CVE-2015-20107

  # These vulnerabilities pertain to the Docker engine (or proprietary distributions), but only the Python client is included in the images
  - vulnerability: CVE-2017-7297
  - vulnerability: CVE-2019-13139
  - vulnerability: CVE-2019-13509
  - vulnerability: CVE-2019-16884
  - vulnerability: CVE-2019-5736

# This vulnerability is fixed in JupyterLab 3.2.0, but was still flagged after we moved to that version
  - vulnerability: CVE-2021-32797

# These vulnerabilities are fixed in newer versions of TensorFlow, but not in 1.15 which is out of maintenance and no longer our default
  - vulnerability: GHSA-2r8p-fg3c-wcj4
  - vulnerability: GHSA-4xfp-4pfp-89wg
  - vulnerability: GHSA-5xwc-mrhx-5g3m
  - vulnerability: GHSA-6gv8-p3vj-pxvr
  - vulnerability: GHSA-6p5r-g9mq-ggh2
  - vulnerability: GHSA-7fvx-3jfc-2cpc
  - vulnerability: GHSA-8pmx-p244-g88h
  - vulnerability: GHSA-9c8h-vvrj-w2p8
  - vulnerability: GHSA-c5x2-p679-95wc
  - vulnerability: GHSA-c9qf-r67m-p7cg
  - vulnerability: GHSA-cgfm-62j4-v4rf
  - vulnerability: GHSA-cwv3-863g-39vx
  - vulnerability: GHSA-f5cx-5wr3-5qrc
  - vulnerability: GHSA-f8h4-7rgh-q2gm
  - vulnerability: GHSA-fcwc-p4fc-c5cc
  - vulnerability: GHSA-g25h-jr74-qp5j
  - vulnerability: GHSA-g8wg-cjwc-xhhp
  - vulnerability: GHSA-gh6x-4whr-2qv4
  - vulnerability: GHSA-h4pc-gx2w-f2xv
  - vulnerability: GHSA-hpv4-7p9c-mvfr
  - vulnerability: GHSA-hwr7-8gxx-fj5p
  - vulnerability: GHSA-jf7h-7m85-w2v2
  - vulnerability: GHSA-m7fm-4jfh-jrg6
  - vulnerability: GHSA-q3g3-h9r4-prrc
  - vulnerability: GHSA-qr82-2c78-4m8h
  - vulnerability: GHSA-r4c4-5fpq-56wg
  - vulnerability: GHSA-r6jx-9g48-2r5r
  - vulnerability: GHSA-v768-w7m9-2vmm
  - vulnerability: GHSA-v82p-hv3v-p6qp
  - vulnerability: GHSA-w4xf-2pqw-5mq7
  - vulnerability: GHSA-w74j-v8xh-3w5h
  - vulnerability: GHSA-wp77-4gmm-7cq8
  - vulnerability: GHSA-374m-jm66-3vj8
  - vulnerability: GHSA-3rcw-9p9x-582v
  - vulnerability: GHSA-49rx-x2rw-pc6f
  - vulnerability: GHSA-4f99-p9c2-3j8x
  - vulnerability: GHSA-57wx-m983-2f88
  - vulnerability: GHSA-7pxj-m4jf-r6h2
  - vulnerability: GHSA-cqv6-3phm-hcwx
  - vulnerability: GHSA-f54p-f6jp-4rhr
  - vulnerability: GHSA-fr77-rrx3-cp7g
  - vulnerability: GHSA-j86v-p27c-73fm
  - vulnerability: GHSA-m342-ff57-4jcc
  - vulnerability: GHSA-pgcq-h79j-2f69
  - vulnerability: GHSA-rg3m-hqc5-344v
  - vulnerability: GHSA-vwhq-49r4-gj9v

# These vulnerabilities are fixed in newer versions of TensorFlow, but not in 2.4 which is out of maintenance and no longer our default
  - vulnerability: GHSA-8jj7-5vxc-pg2q
  - vulnerability: GHSA-98p5-x8x4-c9m5
  - vulnerability: GHSA-9c78-vcq7-7vxq
  - vulnerability: GHSA-9gwq-6cwj-47h3
  - vulnerability: GHSA-c6fh-56w7-fvjw
  - vulnerability: GHSA-h6gw-r52c-724r
  - vulnerability: GHSA-pfjj-m3jj-9jc9
  - vulnerability: GHSA-q85f-69q7-55h2
  - vulnerability: GHSA-qx3f-p745-w4hr
  - vulnerability: GHSA-vjg4-v33c-ggc4
  - vulnerability: GHSA-wc4g-r73w-x8mm
  - vulnerability: GHSA-23hm-7w47-xw72
  - vulnerability: GHSA-247x-2f9f-5wp7
  - vulnerability: GHSA-24x4-6qmh-88qg
  - vulnerability: GHSA-43q8-3fv7-pr5x
  - vulnerability: GHSA-44qp-9wwf-734r
  - vulnerability: GHSA-4hvf-hxvg-f67v
  - vulnerability: GHSA-5qw5-89mw-wcg2
  - vulnerability: GHSA-6gmv-pjp9-p8w8
  - vulnerability: GHSA-77gp-3h4r-6428

# These vulnerabilities are found in ROCm-specific tools and will not be addressed at this time
  - vulnerability: GHSA-47wv-vhj2-g66m
  - vulnerability: GHSA-8c5j-9r9f-c6w8
  - vulnerability: GHSA-53qw-q765-4fww
  - vulnerability: GHSA-v6rh-hp5x-86rv
  - vulnerability: GHSA-8vj2-vxx3-667w
  - vulnerability: GHSA-9j59-75qj-795w
  - vulnerability: GHSA-pw3c-h7wp-cvhx
  - vulnerability: GHSA-p5w8-wqhj-9hhf
  - vulnerability: GHSA-p737-p57g-4cpr