From 958f14435e543f5116bd740ef67fce04c2fa9e62 Mon Sep 17 00:00:00 2001
From: Elim Tsiagbey <elim.tsiagbey@hashicorp.com>
Date: Wed, 29 Jan 2025 12:20:49 -0500
Subject: [PATCH] ci(security-scanner): Suppress GO-2025-3408 (#5493)

* ci(security-scanner): Suppress GO-2025-3408

There is currently not a fix for GO-2025-3408. Adding the vulnerability to the suppress list for now

The issue to address the vulnerability is currently open: https://github.com/hashicorp/yamux/issues/142
---
 .release/security-scan.hcl | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/.release/security-scan.hcl b/.release/security-scan.hcl
index 981e3b7605..87e61bbf5e 100644
--- a/.release/security-scan.hcl
+++ b/.release/security-scan.hcl
@@ -23,4 +23,14 @@ binary {
 	osv          = true
 	oss_index    = true
 	nvd          = true
+
+	# Triage items that are _safe_ to ignore here. Note that this list should be
+	# periodically cleaned up to remove items that are no longer found by the scanner.
+	triage {
+		suppress {
+			vulnerabilities = [
+				"GO-2025-3408", # yamux@v0.1.1
+			]
+		}
+	}
 }