From 726b6e69f7f4184cca16571a6892580fc8f0a740 Mon Sep 17 00:00:00 2001
From: Jamie Curnow <jc@jc21.com>
Date: Tue, 8 Nov 2022 10:40:15 +1000
Subject: [PATCH] Skip acceptable vuln

---
 Jenkinsfile           |  2 +-
 backend/.nancy-ignore | 15 +++++++++++++++
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/Jenkinsfile b/Jenkinsfile
index 0f335d2b..421817eb 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -207,7 +207,7 @@ pipeline {
 	}
 	post {
 		always {
-			sh 'docker-compose down --rmi all --remove-orphans --volumes -t 30'
+			sh 'docker-compose down --rmi all --remove-orphans --volumes -t 30 || true'
 			sh './scripts/ci/build-cleanup'
 			echo 'Reverting ownership'
 			sh 'docker run --rm -v $(pwd):/data jc21/gotools:latest chown -R "$(id -u):$(id -g)" /data'
diff --git a/backend/.nancy-ignore b/backend/.nancy-ignore
index 5736e87a..dd8beafd 100644
--- a/backend/.nancy-ignore
+++ b/backend/.nancy-ignore
@@ -1,22 +1,37 @@
 # If you need to ignore any of nancy's warnings add them
+
 # here with a reference to the package/version that
+
 # triggers them and rational for ignoring it.
 
 # pkg:golang/github.com/coreos/etcd@3.3.10
+
 # etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation
+
 CVE-2020-15115
 
 # pkg:golang/github.com/coreos/etcd@3.3.10
+
 # In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records
+
 CVE-2020-15136
 
 # pkg:golang/github.com/coreos/etcd@3.3.10
+
 # In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access
+
 CVE-2020-15114
 
 # pkg:golang/github.com/gorilla/websocket@1.4.0
+
 # Integer Overflow or Wraparound
+
 CWE-190
 
 # jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrict...
+
 CVE-2020-26160
+
+# https://ossindex.sonatype.org/vulnerability/sonatype-2021-1485
+
+sonatype-2021-1485