mastodon/.bundler-audit.yml

10 lines
476 B
YAML

---
ignore:
# devise-two-factor advisory about brute-forcing TOTP
# We have rate-limits on authentication endpoints in place (including second
# factor verification) since Mastodon v3.2.0
- CVE-2024-0227
# devise-two-factor advisory about generated secrets being weaker than expected
# We call `generate_otp_secret` ourselves with a requested length of 32 characters,
# which exceeds the recommended remediation of 26 characters, so we're safe
- CVE-2024-8796