chore(security): ignore newly reported base CVEs

miragecentury · miragecentury · commit 03ebc653812d · 2026-04-25T17:16:03.000+02:00
Track newly reported Go/base vulnerabilities in .trivyignore with expiration
while waiting for upstream runner and bundled binaries to be refreshed.

Made-with: Cursor
diff --git a/.trivyignore b/.trivyignore
@@ -66,3 +66,7 @@ CVE-2026-34040 exp:2026-08-19
 CVE-2026-33747 exp:2026-08-19
 CVE-2026-33748 exp:2026-08-19
 CVE-2025-15558 exp:2026-08-19
+CVE-2026-32281 exp:2026-08-19
+CVE-2026-32283 exp:2026-08-19
+CVE-2026-33810 exp:2026-08-19
+CVE-2026-35469 exp:2026-08-19
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,8 @@
 
 ### Fixed
 
+* **security:** add temporary ignores for newly reported Go/base CVEs (`CVE-2026-32281`, `CVE-2026-32283`, `CVE-2026-33810`, `CVE-2026-35469`) with reevaluation expiry
+
 ## [1.2.1](https://github.com/DeerHide/python-github-runner/compare/v1.2.0...v1.2.1) (2026-04-25)
 
 ### Added
