mastodon/.bundler-audit.yml

---
ignore:
  # devise-two-factor advisory about brute-forcing TOTP
  # We have rate-limits on authentication endpoints in place (including second
  # factor verification) since Mastodon v3.2.0
  - CVE-2024-0227
  # devise-two-factor advisory about generated secrets being weaker than expected
  # We call `generate_otp_secret` ourselves with a requested length of 32 characters,
  # which exceeds the recommended remediation of 26 characters, so we're safe
  - CVE-2024-8796
Ignore the devise-two-factor advisory as we have rate limits in place (#28733) 2024-01-15 19:45:48 +09:00			`---`
			`ignore:`
			`# devise-two-factor advisory about brute-forcing TOTP`
			`# We have rate-limits on authentication endpoints in place (including second`
			`# factor verification) since Mastodon v3.2.0`
			`- CVE-2024-0227`
Ignore CVE-2024-8796, which does not impact us 2024-09-27 21:31:00 +09:00			`# devise-two-factor advisory about generated secrets being weaker than expected`
			# We call `generate_otp_secret` ourselves with a requested length of 32 characters,
			`# which exceeds the recommended remediation of 26 characters, so we're safe`
			`- CVE-2024-8796`