Jason Woltje 8fbb8a387e fix(ci): suppress Next.js bundled tar/minimatch CVEs in trivy scan ...

Add CVE-2026-26960 (tar) and CVE-2026-26996 (minimatch) to .trivyignore.
These are embedded in next/dist/compiled/ and cannot be fixed via pnpm
overrides — requires upstream Next.js release with updated bundles.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-21 14:31:43 -06:00

2.2 KiB

Raw Blame History

View Raw