From 3cc87514307034eb9886c7c2297fcd464266371c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C5=A0pa=C4=8Dek?= <mail@michalspacek.cz>
Date: Tue, 17 Dec 2024 12:20:23 +0100
Subject: [PATCH] Ignore bogus nette/database GHSA/CVE

Ignore https://github.com/advisories/GHSA-f626-677r-j5vq which is, per https://github.com/nette/database/issues/314, a documented and intended feature. The PoC repo and the article from the GHSA are now gone and the CVE itself (CVE-2024-55586) is disputed.
---
 .../AdvisorySources/GetAdvisoriesFromGithubApi.php               | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/Roave/SecurityAdvisories/AdvisorySources/GetAdvisoriesFromGithubApi.php b/src/Roave/SecurityAdvisories/AdvisorySources/GetAdvisoriesFromGithubApi.php
index 1147b97d..ff11361d 100644
--- a/src/Roave/SecurityAdvisories/AdvisorySources/GetAdvisoriesFromGithubApi.php
+++ b/src/Roave/SecurityAdvisories/AdvisorySources/GetAdvisoriesFromGithubApi.php
@@ -44,6 +44,7 @@ final class GetAdvisoriesFromGithubApi implements GetAdvisories
         'GHSA-cg28-v4wq-whv5', // @see https://phpc.social/@wouterj/113588554019692959
         // @see https://github.com/github/advisory-database/pull/5047, advisory is for the tarball version only
         'GHSA-j5g2-q29x-cw3h',
+        'GHSA-f626-677r-j5vq', // @see https://github.com/nette/database/issues/314
     ];
     private const GRAPHQL_QUERY      = 'query {
             securityVulnerabilities(ecosystem: COMPOSER, first: 100 %s) {