Merge branch 'main' into dependabot/pip/pip-licenses-5.5.1

anthony-nhs · web-flow · commit c16a84992394 · 2026-02-02T19:50:41.000Z
diff --git a/.trivyignore.yaml b/.trivyignore.yaml
@@ -4,3 +4,6 @@ vulnerabilities:
       - "package-lock.json"
     statement: downstream dependency for tar - waiting for new npm release
     expired_at: 2026-06-01
+  - id: CVE-2026-25128
+    statement: fast-xml-parser vulnerability accepted as risk - dependency of aws-sdk/client-dynamodb
+    expired_at: 2026-03-01
