From e786ff801e3f35310f0b514205261407eac62fc1 Mon Sep 17 00:00:00 2001
From: Michael Crenshaw <michael@crenshaw.dev>
Date: Thu, 28 Jul 2022 13:28:19 -0400
Subject: [PATCH] chore: ignore CVE-2022-0624 - not exploitable in Argo CD
 (#10128)

Signed-off-by: CI <michael@crenshaw.dev>
---
 .snyk | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/.snyk b/.snyk
index 61286b6338..1f49cbe7b8 100644
--- a/.snyk
+++ b/.snyk
@@ -28,5 +28,13 @@ ignore:
     - '*':
         reason: >-
           Code is only run client-side. No risk of arbitrary file upload.
+  SNYK-JS-PARSEPATH-2936439:
+    - '*':
+        reason: >-
+          The issue is that, for specific URLs, parse-path may incorrectly identify the "resource" (domain name)
+          portion. For example, in "http://127.0.0.1#@example.com", it identifies "example.com" as the "resource".
+
+          We use parse-path on the client side, but permissions for git URLs are checked server-side. This is a
+          potential usability issue, but it is not a security issue.
 patch: {}