suppress CVE-2026-25646: fixed image not yet available

swibi-ttd · swibi-ttd · commit 32a7843cd3e3 · 2026-03-02T16:27:45.000+11:00
diff --git a/.trivyignore b/.trivyignore
@@ -14,4 +14,7 @@ CVE-2026-1584 exp:2026-08-27
 
 # jackson-core async parser DoS - not exploitable, services only use synchronous ObjectMapper API
 # See: UID2-6670
-GHSA-72hv-8253-57qq exp:2026-09-01
+GHSA-72hv-8253-57qq exp:2026-09-01
+
+# libpng heap buffer overflow in Alpine base image - fixed version not yet available in Alpine 3.23
+CVE-2026-25646 exp:2026-09-02
