update ignore

Author: anthony-nhs

README.md

@@ -225,10 +225,12 @@ You can generate a .trivyignore file for known vulnerabilities by either downloa
 
 If generated locally, then the output goes into .out/scan_results_docker.json
 
-Once you have the scan output, use the following to generate a .trivyignore
+Once you have the scan output, use the following to generate a new .trivyignore file called .trivyignore.new.yaml. Note this will overwrite the output file when run so it should point to a new file and the contents merged with existing .trivyignore file
+
+
 ```
 poetry run python \
   scripts/trivy_to_trivyignore.py \
   --input .out/scan_results_docker.json \
-  --output src/common/.trivyignore.yaml 
+  --output src/common/.trivyignore.new.yaml 
 ```

src/projects/fhir_facade_api/.trivyignore.yaml

@@ -65,3 +65,23 @@ vulnerabilities:
     purls:
       - "pkg:deb/ubuntu/firefox@147.0.3%2Bbuild1-0ubuntu0.22.04.1~mt1?arch=arm64&distro=ubuntu-22.04"
     expired_at: 2026-08-13
+  - id: CVE-2022-25235
+    statement: "expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution"
+    purls:
+      - "pkg:deb/ubuntu/firefox@147.0.4%2Bbuild1-0ubuntu0.22.04.1~mt1?arch=arm64&distro=ubuntu-22.04"
+    expired_at: 2026-08-16
+  - id: CVE-2022-25236
+    statement: "expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute values can lead to arbitrary code execution"
+    purls:
+      - "pkg:deb/ubuntu/firefox@147.0.4%2Bbuild1-0ubuntu0.22.04.1~mt1?arch=arm64&distro=ubuntu-22.04"
+    expired_at: 2026-08-16
+  - id: CVE-2022-26485
+    statement: "Mozilla: Use-after-free in XSLT parameter processing"
+    purls:
+      - "pkg:deb/ubuntu/firefox@147.0.4%2Bbuild1-0ubuntu0.22.04.1~mt1?arch=arm64&distro=ubuntu-22.04"
+    expired_at: 2026-08-16
+  - id: CVE-2022-26486
+    statement: "Mozilla: Use-after-free in WebGPU IPC Framework"
+    purls:
+      - "pkg:deb/ubuntu/firefox@147.0.4%2Bbuild1-0ubuntu0.22.04.1~mt1?arch=arm64&distro=ubuntu-22.04"
+    expired_at: 2026-08-16