version: 1
exceptions:
  - package: xlsx
    advisory: "GHSA-4r6h-8v6p-xvw6"
    severity: high
    reason: "Admin export only; switched to dynamic import to reduce exposure (CVE-2023-30533)"
    mitigation: "Load only on export; restrict export permissions and data scope"
    expires_on: "2026-04-05"
    owner: "security@your-domain"
  - package: xlsx
    advisory: "GHSA-5pgg-2g8v-p4x9"
    severity: high
    reason: "Admin export only; switched to dynamic import to reduce exposure (CVE-2024-22363)"
    mitigation: "Load only on export; restrict export permissions and data scope"
    expires_on: "2026-04-05"
    owner: "security@your-domain"