From 7423bcb097c7ef60e1aafd01e0b2ef7c70f10eca Mon Sep 17 00:00:00 2001
From: Harvey Tuch <htuch@google.com>
Date: Sat, 5 Dec 2020 18:25:52 -0500
Subject: [PATCH] dependencies: allowlist CVE-2018-21270 to prevent false
 positives.

This does not relate to http-parser.

Signed-off-by: Harvey Tuch <htuch@google.com>
---
 tools/dependency/cve_scan.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/tools/dependency/cve_scan.py b/tools/dependency/cve_scan.py
index bf4570970d264..6496c8b7f561e 100755
--- a/tools/dependency/cve_scan.py
+++ b/tools/dependency/cve_scan.py
@@ -39,6 +39,9 @@
     'CVE-2020-8277',
     # gRPC issue that only affects Javascript bindings.
     'CVE-2020-7768',
+    # Node.js issue unrelated to http-parser, see
+    # https://github.com/mhart/StringStream/issues/7.
+    'CVE-2018-21270',
 ])
 
 # Subset of CVE fields that are useful below.