-
Notifications
You must be signed in to change notification settings - Fork 366
/
Copy pathosv-scanner.toml
25 lines (21 loc) · 1015 Bytes
/
osv-scanner.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
# See repository root `osv-scanner.toml` for instructions and rules for this file.
# PostCSS line return parsing error
[[IgnoredVulns]]
id = "CVE-2023-44270" # GHSA-7fh5-64p2-3v2j
ignoreUntil = 2025-03-05
reason = "This project does not use PostCSS to parse untrusted CSS"
# braces: Uncontrolled resource consumption
[[IgnoredVulns]]
id = "CVE-2024-4068" # GHSA-grv7-fg5c-xmjg
ignoreUntil = 2025-03-05
reason = "This package is only used to match paths from either us or trusted libraries"
# micromatch (dev): Regular Expression Denial of Service (ReDoS) in micromatch
[[IgnoredVulns]]
id = "CVE-2024-4067" # GHSA-952p-6rrq-rcjv
ignoreUntil = 2025-02-23
reason = "This is just a dev dependency, and we don't have untrusted input to micromatch there"
# node-gettext: Prototype Pullution via the addTranslations function
[[IgnoredVulns]]
id = "CVE-2024-21528" # GHSA-g974-hxvm-x689
ignoreUntil = 2025-04-17
reason = "There is no fix yet and we don't send untrusted input to the first argument of addTranslations"