actions
/
toolkit
mirror of https://github.com/actions/toolkit
1
0
Fork 0
Code

Add parse-url to audit allow list

pull/1180/head
Francesco Renzi 2022-09-16 13:46:01 +00:00
parent e6257f1117
commit 0388e62759
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
scripts/audit-allow-list
View File

@ -54,6 +54,16 @@ const AUDIT_ALLOW_LIST = [
path: "lerna>@lerna/version>@lerna/conventional-commits>conventional-changelog-core>get-pkg-repo>meow>trim-newlines",
advisoryUrl: "https://www.npmjs.com/advisories/1753",
justification: "dependency of lerna (dev only); low severity"
},
{
path: "lerna>@lerna/version>@lerna/github-client>git-url-parse>git-up>parse-url",
advisoryUrl: "https://github.com/advisories/GHSA-j9fq-vwqv-2fm2",
justification: "dependency of lerna; moderate severity"
},
{
path: "lerna>@lerna/publish>@lerna/version>@lerna/github-client>git-url-parse>git-up>parse-url",
advisoryUrl: "https://github.com/advisories/GHSA-j9fq-vwqv-2fm2",
justification: "dependency of lerna; moderate severity"
}
]
@ -86,4 +96,4 @@ if (numVulnerabilities > 0) {
console.log(`Found ${numVulnerabilities} unrecognized vulnerabilit${pluralized} from \`npm audit\`:`)
console.log(JSON.stringify(remainingVulnerabilities, null, 2))
process.exit(1)
}
}