6a90cbd27b
- Resolve critical fast-xml-parser DoS and entity expansion vulnerabilities - Resolve high minimatch ReDoS vulnerabilities - Resolve moderate ajv ReDoS vulnerabilities - Rebuild dist with patched dependencies - Ignore GHSA-g9mf-h72j-4rw9 (undici fetch only calls GitHub API)
15 lines
No EOL
419 B
TOML
15 lines
No EOL
419 B
TOML
[[IgnoredVulns]]
|
|
id = "GHSA-h5c3-5r3r-rr8q"
|
|
reason = "Untrusted headers are not processed"
|
|
|
|
[[IgnoredVulns]]
|
|
id = "GHSA-rmvr-2pp2-xj38"
|
|
reason = "Untrusted headers are not processed"
|
|
|
|
[[IgnoredVulns]]
|
|
id = "GHSA-xx4v-prfh-6cgc"
|
|
reason = "Untrusted headers are not processed"
|
|
|
|
[[IgnoredVulns]]
|
|
id = "GHSA-g9mf-h72j-4rw9"
|
|
reason = "undici fetch() is only used to call GitHub API; exploitation requires a malicious server" |