Merge branch 'extend-vulnerability-ignores'

mullvad · Dec 5, 2024 · 5b6974b · 5b6974b
2 parents 4f02031 + a703a20
commit 5b6974b
Showing 1 changed file with 2 additions and 8 deletions.
diff --git a/desktop/osv-scanner.toml b/desktop/osv-scanner.toml
@@ -1,21 +1,15 @@
 # See repository root `osv-scanner.toml` for instructions and rules for this file.
 
-# yargs-parser Vulnerable to Prototype Pollution
-[[IgnoredVulns]]
-id = "CVE-2020-7608" # GHSA-p9pc-299p-vxgp
-ignoreUntil = 2024-12-05
-reason = "This package is only used to parse commands run by either us or trusted libraries"
-
 # PostCSS line return parsing error
 [[IgnoredVulns]]
 id = "CVE-2023-44270" # GHSA-7fh5-64p2-3v2j
-ignoreUntil = 2024-12-05
+ignoreUntil = 2025-03-05
 reason = "This project does not use PostCSS to parse untrusted CSS"
 
 # braces: Uncontrolled resource consumption
 [[IgnoredVulns]]
 id = "CVE-2024-4068" # GHSA-grv7-fg5c-xmjg
-ignoreUntil = 2024-12-05
+ignoreUntil = 2025-03-05
 reason = "This package is only used to match paths from either us or trusted libraries"
 
 # micromatch (dev): Regular Expression Denial of Service (ReDoS) in micromatch