Skip to content

Commit 3a9abeb

Browse files
dinesh1patelgithub-actions[bot]
authored andcommitted
Auto-suppress CVEs
1 parent 12e3e9e commit 3a9abeb

1 file changed

Lines changed: 2 additions & 0 deletions

File tree

yarn-audit-known-issues

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,5 @@
1+
{"value":"lodash","children":{"ID":1115806,"Issue":"lodash vulnerable to Code Injection via `_.template` imports key names","URL":"https://github.com/advisories/GHSA-r5fr-rjxr-66jc","Severity":"high","Vulnerable Versions":">=4.0.0 <=4.17.23","Tree Versions":["4.17.23"],"Dependents":["ccd-case-activity-api@workspace:."]}}
2+
{"value":"lodash","children":{"ID":1115810,"Issue":"lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`","URL":"https://github.com/advisories/GHSA-f23m-r3pf-42rh","Severity":"moderate","Vulnerable Versions":"<=4.17.23","Tree Versions":["4.17.23"],"Dependents":["ccd-case-activity-api@workspace:."]}}
13
{"value":"lodash.clone","children":{"ID":"lodash.clone (deprecation)","Issue":"This package is deprecated. Use structuredClone instead.","Severity":"moderate","Vulnerable Versions":"4.5.0","Tree Versions":["4.5.0"],"Dependents":["ioredis@npm:3.2.2"]}}
24
{"value":"lodash.pick","children":{"ID":"lodash.pick (deprecation)","Issue":"This package is deprecated. Use destructuring assignment syntax instead.","Severity":"moderate","Vulnerable Versions":"3.1.0","Tree Versions":["3.1.0"],"Dependents":["ioredis@npm:3.2.2"]}}
35
{"value":"path-to-regexp","children":{"ID":1115573,"Issue":"path-to-regexp vulnerable to Denial of Service via sequential optional groups","URL":"https://github.com/advisories/GHSA-j3q9-mxjg-w52f","Severity":"high","Vulnerable Versions":">=8.0.0 <8.4.0","Tree Versions":["8.2.0"],"Dependents":["router@npm:2.2.0"]}}

0 commit comments

Comments
 (0)