Compare commits
2 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 1c8ae3ac53 | |||
| 44d96aef57 |
@@ -1,20 +0,0 @@
|
||||
{
|
||||
// Allowlist for inherited dev-dependency CVEs from @kinvolk/headlamp-plugin
|
||||
// CTO decision (PRI-854): these high-severity vulns are dev/build-time only,
|
||||
// trace to @kinvolk/headlamp-plugin transitive deps (Picomatch, Vite, lodash),
|
||||
// and do NOT ship in production plugin artifacts.
|
||||
"allowlist": [
|
||||
{
|
||||
"id": "GHSA-hhpm-516h-p3p6",
|
||||
"reason": "Picomatch ReDoS: devDependency only, does not ship in production plugin bundle"
|
||||
},
|
||||
{
|
||||
"id": "GHSA-36xf-7xpp-53w5",
|
||||
"reason": "Vite arbitrary file read: devDependency only, does not ship in production plugin bundle"
|
||||
},
|
||||
{
|
||||
"id": "GHSA-jf8v-p3pp-93qh",
|
||||
"reason": "lodash code injection via _.template: devDependency only, does not ship in production plugin bundle"
|
||||
}
|
||||
]
|
||||
}
|
||||
Generated
+2
-2
@@ -6233,7 +6233,7 @@ snapshots:
|
||||
material-react-table: 2.13.3(0078ddeddc9e779fa84c03996c1db10e)
|
||||
monaco-editor: 0.52.2
|
||||
msw: 2.4.9(typescript@5.6.2)
|
||||
msw-storybook-addon: 2.0.3(msw@2.4.9(typescript@5.6.3))
|
||||
msw-storybook-addon: 2.0.3(msw@2.4.9(typescript@5.6.2))
|
||||
notistack: 3.0.2(csstype@3.2.3)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
|
||||
path-browserify: 1.0.1
|
||||
prettier: 2.8.8
|
||||
@@ -10238,7 +10238,7 @@ snapshots:
|
||||
|
||||
ms@2.1.3: {}
|
||||
|
||||
msw-storybook-addon@2.0.3(msw@2.4.9(typescript@5.6.3)):
|
||||
msw-storybook-addon@2.0.3(msw@2.4.9(typescript@5.6.2)):
|
||||
dependencies:
|
||||
is-node-process: 1.2.0
|
||||
msw: 2.4.9(typescript@5.6.2)
|
||||
|
||||
Reference in New Issue
Block a user