-
Notifications
You must be signed in to change notification settings - Fork 36
/
Copy pathaudit-ci.json
95 lines (95 loc) · 2.7 KB
/
audit-ci.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
{
"allowlist": [
{
"GHSA-pfrx-2q88-qq97": {
"active": true,
"notes": "requires upgrade to [email protected], which is a breaking change",
"expiry": "6 March 2025"
}
},
{
"GHSA-c2qf-rxjj-qqgw": {
"active": true,
"notes": "requires lerna v7, which is a breaking change",
"expiry": "6 March 2025"
}
},
{
"GHSA-7fh5-64p2-3v2j": {
"active": true,
"notes": "requires upgrade to postcss v8.4.31, which doesn't align with the version used by @storybook/addon-postcss",
"expiry": "6 March 2025"
}
},
{
"GHSA-f5x3-32g6-xq36": {
"active": true,
"notes": "issue in 'tar' package used by '@lerna/legacy-package-management' v6.6.2 - no current fix",
"expiry": "6 March 2025"
}
},
{
"GHSA-grv7-fg5c-xmjg": {
"active": true,
"notes": "braces package has a vulnerability which is fixed in v3.0.3, but cannot currrently upgrade",
"expiry": "6 March 2025"
}
},
{
"GHSA-3h5v-q93c-6h6q": {
"active": true,
"notes": "ws package has a vulnerability but requires multiple package upgrades to fix",
"expiry": "6 March 2025"
}
},
{
"GHSA-952p-6rrq-rcjv": {
"active": true,
"notes": "issue in 'micromatch' package, we're currently on the highest version available so no fix",
"expiry": "6 March 2025"
}
},
{
"GHSA-m6fv-jmcg-4jfg": {
"active": true,
"notes": "issue in 'send' package within 'serve-static' package being v0.18.0, fix requires 0.19.0",
"expiry": "6 March 2025"
}
},
{
"GHSA-p6mc-m468-83gw": {
"active": true,
"notes": "issue in 'lodash.set' package use by '@cypress-audit/lighthouse>lighthouse' - no current fix",
"expiry": "6 March 2025"
}
},
{
"GHSA-3xgq-45jj-v275": {
"active": true,
"notes": "issue in 'cross-spawn' package - unable to upgrade currently",
"expiry": "6 March 2025"
}
},
{
"GHSA-h5c3-5r3r-rr8q": {
"active": true,
"notes": "issue in '@octokit/plugin-paginate-rest' package which relies on a lerna upgrade",
"expiry": "6 March 2025"
}
},
{
"GHSA-xx4v-prfh-6cgc": {
"active": true,
"notes": "issue in '@octokit/request-error' package which relies on a lerna upgrade",
"expiry": "6 March 2025"
}
},
{
"GHSA-67mh-4wv8-2f99": {
"active": true,
"notes": "issue in 'esbuild' package which is a dependency of storybook. Patched version 0.25.0 not used by Storybook yet",
"expiry": "6 March 2025"
}
}
]
}