-
Notifications
You must be signed in to change notification settings - Fork 27
/
audit-ci.jsonc
39 lines (39 loc) · 1.58 KB
/
audit-ci.jsonc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
{
"$schema": "https://github.com/IBM/audit-ci/raw/main/docs/schema.json",
// audit-ci supports reading JSON, JSONC, and JSON5 config files.
// Only use one of ["low": true, "moderate": true, "high": true, "critical": true]
"moderate": true,
"allowlist": [
"GHSA-282f-qqgm-c34q",
"GHSA-v88g-cgmw-v5xw",
"GHSA-mjxr-4v3x-q3m4",
"GHSA-p9pc-299p-vxgp",
"GHSA-6vfc-qv3f-vr6c",
"GHSA-rjqq-98f6-6j3r",
"GHSA-phwq-j96m-2c2q",
"GHSA-wc69-rhjr-hc9g",
"GHSA-8qr4-xgw6-wmr3",
"GHSA-hrpp-h998-j3pp",
"GHSA-8cf7-32gw-wr33",
// Vulnerabilities for jsonwebtoken in
// sdk-standard-components
// central-services-error-handling
// central-services-shared
"GHSA-hjrf-2m68-5959",
"GHSA-qwph-4952-7xr6",
"GHSA-7fh5-64p2-3v2j",
// Some audit issues with api-snippets
"GHSA-c2qf-rxjj-qqgw",
// Issue with protobuffs (https://github.com/advisories/GHSA-h755-8qp9-cq85). No fix available.
"GHSA-h755-8qp9-cq85",
// @babel/traverse (https://github.com/advisories/GHSA-67hx-6x53-jw92)
"GHSA-67hx-6x53-jw92",
// Issue with PostCSS library (https://github.com/advisories/GHSA-7fh5-64p2-3v2j)
"GHSA-7fh5-64p2-3v2j",
// SSRF attacks against npm IP (https://github.com/advisories/GHSA-78xj-cgh5-2h22)
"GHSA-78xj-cgh5-2h22",
// https://github.com/advisories/GHSA-rm97-x556-q36h
"GHSA-rm97-x556-q36h",
"GHSA-wf5p-g6vw-rhxx" // https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
]
}