diff options
| author | Oliver <oliver@mohlin.dev> | 2025-03-12 13:35:10 +0100 |
|---|---|---|
| committer | Oskar <oskar@mullvad.net> | 2025-03-13 09:11:56 +0100 |
| commit | 39a5dec6ff34470890a25ccf03980fa408306a2f (patch) | |
| tree | e58082d80f982943c488d260f17f1903102c0fb4 | |
| parent | 6d355f18b8f9e7cf69035b91cef90b57a9f65d58 (diff) | |
| download | mullvadvpn-39a5dec6ff34470890a25ccf03980fa408306a2f.tar.xz mullvadvpn-39a5dec6ff34470890a25ccf03980fa408306a2f.zip | |
Extend ignores for CVEs
| -rw-r--r-- | desktop/osv-scanner.toml | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/desktop/osv-scanner.toml b/desktop/osv-scanner.toml index 3401445f5a..333be5ed23 100644 --- a/desktop/osv-scanner.toml +++ b/desktop/osv-scanner.toml @@ -3,19 +3,19 @@ # PostCSS line return parsing error [[IgnoredVulns]] id = "CVE-2023-44270" # GHSA-7fh5-64p2-3v2j -ignoreUntil = 2025-03-05 +ignoreUntil = 2025-06-05 reason = "This project does not use PostCSS to parse untrusted CSS" # braces: Uncontrolled resource consumption [[IgnoredVulns]] id = "CVE-2024-4068" # GHSA-grv7-fg5c-xmjg -ignoreUntil = 2025-03-05 +ignoreUntil = 2025-06-05 reason = "This package is only used to match paths from either us or trusted libraries" # micromatch (dev): Regular Expression Denial of Service (ReDoS) in micromatch [[IgnoredVulns]] id = "CVE-2024-4067" # GHSA-952p-6rrq-rcjv -ignoreUntil = 2025-02-23 +ignoreUntil = 2025-05-23 reason = "This is just a dev dependency, and we don't have untrusted input to micromatch there" # node-gettext: Prototype Pullution via the addTranslations function |