Merge branch 'ignore-cves'

3 files changed, 22 insertions, 0 deletions

diff --git a/ci/ios/upload-vm/osv-scanner.toml b/ci/ios/upload-vm/osv-scanner.toml
new file mode 100644
index 0000000000..1a26a0cfe2
--- /dev/null
+++ b/ci/ios/upload-vm/osv-scanner.toml
@@ -0,0 +1,8 @@
+# See repository root `osv-scanner.toml` for instructions and rules for this file.
+
+# rexml: The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML
+# that has many deep elements that have same local name attributes.
+[[IgnoredVulns]]
+id = "CVE-2024-43398" # GHSA-952p-6rrq-rcjv
+ignoreUntil = 2024-11-23
+reason = "rexml only parses trusted input (responses from Apple's APIs) in this code"
diff --git a/gui/osv-scanner.toml b/gui/osv-scanner.toml
index 968158fa7c..0818533318 100644
--- a/gui/osv-scanner.toml
+++ b/gui/osv-scanner.toml
@@ -42,3 +42,9 @@ reason = "We don't utilize the signing features in browserify"
 id = "CVE-2024-42459" # GHSA-f7q4-pwc6-w24p
 ignoreUntil = 2024-10-15
 reason = "We don't utilize the signing features in browserify"
+
+# micromatch (dev): Regular Expression Denial of Service (ReDoS) in micromatch
+[[IgnoredVulns]]
+id = "CVE-2024-4067" # GHSA-952p-6rrq-rcjv
+ignoreUntil = 2024-11-23
+reason = "This is just a dev dependency, and we don't have untrusted input to micromatch there"
diff --git a/ios/osv-scanner.toml b/ios/osv-scanner.toml
new file mode 100644
index 0000000000..1a26a0cfe2
--- /dev/null
+++ b/ios/osv-scanner.toml
@@ -0,0 +1,8 @@
+# See repository root `osv-scanner.toml` for instructions and rules for this file.
+
+# rexml: The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML
+# that has many deep elements that have same local name attributes.
+[[IgnoredVulns]]
+id = "CVE-2024-43398" # GHSA-952p-6rrq-rcjv
+ignoreUntil = 2024-11-23
+reason = "rexml only parses trusted input (responses from Apple's APIs) in this code"