Merge branch 'update-osv-scanner-ignore-for-node-gettext'

author: Tobias Järvelöv <tobias.jarvelov@mullvad.net> 2026-04-22 10:28:04 +0200
committer: Tobias Järvelöv <tobias.jarvelov@mullvad.net> 2026-04-22 10:28:04 +0200
commit: f97a68ce6529922bb1ec400bafee7318e72ababc (patch)
tree: fe0f4182b297751c0bfb972ea0ede9aef1050489
parent: 9e2f04c612001e5fd5755eb5a9f7b6e7a4252d16 (diff)
parent: a68b7dddfb5bc2257a1f041fe329b80ba78c14d1 (diff)
download: mullvadvpn-f97a68ce6529922bb1ec400bafee7318e72ababc.tar.xz
mullvadvpn-f97a68ce6529922bb1ec400bafee7318e72ababc.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/desktop/osv-scanner.toml b/desktop/osv-scanner.toml
index 756c8cd5c1..bb7219294c 100644
--- a/desktop/osv-scanner.toml
+++ b/desktop/osv-scanner.toml
@@ -3,7 +3,7 @@
 # node-gettext: Prototype Pullution via the addTranslations function
 [[IgnoredVulns]]
 id = "CVE-2024-21528"  # GHSA-g974-hxvm-x689
-ignoreUntil = 2026-04-16  # The vulnerability is ignored for 6 months as the affected library is not receiving updates and we can not patch the vulnerability without migrating to another library, which is no minor feat.
+ignoreUntil = 2026-08-16  # The vulnerability is ignored for 4 months as no patch for the affected library exists and we can not address the vulnerability without migrating to another library, which is no minor feat.
 reason = "There is no fix yet and we don't send untrusted input to the first argument of addTranslations"
 
 # ajv: ajv has ReDoS when using $data option
author	Tobias Järvelöv <tobias.jarvelov@mullvad.net>	2026-04-22 10:28:04 +0200
committer	Tobias Järvelöv <tobias.jarvelov@mullvad.net>	2026-04-22 10:28:04 +0200
commit	f97a68ce6529922bb1ec400bafee7318e72ababc (patch)
tree	fe0f4182b297751c0bfb972ea0ede9aef1050489
parent	9e2f04c612001e5fd5755eb5a9f7b6e7a4252d16 (diff)
parent	a68b7dddfb5bc2257a1f041fe329b80ba78c14d1 (diff)
download	mullvadvpn-f97a68ce6529922bb1ec400bafee7318e72ababc.tar.xz mullvadvpn-f97a68ce6529922bb1ec400bafee7318e72ababc.zip