Add node-gettext suppression for osv-scanner

author: Oskar <oskar@mullvad.net> 2024-09-17 09:43:37 +0200
committer: Oskar <oskar@mullvad.net> 2024-09-17 09:43:39 +0200
commit: 9c16f022d751cc6cb987af3ced6df7e24714a20c (patch)
tree: 78616ed5257f428c53ec0b34d923e2a2a750eba3 /gui
parent: eed293a0744088d993582e8ef62f2119a439a67f (diff)
download: mullvadvpn-9c16f022d751cc6cb987af3ced6df7e24714a20c.tar.xz
mullvadvpn-9c16f022d751cc6cb987af3ced6df7e24714a20c.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/gui/osv-scanner.toml b/gui/osv-scanner.toml
index 8b65956cc3..cfe5d5b78d 100644
--- a/gui/osv-scanner.toml
+++ b/gui/osv-scanner.toml
@@ -23,3 +23,9 @@ reason = "This package is only used to match paths from either us or trusted lib
 id = "CVE-2024-4067" # GHSA-952p-6rrq-rcjv
 ignoreUntil = 2024-11-23
 reason = "This is just a dev dependency, and we don't have untrusted input to micromatch there"
+
+# node-gettext: Prototype Pullution via the addTranslations function
+[[IgnoredVulns]]
+id = "CVE-2024-4067" # GHSA-g974-hxvm-x689
+ignoreUntil = 2024-10-17
+reason = "There is no fix yet, in the meantime we'll have to verify translations thoroughly"
author	Oskar <oskar@mullvad.net>	2024-09-17 09:43:37 +0200
committer	Oskar <oskar@mullvad.net>	2024-09-17 09:43:39 +0200
commit	9c16f022d751cc6cb987af3ced6df7e24714a20c (patch)
tree	78616ed5257f428c53ec0b34d923e2a2a750eba3 /gui
parent	eed293a0744088d993582e8ef62f2119a439a67f (diff)
download	mullvadvpn-9c16f022d751cc6cb987af3ced6df7e24714a20c.tar.xz mullvadvpn-9c16f022d751cc6cb987af3ced6df7e24714a20c.zip