Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[chore] Temporarily suppress CVE for superagent #448

Merged
merged 3 commits into from
Apr 23, 2024
Merged

[chore] Temporarily suppress CVE for superagent #448

merged 3 commits into from
Apr 23, 2024

Conversation

nwithan8
Copy link
Member

@nwithan8 nwithan8 commented Apr 23, 2024
edited
Loading

Description

formidible, a transitive dependency of superagent, has a CVE open for it. No patch is currently available. This PR temporarily suppresses audit warnings regarding the CVE to unblock our CI. The suppressant expires in six months, at which time we will re-evaluate the CVE.

  • Add audit-ci config file, add temporary CVE suppressant (re-evaluate in six months)

Testing

Pull Request Type

Please select the option(s) that are relevant to this PR.

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Improvement (fixing a typo, updating readme, renaming a variable name, etc)

@nwithan8
- Temporarily suppress CVE for superagent
c8dbeef 
- Remove package-lock.json from Git
@nwithan8 nwithan8 requested a review from a team April 23, 2024 17:41
Justintime50
Justintime50 requested changes Apr 23, 2024
View reviewed changes
Copy link
Member

@Justintime50 Justintime50 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please don't blow away the package lock file heh

jchen293
jchen293 approved these changes Apr 23, 2024
View reviewed changes
audit-ci.jsonc Outdated Show resolved Hide resolved
@nwithan8 nwithan8 merged commit 942afda into master Apr 23, 2024
8 checks passed
@nwithan8 nwithan8 deleted the CVE-2022-29622 branch April 23, 2024 19:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jchen293 jchen293 jchen293 approved these changes

@Justintime50 Justintime50 Justintime50 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@nwithan8 @jchen293 @Justintime50