1
0
mirror of https://github.com/kremalicious/metamask-extension.git synced 2024-11-22 09:57:02 +01:00
metamask-extension/.iyarc
Mark Stacey 9c278c3610
Resolve two new security advisories (#19940)
Two new security advisories have been resolved. These advisories are
causing CI to fail on `develop`. Neither presents any risk to us,
as they are prototype pollution issues that are prevented by lockdown.

The first advisory isn't easy for us to patch. It's caused by an
outdated version of `protobufjs` used by `@trezor/transport`. It has
been ignored for now, until Trezor updates that package.

For the second advisory (related to `tough-cookie`), it was resolved
by updating that dependency in our lockfile.
2023-07-10 12:56:34 -02:30

12 lines
372 B
Plaintext

# improved-yarn-audit advisory exclusions
GHSA-257v-vj4p-3w2h
# request library is subject to SSRF.
# addressed by temporary patch in .yarn/patches/request-npm-2.88.2-f4a57c72c4.patch
GHSA-p8p7-x288-28g6
# Prototype pollution
# Not easily patched
# Minimal risk to us because we're using lockdown which also prevents this case of prototype pollution
GHSA-h755-8qp9-cq85