forked from mojaloop/central-ledger
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathaudit-ci.jsonc
29 lines (29 loc) · 1.29 KB
/
audit-ci.jsonc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
{
"$schema": "https://github.com/IBM/audit-ci/raw/main/docs/schema.json",
// audit-ci supports reading JSON, JSONC, and JSON5 config files.
// Only use one of ["low": true, "moderate": true, "high": true, "critical": true]
"moderate": true,
"allowlist": [ // NOTE: Please add as much information as possible to any items added to the allowList
// Currently no fixes available for the following
"GHSA-v88g-cgmw-v5xw",
"GHSA-mg85-8mv5-ffjr",
"GHSA-phwq-j96m-2c2q",
"GHSA-7hx8-2rxv-66xv",
"GHSA-282f-qqgm-c34q",
"GHSA-8cf7-32gw-wr33",
"GHSA-hjrf-2m68-5959",
// TODO: Upgrade jsonwebtoken in the central-services-shared lib --> https://github.com/mojaloop/project/issues/3097
"GHSA-qwph-4952-7xr6", // https://github.com/advisories/GHSA-qwph-4952-7xr6
// Knex dependency has been upgraded to v2.4x as advised by this advisory. Not sure why its still reporting it as an issue?
// TODO: Investigate as to why this is still being reported even though Knex was upgraded! :(
"GHSA-4jv9-3563-23j3", // https://github.com/advisories/GHSA-4jv9-3563-23j3
"GHSA-6vfc-qv3f-vr6c",
"GHSA-mjxr-4v3x-q3m4",
"GHSA-rjqq-98f6-6j3r",
"GHSA-g64q-3vg8-8f93",
"GHSA-5854-jvxx-2cg9",
"GHSA-2mvq-xp48-4c77",
"GHSA-w5p7-h5w8-2hfq",
"GHSA-p9pc-299p-vxgp"
]
}