Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): ignore https://github.com/advisories/GHSA-72xf-g2v4-qvf3 (tough-cookie) #2822

Merged
merged 1 commit into from
Jul 18, 2023
Merged

chore(deps): ignore https://github.com/advisories/GHSA-72xf-g2v4-qvf3 (tough-cookie) #2822

merged 1 commit into from
Jul 18, 2023

Conversation

rpl
Copy link
Member

@rpl rpl commented Jul 18, 2023

This PR adds tough-cookie (transitive dependency got through sign-addon -> request -> tough-cookie) to the nsprc file.

@rpl rpl requested a review from willdurand July 18, 2023 11:36
@rpl
Copy link
Member Author

rpl commented Jul 18, 2023

@willdurand would you mind to update #2678 description to mention the updated output?
given that both the nsprc exception are coming from request I think we can track both from the existing issue.

The updated output of npm run audit-deps without the two exceptions is included inside the collapsible details below.

❯ npm run audit-deps

> web-ext@7.6.0 audit-deps
> node ./scripts/audit-deps


== audit-deps: blocking security issues

request (isDirect: false, severity: moderate, fixAvailable: false):
  https://github.com/advisories/GHSA-p8p7-x288-28g6
    request <=2.88.2
    Server-Side Request Forgery in Request
  https://github.com/advisories/GHSA-72xf-g2v4-qvf3
    tough-cookie <4.1.3
    tough-cookie Prototype Pollution vulnerability
sign-addon (isDirect: true, severity: moderate, fixAvailable: false):
  https://github.com/advisories/GHSA-p8p7-x288-28g6
    request <=2.88.2
    Server-Side Request Forgery in Request
  https://github.com/advisories/GHSA-72xf-g2v4-qvf3
    tough-cookie <4.1.3
    tough-cookie Prototype Pollution vulnerability
tough-cookie (isDirect: false, severity: moderate, fixAvailable: false):
  https://github.com/advisories/GHSA-72xf-g2v4-qvf3
    tough-cookie <4.1.3
    tough-cookie Prototype Pollution vulnerability

@codecov
Copy link

codecov bot commented Jul 18, 2023

Codecov Report

Patch and project coverage have no change.

Comparison is base (02b483c) 99.53% compared to head (ba278fb) 99.53%.

Additional details and impacted files 
@@           Coverage Diff           @@
##           master    #2822   +/-   ##
=======================================
  Coverage   99.53%   99.53%           
=======================================
  Files          32       32           
  Lines        1735     1735           
=======================================
  Hits         1727     1727           
  Misses          8        8

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

@willdurand willdurand mentioned this pull request Jul 18, 2023
Open
@rpl rpl merged commit 7281b08 into master Jul 18, 2023
2 checks passed
@rpl rpl deleted the chore/add-tough-cookie-adv-to-nsprc branch July 18, 2023 12:12
willdurand pushed a commit that referenced this pull request Sep 7, 2023
@rpl @willdurand
chore(deps): ignore GHSA-72xf-g2v4-qvf3 (tough-cookie) (#2822)
5808a5a
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@willdurand willdurand willdurand approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rpl @willdurand