Mark vulnerability as ignored

[tk-o]

Lite PR

Tip: Review docs on the ENSNode PR process

Summary

• Mark vulnerability GHSA-w5hq-g745-h8pq to be ignored by OSV Scanner toolkit.

---

Why

• We have addressed it by applying uuid@11.1.1, but OSV Scanner fails to understand that.

---

Testing

• How this was tested.
• If you didn't test it, say why.

---

Notes for Reviewer (Optional)

• The v11.1.1 release for uuid addressed the vulnerability in question
  • https://github.com/uuidjs/uuid/releases/tag/v11.1.1

---

Pre-Review Checklist (Blocking)

• This PR does not introduce significant changes and is low-risk to review quickly.
• Relevant changesets are included (or are not required)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
admin.ensnode.io	Ready	Preview, Comment	Apr 30, 2026 2:49pm
ensnode.io	Ready	Preview, Comment	Apr 30, 2026 2:49pm
ensrainbow.io	Ready	Preview, Comment	Apr 30, 2026 2:49pm

[changeset-bot]

⚠️ No Changeset found

Latest commit: 7dbcc75

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[Copilot]

Pull request overview

Updates OSV Scanner configuration to suppress a specific GHSA finding (GHSA-w5hq-g745-h8pq) that OSV still reports despite the repo using a patched uuid version via pnpm overrides.

Changes:

• Add GHSA-w5hq-g745-h8pq to osv-scanner.toml [[IgnoredVulns]] list with an explanatory reason.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[greptile-apps]

Greptile Summary

This PR adds an ignore entry in osv-scanner.toml for GHSA-w5hq-g745-h8pq (uuid missing buffer bounds check in v3/v5/v6). The suppression is justified: uuid v11.1.1 (released 2026-04-29) backports the official fix, the existing pnpm override uuid@>=10.0.0 <11.1.1: ^11.1.1 ensures only v11.1.1 is resolved, and the lockfile confirms no other uuid versions are installed — OSV simply hasn't updated its advisory to recognize v11.1.1 as a fixed version yet.

Confidence Score: 5/5

Safe to merge — config-only change that suppresses a confirmed false positive from OSV scanner.

The ignore is well-justified: the fix is confirmed backported to uuid v11.1.1 (GitHub releases), the pnpm lockfile only contains uuid@11.1.1, and the pnpm override prevents older vulnerable versions from being installed. No code logic changes are involved.

No files require special attention.

Important Files Changed

Filename	Overview
osv-scanner.toml	Adds an OSV scanner ignore entry for GHSA-w5hq-g745-h8pq; the reason is accurate — uuid v11.1.1 (released 2026-04-29) backports the fix, and the lockfile confirms only uuid@11.1.1 is installed.

_{Reviews (1): Last reviewed commit: "Mark vulnerability as ignored" | Re-trigger Greptile}

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 9ca51c2c-a2de-49fa-afd6-4df71246c147

📥 Commits

Reviewing files that changed from the base of the PR and between 31f5872 and 7dbcc75.

📒 Files selected for processing (1)

• osv-scanner.toml

---

📝 Walkthrough

Walkthrough

A new OSV-scanner ignore rule is added for vulnerability GHSA-w5hq-g745-h8pq via a new [[IgnoredVulns]] configuration block. This updates the vulnerability scanning configuration to exclude this specific UUID-related issue from checks.

Changes

Cohort / File(s)	Summary
OSV-Scanner Configuration osv-scanner.toml	Adds a new [[IgnoredVulns]] entry to ignore vulnerability GHSA-w5hq-g745-h8pq, based on dependency override and runtime compatibility considerations.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 A vulnerability we shall ignore,
With config lines, just four,
GHSA-w5hq takes a rest,
Safe from scans, put to the test!
One small block makes all things right,
Scanning bliss in pixelated light.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	The description follows the template structure but the Testing section is incomplete with only placeholder text and lacks actual testing details or explanation for lack of testing.	Complete the Testing section by either describing how the change was tested or explaining why testing was not performed.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Mark vulnerability as ignored' is concise, clear, and directly summarizes the main change: adding an OSV-scanner ignore rule for a specific vulnerability.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch deps/osv-ignore-GHSA-w5hq-g745-h8pq

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Review rate limit: 0/1 reviews remaining, refill in 60 minutes.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[lightwalker-eth]

Looks good 👍