chore(security): ignore SNYK-JS-BRACES-6838727

Our direct usage of this package is not using a vulnerable method. We are using the isMatch function which does not make use of the underlying braces pkg, which is where the vulnerability has been reported. https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L106-L123
snyk · May 14, 2024 · 597b5fc · 597b5fc
1 parent 5f975df
commit 597b5fc
Showing 1 changed file with 11 additions and 1 deletion.
diff --git a/.snyk b/.snyk
@@ -17,9 +17,19 @@ ignore:
         reason: --about lists all dependency licenses which is a requirement of MPL-2.0
         expires: 2122-12-14T16:35:38.252Z
         created: 2022-11-14T16:35:38.260Z
+  SNYK-JS-BRACES-6838727:
+    - '*':
+        reason: Direct usage within Snyk CLI are not using vulnerable function
+        expires: 2024-08-13T04:12:20.523Z
+        created: 2024-05-14T04:12:20.531Z
+  SNYK-JS-MICROMATCH-6838728:
+    - '*':
+        reason: Direct usage within Snyk CLI are not using vulnerable function
+        expires: 2024-08-13T04:12:20.523Z
+        created: 2024-05-14T04:12:20.531Z
 patch: {}
 exclude:
   code:
     - test/**
-    # Remove the following line, once we can apply consistent ignores via the Web UI
+    # Remove the following line, once we can apply consistent ignores via the Web UIs
     - scripts/upgrade-snyk-go-dependencies.go