From 24c838cca1b423dabcdee37ad089e9b62e297246 Mon Sep 17 00:00:00 2001
From: spsjvc <git@spsjvc.com>
Date: Thu, 21 Nov 2024 12:41:56 +0100
Subject: [PATCH] chore: update audit-ci.jsonc

---
 audit-ci.jsonc | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/audit-ci.jsonc b/audit-ci.jsonc
index fdf03b17..089df4e1 100644
--- a/audit-ci.jsonc
+++ b/audit-ci.jsonc
@@ -91,6 +91,16 @@
     // DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS
     // rollup is not used in production
     // from vite > rollup
-    "GHSA-gcx4-mw62-g8wm"
+    "GHSA-gcx4-mw62-g8wm",
+    // https://github.com/advisories/GHSA-3xgq-45jj-v275
+    // cross-spawn command injection vulnerability
+    // Only used during development via audit-ci, nyc, and patch-package
+    // from: audit-ci>cross-spawn
+    // from: nyc>foreground-child>cross-spawn
+    // from: nyc>spawn-wrap>foreground-child>cross-spawn
+    // from: @arbitrum/nitro-contracts>patch-package>cross-spawn
+    // from: @arbitrum/token-bridge-contracts>@arbitrum/nitro-contracts>patch-package>cross-spawn
+    // from: @offchainlabs/l1-l3-teleport-contracts>@arbitrum/token-bridge-contracts>@arbitrum/nitro-contracts>patch-package>cross-spawn
+    "GHSA-3xgq-45jj-v275"
   ]
 }