chore: adds audit exception for nanoid (#556)

OffchainLabs · Dec 11, 2024 · 31852e2 · 31852e2
1 parent 5ef4430
commit 31852e2
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/audit-ci.jsonc b/audit-ci.jsonc
@@ -114,6 +114,12 @@
     // from: @arbitrum/nitro-contracts>patch-package>cross-spawn
     // from: @arbitrum/token-bridge-contracts>@arbitrum/nitro-contracts>patch-package>cross-spawn
     // from: @offchainlabs/l1-l3-teleport-contracts>@arbitrum/token-bridge-contracts>@arbitrum/nitro-contracts>patch-package>cross-spawn
-    "GHSA-3xgq-45jj-v275"
+    "GHSA-3xgq-45jj-v275",
+    // https://github.com/advisories/GHSA-mwcw-c2x4-8c55
+    // nanoid infinite loop vulnerability when handling non-integer values
+    // Only used by mocha for test file IDs during test execution, not in production code
+    // from: hardhat>mocha>nanoid
+    // from: mocha>nanoid
+    "GHSA-mwcw-c2x4-8c55"
   ]
 }