forked from bytecodealliance/wasm-micro-runtime
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Exclude fuzz test python and npm packages in scoreboard scan (bytecod…
…ealliance#3871) * exclude fuzz test for scoreboard scan * ci ignore osv-scanner.toml file name inconsistency
- Loading branch information
1 parent
217ba3b
commit 7d56289
Showing
3 changed files
with
85 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,52 @@ | ||
| # GHSA-67hx-6x53-jw92 | ||
| [[PackageOverrides]] | ||
| name = "@babel/traverse" | ||
| ecosystem = "npm" | ||
| ignore = true | ||
| reason = "Accepted known vulnerabilities for testing purposes" | ||
|
|
||
| # GHSA-67hx-6x53-jw92 | ||
| [[PackageOverrides]] | ||
| name = "babel-traverse" | ||
| ecosystem = "npm" | ||
| ignore = true | ||
| reason = "Accepted known vulnerabilities for testing purposes" | ||
|
|
||
| # GHSA-9c47-m6qq-7p4h | ||
| [[PackageOverrides]] | ||
| name = "json5" | ||
| ecosystem = "npm" | ||
| ignore = true | ||
| reason = "Dependency not critical for security" | ||
|
|
||
| # GHSA-7fh5-64p2-3v2j | ||
| [[PackageOverrides]] | ||
| name = "postcss" | ||
| ecosystem = "npm" | ||
| ignore = true | ||
| reason = "Vulnerabilities do not affect current use case" | ||
|
|
||
| # GHSA-gcx4-mw62-g8wm | ||
| [[PackageOverrides]] | ||
| name = "rollup" | ||
| ecosystem = "npm" | ||
| ignore = true | ||
| reason = "Legacy build tool under controlled environment" | ||
|
|
||
| # GHSA-c2qf-rxjj-qqgw | ||
| [[PackageOverrides]] | ||
| name = "semver" | ||
| ecosystem = "npm" | ||
| ignore = true | ||
| reason = "Version parsing is managed securely" | ||
|
|
||
| # GHSA-353f-5xf4-qw67 | ||
| # GHSA-c24v-8rfc-w8vw | ||
| # GHSA-8jhw-289h-jh2g | ||
| # GHSA-64vr-g452-qvp3 | ||
| # GHSA-9cwx-2883-4wfx | ||
| [[PackageOverrides]] | ||
| name = "vite" | ||
| ecosystem = "npm" | ||
| ignore = true | ||
| reason = "Development server not exposed to untrusted networks" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,32 @@ | ||
| # GHSA-m2qf-hxjv-5gpq / PYSEC-2023-62 | ||
| [[PackageOverrides]] | ||
| name = "Flask" | ||
| ecosystem = "PyPI" | ||
| ignore = true | ||
| reason = "Accepted known vulnerabilities for testing purposes" | ||
|
|
||
| # GHSA-m2qf-hxjv-5gpq / PYSEC-2023-62 | ||
| [[PackageOverrides]] | ||
| name = "flask" | ||
| ecosystem = "PyPI" | ||
| ignore = true | ||
| reason = "Accepted known vulnerabilities for testing purposes" | ||
|
|
||
| # GHSA-84pr-m4jr-85g5 | ||
| # GHSA-hxwh-jpp2-84pm / PYSEC-2024-71 | ||
| [[PackageOverrides]] | ||
| name = "flask-cors" | ||
| ecosystem = "PyPI" | ||
| ignore = true | ||
| reason = "Accepted known vulnerabilities for testing purposes" | ||
|
|
||
| # GHSA-2g68-c3qc-8985 | ||
| # GHSA-hrfv-mqp8-q5rw / PYSEC-2023-221 | ||
| # GHSA-px8h-6qxv-m22q / PYSEC-2023-57 | ||
| # GHSA-xg9f-g7g7-2323 / PYSEC-2023-58 | ||
| # PYSEC-2022-203 | ||
| [[PackageOverrides]] | ||
| name = "werkzeug" | ||
| ecosystem = "PyPI" | ||
| ignore = true | ||
| reason = "Accepted known vulnerabilities for testing purposes" |