package updates (#426)

audit-ci.json

@@ -1,17 +1,29 @@
 {
     "low": true,
-    "_allowlistInfo": [
+    "_allowListExample": [
       {
-        "advisory": "GHSA-p8p7-x288-28g6",
-        "details": "The Request package through 2.88.2 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP)",
-        "justification1": "Request package is deprecated and unlikely to receive updates.",
-        "justification2": "Application unaffected as it only uses request by way of kubernetes/client-node, which talks to kubernetes, which can be asserted as not an attacker-controlled server.",
-        "expiry": "28 April 2023 00:00"
-      }
+        "GHSA-1234-5678-9012": {
+          "active": true,
+          "notes": "The package X has vuln Y that is ignored because Y",
+          "expiry": "2077-04-01"
+        }
+      },
     ],
     "allowlist": [
-      "GHSA-p8p7-x288-28g6"
-    ],
+      {
+        "GHSA-p8p7-x288-28g6": {
+          "active": true,
+          "notes": "The Request package through 2.88.2 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP)",
+          "expiry": "2023-10-01"
+        }
+      },
+      {
+        "GHSA-72xf-g2v4-qvf3": {
+          "active": true,
+          "notes": "The Request package (see above) requires tough-cookie at a vulnerable version.",
+          "expiry": "2023-10-01"
+        }
+      }    ],
     "skip-dev": true
   }