pnpm.auditConfig.ignoreCves and vulnerabilities without a CVE #6473
Unanswered
pateljay1397
asked this question in
Q&A
Replies: 1 comment
-
I too have this question |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
The https://pnpm.io/package_json#pnpmauditconfigignorecves specifically targets CVEs to ignore in pnpm audit.
Some vulnerabilities, such as GHSA-36jr-mh4h-2g58, show up in pnpm audit but have no assigned CVE. we tried with GHSA but that does not seem to work.
Does anyone know if that's expected, or is this a bug?
If it is not a bug, then what should be the recommended workaround for it (ignore pnpm audit using GHSA).
Beta Was this translation helpful? Give feedback.
All reactions