GitHub/outline
1
0
Fork 0
mirror of https://github.com/outline/outline.git synced 2026-06-13 11:25:03 +03:00
Code Issues Packages Projects Releases Wiki Activity

chore: Clear picomatch ReDoS advisories from audit ignore list (#12179)

Browse Source 
Pin picomatch to ^2.3.2 / ^4.0.4 via resolutions so transitive
deps pick up the patched versions, then drop the advisory IDs.
This commit is contained in:
Tom Moor
2026-04-27 09:48:03 -04:00
committed by GitHub
parent ec2463e5ff
commit c280bddab9
3 changed files with 16 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.yarnrc.yml
-2
View File
@@ -12,6 +12,4 @@ npmPreapprovedPackages:
npmAuditIgnoreAdvisories:
- "1113517" # GHSA-mw96-cpmx-2vgc rollup <2.80.0 path traversal (workbox-build, build-time)
- "1113686" # GHSA-5c6j-r48x-rmvq serialize-javascript RCE (@rollup/plugin-terser, build-time)
- "1115552" # GHSA-c2c7-rcm5-vvqj picomatch ReDoS (babel-plugin-styled-components, dotenvx CLI)
- "1115554" # GHSA-c2c7-rcm5-vvqj picomatch ReDoS (babel-plugin-styled-components, dotenvx CLI)
- "1115805" # GHSA-r5fr-rjxr-66jc lodash-es _.template injection (mermaid; not exposed to user-controlled template keys)