This is an automated email from the ASF dual-hosted git repository.
abhishek pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/druid.git
The following commit(s) were added to refs/heads/master by this push:
new 848570d8db Suppressing package-lock.json?d3-color vulnerability
(#13301)
848570d8db is described below
commit 848570d8db3cd34f7179e292c91dbfd69ee216f4
Author: abhagraw <[email protected]>
AuthorDate: Fri Nov 4 11:47:02 2022 +0530
Suppressing package-lock.json?d3-color vulnerability (#13301)
---
owasp-dependency-check-suppressions.xml | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/owasp-dependency-check-suppressions.xml
b/owasp-dependency-check-suppressions.xml
index e4bbe3de3a..6ffb3b9f2e 100644
--- a/owasp-dependency-check-suppressions.xml
+++ b/owasp-dependency-check-suppressions.xml
@@ -654,4 +654,16 @@
<cve>CVE-2022-39135</cve>
</suppress>
+ <suppress>
+ <!-- package-lock.json?d3-color -->
+ <notes><![CDATA[
+ file name: d3-color:2.0.0
+ ]]></notes>
+ <!--
+ Not vulnerable to this as, we use d3-color on the client only.
+ -->
+ <packageUrl regex="true">^pkg:npm/d3\-color@.*$</packageUrl>
+ <vulnerabilityName>1084597</vulnerabilityName>
+ </suppress>
+
</suppressions>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
