Merge pull request #5569 from snyk/fix/ignore-cross-spawn-no-upgrade

chore: ignore cross-spawn vuln due to no upgrade path available
snyk · Nov 8, 2024 · e506766 · e506766
2 parents 60a0011 + fa71b9a
commit e506766
Showing 1 changed file with 4 additions and 19 deletions.
diff --git a/.snyk b/.snyk
@@ -2,31 +2,16 @@
 version: v1.25.0
 # ignores vulnerabilities until expiry date; change duration by modifying expiry date
 ignore:
-  SNYK-JS-ANSIREGEX-1583908:
-    - '*':
-        reason: Not affecting Snyk CLI. No upgrade path currently available
-        expires: 2022-02-01T00:00:00.000Z
-        created: 2021-11-29T17:25:19.200Z
-  SNYK-JS-LODASHSET-1320032:
-    - '*':
-        reason: No upgrade path currently available
-        expires: 2024-09-30T10:00:00.000Z
-        created: 2023-09-13T13:14:22.120Z
   'snyk:lic:npm:shescape:MPL-2.0':
     - '*':
         reason: --about lists all dependency licenses which is a requirement of MPL-2.0
         expires: 2122-12-14T16:35:38.252Z
         created: 2022-11-14T16:35:38.260Z
-  SNYK-JS-BRACES-6838727:
-    - '*':
-        reason: Direct usage within Snyk CLI are not using vulnerable function
-        expires: 2024-08-13T04:12:20.523Z
-        created: 2024-05-14T04:12:20.531Z
-  SNYK-JS-MICROMATCH-6838728:
+  SNYK-JS-CROSSSPAWN-8303230:
     - '*':
-        reason: Direct usage within Snyk CLI are not using vulnerable function
-        expires: 2024-10-13T04:12:20.523Z
-        created: 2024-05-14T04:12:20.531Z
+        reason: No direct upgrade path available
+        expires: 2025-01-01T00:12:20.523Z
+        created: 2024-11-08T10:22:20.531Z
 patch: {}
 exclude:
   code: