Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

stable

Clone or download

Read-only

chore: Ignore vulnerability in a transitive dep of unplugin-vue2-script-setup

Download Browse

[CVE-2023-2972][0] is reported due to the usage of `@antfu/utils` in the dependency trees of the `unplugin-vue2-script-setup` lib. Tuleap does not appear to be affected by the issue: * Vulnerability concerns `deepMerge` of `@antfu/utils` * `unplugin-vue2-script-setup` does not use `deepMerge` of `@antfu/utils` * Tuleap only uses `unplugin-vue2-script-setup` in tests context Closes request #32282: Ignore vulnerability in a transitive dep of unplugin-vue2-script-setup [0]: https://osv.dev/vulnerability/GHSA-p2fh-2h23-6grg Change-Id: I8123aedca35c7c02f4bd709a34b9969ed11785c8

+5 −0
Nicolas Terray (nterray) 2023-06-05 10:31
Nicolas Terray (nterray) 2023-06-05 10:31
d2f6139629fc7fcd055873052c9b7db8ab384753
9144182d06ec2d9c8417e9a342755bf2714ea2eb
git #tuleap/stable/d2f6139629fc7fcd055873052c9b7db8ab384753

Modified Files

Side by side diff
Inline diff
Name
M tools/utils/osv-scanner/config.toml +5 −0 Go to diff View file