Ignore yarn audit warning for GHSA-9wv6-86v2-598j

MetaMask · Sep 10, 2024 · 3e010c4 · 3e010c4
1 parent 9f8651c
commit 3e010c4
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/.yarnrc.yml b/.yarnrc.yml
@@ -43,6 +43,16 @@ npmAuditIgnoreAdvisories:
   # not appear to be used.
   - 1092461
 
+  # Issue: path-to-regexp outputs backtracking regular expressions
+  # URL: https://github.com/advisories/GHSA-9wv6-86v2-598j
+  # path-to-regexp is used in react-router v5.1.2, which we use. However, the
+  # vulnerability in path-to-regexp could only be exploited within react-router
+  # if malicious properties were passed to react-router components or methods
+  # explicitly from our code. As such, this vulneratibility cannot be exploited
+  # by an external / malicious actor. Meanwhile, once we update to v6+,
+  # path-to-regexp will no longer be used.
+  - 1099499
+
   # Temp fix for https://github.com/MetaMask/metamask-extension/pull/16920 for the sake of 11.7.1 hotfix
   # This will be removed in this ticket https://github.com/MetaMask/metamask-extension/issues/22299
   - 'ts-custom-error (deprecation)'