mirror of https://gitlab.com/curben/blog
40 lines
1.5 KiB
Plaintext
40 lines
1.5 KiB
Plaintext
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
|
|
version: v1.13.5
|
|
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
|
|
ignore:
|
|
SNYK-JS-LODASHMERGE-173732:
|
|
- hexo > cheerio > lodash.merge:
|
|
reason: >-
|
|
Patch to be released in lodash@4.17.12. Tracking this PR for release:
|
|
https://github.com/lodash/lodash/pull/4337
|
|
expires: '2019-08-01T00:00:00.000Z'
|
|
SNYK-JS-LODASHMERGE-173733:
|
|
- hexo > cheerio > lodash.merge:
|
|
reason: >-
|
|
Patch to be released in lodash@4.17.12. Tracking this PR for release:
|
|
https://github.com/lodash/lodash/pull/4337
|
|
expires: '2019-08-01T00:00:00.000Z'
|
|
SNYK-JS-SETVALUE-450213:
|
|
# snapdragon > base > cache-base > set-value
|
|
- '*':
|
|
reason: Patch/update unavailable
|
|
expires: '2019-12-31T00:00:00.000Z'
|
|
SNYK-JS-MIXINDEEP-450212:
|
|
# snapdragon > base > mixin-deep
|
|
- '*':
|
|
reason: Patch/update unavailable
|
|
expires: '2019-12-31T00:00:00.000Z'
|
|
SNYK-JS-LODASH-450202:
|
|
- '*':
|
|
reason: >-
|
|
Patch to be released in lodash@4.17.12. Tracking this PR for release:
|
|
https://github.com/lodash/lodash/pull/4336
|
|
expires: '2019-08-01T00:00:00.000Z'
|
|
SNYK-JS-MARKED-451341:
|
|
- '*':
|
|
reason: >-
|
|
Patch is released in marked@0.7.0. Tracking this PR for release:
|
|
https://github.com/hexojs/hexo-renderer-marked/pull/102
|
|
expires: '2019-08-01T00:00:00.000Z'
|
|
patch: {}
|