Skip to content

feat(audit): add ability to ignore Github Security Advisory#8483

Merged
zkochan merged 4 commits intopnpm:mainfrom
IanKrieger:feat/add-ability-to-ignore-ghsa
Sep 1, 2024
Merged

feat(audit): add ability to ignore Github Security Advisory#8483
zkochan merged 4 commits intopnpm:mainfrom
IanKrieger:feat/add-ability-to-ignore-ghsa

Conversation

@IanKrieger
Copy link
Contributor

@IanKrieger IanKrieger commented Aug 30, 2024
edited
Loading

Resolves #6838

Adds ignoreGhsas config option so that you can also target a Github Security Advisory to be ignored

  auditConfig: {
    ignoreGhsas: [
      'GHSA-42xw-2xvc-qx8m',
      'GHSA-4w2v-q235-vp99',
      'GHSA-cph5-m8f7-6c5x',
      'GHSA-vh95-rmgr-6w4m',
    ],
  },

@IanKrieger IanKrieger requested a review from zkochan as a code owner August 30, 2024 01:19
@IanKrieger IanKrieger mentioned this pull request Aug 30, 2024
Merged
zkochan
zkochan reviewed Aug 31, 2024
View reviewed changes
Copy link
Member

@zkochan zkochan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

add changesets

pnpm/src/main.ts Outdated
Comment on lines +77 to +80
// eslint-disable-next-line @typescript-eslint/restrict-template-expressions
deprecationMsg += ` ${chalk.yellow(`Deprecated option: '${unknownOptionsArray[0]}'`)}`
} else {
// eslint-disable-next-line @typescript-eslint/restrict-template-expressions
Copy link
Member

@zkochan zkochan Aug 31, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why were this comments added? This file wasn't modified.

Copy link
Contributor Author

@IanKrieger IanKrieger Aug 31, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The pre-commit hooks kept failing on these lines specifically, even though I did not touch them. I added the ignore so I could push the PR.

Copy link
Member

@zkochan zkochan Aug 31, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok, well you should fix the warning then. Not ignore it. Maybe something like

deprecationMsg += ` ${chalk.yellow(`Deprecated option: '${unknownOptionsArray[0] as string}'`)}`

Copy link
Contributor Author

@IanKrieger IanKrieger Aug 31, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure, done

@IanKrieger IanKrieger requested a review from zkochan August 31, 2024 18:56
@zkochan
Copy link
Member

zkochan commented Aug 31, 2024

please, add changesets as described in contributing.md

@zkochan zkochan merged commit d500d9f into pnpm:main Sep 1, 2024
@welcome
Copy link

welcome bot commented Sep 1, 2024

Congrats on merging your first pull request! 🎉🎉🎉

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zkochan zkochan zkochan approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Feature request: Support ignoring of GHSAs

2 participants

@IanKrieger @zkochan