[chore] Temporarily suppress CVE for superagent (#448)

EasyPost · Apr 23, 2024 · 942afda · 942afda
1 parent 93737bf
commit 942afda
Show file tree

Hide file tree

Showing 3 changed files with 67 additions and 37 deletions.
diff --git a/audit-ci.jsonc b/audit-ci.jsonc
@@ -0,0 +1,13 @@
+{
+  "$schema": "https://github.com/IBM/audit-ci/raw/main/docs/schema.json",
+  "critical": true, // Only fail the audit if there are critical vulnerabilities.
+  "allowlist": [
+    {
+      "GHSA-8cp3-66vr-3r4c": {
+        "active": true,
+        "expiry": "2024-10-22", // Re-evaluate this vulnerability after this date.
+        "notes": "Transitive dependency of `superagent`, awaiting new `superagent` release." // https://github.com/ladjs/superagent/issues/1799
+      }
+    }
+  ]
+}
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -28,7 +28,7 @@
     "lintFix": "eslint --ext .js,.ts --fix .",
     "prepublishOnly": "npm run clean && npm run build && npm run test && npm run lint && npm run formatCheck",
     "repl": "./repl.js --local easypost.js",
-    "scan": "npx audit-ci -m",
+    "scan": "npx audit-ci -m --config ./audit-ci.jsonc",
     "test": "cross-env NODE_ENV=test mocha --timeout 10000 --require @babel/register --require ./test/helpers/common.js --recursive ./test",
     "watch": "webpack --config webpack.config.babel.js --watch"
   },