From 1adaae3ead7afb0ce6efed72535539623d71de17 Mon Sep 17 00:00:00 2001 From: Phil Date: Sun, 18 Feb 2024 13:04:09 -0800 Subject: [PATCH] Revert "Nack CVE-2023-42282 in npm and related packages." (#1519) --- lerna.advisories.yaml | 5 ----- node-gyp.advisories.yaml | 5 ----- npm.advisories.yaml | 5 ----- pnpm-stage0.advisories.yaml | 5 ----- renovate.advisories.yaml | 5 ----- sqlpad.advisories.yaml | 5 ----- 6 files changed, 30 deletions(-) diff --git a/lerna.advisories.yaml b/lerna.advisories.yaml index 713d622b99..bb0d0f8e9b 100644 --- a/lerna.advisories.yaml +++ b/lerna.advisories.yaml @@ -29,8 +29,3 @@ advisories: componentType: npm componentLocation: /usr/local/lib/node_modules/lerna/node_modules/ip/package.json scanner: grype - - timestamp: 2024-02-18T15:59:08Z - type: false-positive-determination - data: - type: vulnerable-code-version-not-used - note: The vulnerability is only present in versions of ip before v1.1.8, but we have version 2.0.0. The metadata is wrong in the NVD. diff --git a/node-gyp.advisories.yaml b/node-gyp.advisories.yaml index ce05f4c6db..96c6cb2097 100644 --- a/node-gyp.advisories.yaml +++ b/node-gyp.advisories.yaml @@ -20,8 +20,3 @@ advisories: componentType: npm componentLocation: /usr/lib/node_modules/node-gyp/node_modules/ip/package.json scanner: grype - - timestamp: 2024-02-18T15:59:30Z - type: false-positive-determination - data: - type: vulnerable-code-version-not-used - note: The vulnerability is only present in versions of ip before v1.1.8, but we have version 2.0.0. The metadata is wrong in the NVD. diff --git a/npm.advisories.yaml b/npm.advisories.yaml index e0b35b3dd2..a7c08c1994 100644 --- a/npm.advisories.yaml +++ b/npm.advisories.yaml @@ -24,8 +24,3 @@ advisories: type: pending-upstream-fix data: note: Upstream fixes are actively being attempted, such as in https://github.com/indutny/node-ip/pull/138, and once a solution is accepted we should incorporate that into this package. - - timestamp: 2024-02-18T15:58:43Z - type: false-positive-determination - data: - type: vulnerable-code-version-not-used - note: The vulnerability is only present in versions of ip before v1.1.8, but we have version 2.0.0. The metadata is wrong in the NVD. diff --git a/pnpm-stage0.advisories.yaml b/pnpm-stage0.advisories.yaml index 8bc18e2c45..8a677bfafb 100644 --- a/pnpm-stage0.advisories.yaml +++ b/pnpm-stage0.advisories.yaml @@ -20,8 +20,3 @@ advisories: componentType: npm componentLocation: /usr/lib/node_modules/pnpm/dist/node_modules/ip/package.json scanner: grype - - timestamp: 2024-02-18T15:59:51Z - type: false-positive-determination - data: - type: vulnerable-code-version-not-used - note: The vulnerability is only present in versions of ip before v1.1.8, but we have version 2.0.0. The metadata is wrong in the NVD. diff --git a/renovate.advisories.yaml b/renovate.advisories.yaml index 05ea7f8766..d280e06d37 100644 --- a/renovate.advisories.yaml +++ b/renovate.advisories.yaml @@ -24,8 +24,3 @@ advisories: type: fixed data: fixed-version: 37.186.1-r0 - - timestamp: 2024-02-18T16:00:09Z - type: false-positive-determination - data: - type: vulnerable-code-version-not-used - note: The vulnerability is only present in versions of ip before v1.1.8, but we have version 2.0.0. The metadata is wrong in the NVD. diff --git a/sqlpad.advisories.yaml b/sqlpad.advisories.yaml index d6275a5619..12cc9a9957 100644 --- a/sqlpad.advisories.yaml +++ b/sqlpad.advisories.yaml @@ -20,8 +20,3 @@ advisories: componentType: npm componentLocation: /usr/bin/sqlpad-server/node_modules/ip/package.json scanner: grype - - timestamp: 2024-02-18T16:00:25Z - type: false-positive-determination - data: - type: vulnerable-code-version-not-used - note: The vulnerability is only present in versions of ip before v1.1.8, but we have version 2.0.0. The metadata is wrong in the NVD.