From ad8d87f47dc45f936f2a2f8672504dd510229a13 Mon Sep 17 00:00:00 2001
From: Yavor Ivanov <d3xter666@users.noreply.github.com>
Date: Mon, 3 Jul 2023 14:58:48 +0300
Subject: [PATCH] [INTERNAL] Disable security audit warning for legacy semver
 (#844)

---
 audit-ci.jsonc | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/audit-ci.jsonc b/audit-ci.jsonc
index 5051acbe40..8452c4c9f9 100644
--- a/audit-ci.jsonc
+++ b/audit-ci.jsonc
@@ -18,6 +18,13 @@
 		
 		// "cacheable-request" has a dependency to "http-cache-semantics" (GHSA-rc47-6667-2j5j) which is 
 		// why it is considered as high severity. Not applicable as described above for GHSA-rc47-6667-2j5j.
-		"GHSA-8x6c-cv3v-vp6g"
+		"GHSA-8x6c-cv3v-vp6g",
+		
+		// "semver" vulnerable to Regular Expression Denial of Service.
+		// "semver" is a dependency of "make-dir" that's only used in v2 branch. As we have decided to
+		// deprecate the v2 branch and encourage people to migrate their projects to v3, we are not
+		// considering fix for this.
+		"GHSA-c2qf-rxjj-qqgw|make-dir>semver>",
+		"GHSA-c2qf-rxjj-qqgw|*>make-dir>semver>*"
 	]
   }