Skip to content

Commit

Permalink
Ignore Snyk timespan report - https://snyk.io/vuln/npm:timespan:20170907
Browse files Browse the repository at this point in the history 


Transitive dependency pulled in by Forever. Vulnerability does not affect us because it requires a specially-crafted input string and Forever only ever uses input from the system clock.

See:
indexzero/TimeSpan.js#10
https://payments-platform.atlassian.net/browse/PP-2687
  • Loading branch information
@DanailMinchev
DanailMinchev committed Nov 17, 2017
1 parent 5f74bbc commit 3af74ef
Showing 1 changed file with 6 additions and 1 deletion.
7 changes: 6 additions & 1 deletion .snyk
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,11 @@
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.7.0
ignore: {}
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
'npm:timespan:20170907':
- '*':
reason: Transitive dependency pulled in by Forever. Vulnerability does not affect us because it requires a specially-crafted input string and Forever only ever uses input from the system clock. See PP-2687.
expires: 2017-12-20T00:00:00.000Z
# patches apply the minimum changes required to fix a vulnerability
patch:
'npm:ms:20170412':
Expand Down

0 comments on commit 3af74ef

Please sign in to comment.