Cannot add an exclusion list for advisories with the GitHub URL
Closed this issue ยท 7 comments
WARNING: One or more excluded audit advisories were missing from yarn audit output: 1693,1695
Probably as advisories now come from GitHub? https://github.com/advisories/GHSA-4943-9vgg-gr5r
But it doesn't allow me to use the GHSA
identifier and neither the URL.
Is there a workaround to add these to an exclusion list?
According to this article there should be a redirect on npmjs advisories pointing to GitHub - which at present it doesn't seem to be working.
Redirects work again. This is no longer an issue.
I think it might still be valuable to support the github advisories as well?
@pavlakis how did you get the corresponding npmjs url? When I run this package now it only spits out GitHub advisory urls, although I can see yarn audit
using npmjs urls that redirect to GitHub like you said
@firefox0102 it stopped complaining at some point and I left it alone.
But unfortunately today the errors started coming through. So back to square one until the GH advisories are added to the exclusion list.
I opened a PR to poke around at supporting both the npmjs urls and the new GHSA urls
#27
Same issue, I'm waiting for the merge of the PR ๐