Temporarily ignore lodash prototype pollution (#904)

mozilla · Jul 3, 2019 · b1a4542 · b1a4542
1 parent 26f7091
commit b1a4542
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/.snyk b/.snyk
@@ -14,4 +14,8 @@ ignore:
     - '*':
         reason: We use http-proxy-middleware in development only and react-scripts does not accept user input to trigger an exploit
         expires: 2019-10-31T00:00:00.000Z
+  SNYK-JS-LODASH-450202:
+    - '*':
+        reason: While developers / XPIs do have the ability to inject JSON into our system, nothing that depends on this exact version of lodash is handling incoming JSON data
+        expires: 2019-08-01T00:00:00.000Z
 patch: {}