Update known vulnerabilities (#2270)

### Description There is a new vulnerability alert for simple-plist GHSA-gff7-g5r8-mg8m however the issue is not yet resolved from the project. For now ignore the vulnerability to unblock the CI, but we should bump the resolved version of simple-plist once [issue #60](wollardj/simple-plist#60) is resolved. ### Other changes N/A ### Tested N/A ### How others should test N/A ### Related issues N/A ### Backwards compatibility Yes
valora-inc · Mar 30, 2022 · 2e56a31 · 2e56a31
1 parent 54c505f
commit 2e56a31
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/yarn-audit-known-issues b/yarn-audit-known-issues
@@ -0,0 +1 @@
+{"type":"auditAdvisory","data":{"resolution":{"id":1067309,"path":"@celo/mobile>react-native>@react-native-community/cli-platform-ios>xcode>simple-plist","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"1.0.0","paths":["@celo/mobile>react-native>@react-native-community/cli-platform-ios>xcode>simple-plist"]}],"metadata":null,"vulnerable_versions":"<=1.3.0","module_name":"simple-plist","severity":"critical","github_advisory_id":"GHSA-gff7-g5r8-mg8m","cves":["CVE-2022-26260"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":9.8,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},"updated":"2022-03-29T21:44:08.000Z","recommendation":"None","cwe":["CWE-1321"],"found_by":null,"deleted":null,"id":1067309,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2022-26260\n- https://github.com/wollardj/simple-plist/issues/60\n- https://github.com/advisories/GHSA-gff7-g5r8-mg8m","created":"2022-03-23T00:00:22.000Z","reported_by":null,"title":"Prototype Pollution in simple-plist","npm_advisory_id":null,"overview":"simple-plist v1.3.0 was discovered to contain a prototype pollution vulnerability via .parse().","url":"https://github.com/advisories/GHSA-gff7-g5r8-mg8m"}}}