forked from solana-foundation/solana-com
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathpnpm-workspace.yaml
More file actions
27 lines (25 loc) · 1.03 KB
/
Copy pathpnpm-workspace.yaml
File metadata and controls
27 lines (25 loc) · 1.03 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
packages:
- apps/*
- packages/*
catalog:
next: 15.5.18
next-intl: 4.13.0
react: 19.2.6
react-dom: 19.2.6
vitest: 4.1.8
auditConfig:
# Each entry MUST carry a justification (SDLC §3.2.2: "Own the gap").
# Review these whenever a patched upstream release becomes available.
ignoreGhsas:
# @solana/spl-token depends on bigint-buffer and has no patched release.
- GHSA-3gc7-fjrx-p6mg
# thrift <0.23.0 — Uncontrolled Recursion. Reached only via
# @databricks/sql, which pins thrift ^0.16.0; no patched @databricks/sql
# release exists. thrift is a server-side RPC client (never bundled to the
# browser) and only ever parses responses from the trusted Databricks SQL
# backend, so the DoS surface is not externally reachable.
- GHSA-r67j-r569-jrwp
# thrift <=0.22.0 — Path Traversal / HTTP request-response splitting /
# uncontrolled resource consumption. No upstream fix reachable through
# @databricks/sql. Same containment as above: trusted-peer, server-only.
- GHSA-526f-jxpj-jmg2