diff --git a/lib/workers/repository/init/vulnerability.spec.ts b/lib/workers/repository/init/vulnerability.spec.ts index 55857bc4b63c770caba9739689be61d9088c7f96..8df0d3365272277ac75796fe3f879e5ae49c707e 100644 --- a/lib/workers/repository/init/vulnerability.spec.ts +++ b/lib/workers/repository/init/vulnerability.spec.ts @@ -62,6 +62,21 @@ describe(getName(), () => { vulnerableVersionRange: '>= 1.8, < 1.8.3', }, }, + { + // this will be ignored + dismissReason: null, + vulnerableManifestFilename: 'package-lock.json', + vulnerableManifestPath: 'backend/package-lock.json', + securityAdvisory: { + references: [], + severity: null, + }, + securityVulnerability: { + package: { ecosystem: 'NPM', name: 'yargs-parser' }, + vulnerableVersionRange: '>5.0.0-security.0', + }, + vulnerableRequirements: '= 5.0.1', + }, { dismissReason: 'some reason', vulnerableManifestFilename: 'package-lock.json', diff --git a/lib/workers/repository/init/vulnerability.ts b/lib/workers/repository/init/vulnerability.ts index dfab167a797433dfcd74f1d3cf08b807955cd5a0..a69adec448b1f42f1ccf3e5c804c88c505c00a7a 100644 --- a/lib/workers/repository/init/vulnerability.ts +++ b/lib/workers/repository/init/vulnerability.ts @@ -67,6 +67,13 @@ export async function detectVulnerabilityAlerts( }; const combinedAlerts: CombinedAlert = {}; for (const alert of alerts) { + if ( + alert.securityVulnerability?.package?.name === 'yargs-parser' && + (alert.vulnerableRequirements === '= 5.0.0-security.0' || + alert.vulnerableRequirements === '= 5.0.1') + ) { + continue; // eslint-disable-line no-continue + } try { if (alert.dismissReason) { continue; // eslint-disable-line no-continue