chore: ignore CVE-2022-0624 - not exploitable in Argo CD (argoproj#10128

) Signed-off-by: CI <[email protected]>
tkasuz · Jul 28, 2022 · e786ff8 · e786ff8
1 parent 57a407e
commit e786ff8
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/.snyk b/.snyk
@@ -28,5 +28,13 @@ ignore:
     - '*':
         reason: >-
           Code is only run client-side. No risk of arbitrary file upload.
+  SNYK-JS-PARSEPATH-2936439:
+    - '*':
+        reason: >-
+          The issue is that, for specific URLs, parse-path may incorrectly identify the "resource" (domain name)
+          portion. For example, in "http://127.0.0.1#@example.com", it identifies "example.com" as the "resource".
+
+          We use parse-path on the client side, but permissions for git URLs are checked server-side. This is a
+          potential usability issue, but it is not a security issue.
 patch: {}