dependencies: allowlist CVE-2020-7768 to prevent false positives. (#1…

…4239) This only appears to affect Javascript gRPC. cve_scan.py runs cleanly after adding this. Signed-off-by: Harvey Tuch <[email protected]>
envoyproxy · Dec 2, 2020 · 20171dd · 20171dd
1 parent 20bd8f7
commit 20171dd
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/tools/dependency/cve_scan.py b/tools/dependency/cve_scan.py
@@ -37,6 +37,8 @@
     # Node.js issue rooted in a c-ares bug. Does not appear to affect
     # http-parser or our use of c-ares, c-ares has been bumped regardless.
     'CVE-2020-8277',
+    # gRPC issue that only affects Javascript bindings.
+    'CVE-2020-7768',
 ])
 
 # Subset of CVE fields that are useful below.