From c52012f7a567edacb6611a9aca33204cf365e53b Mon Sep 17 00:00:00 2001
From: Michael Dawson <mdawson@devrus.com>
Date: Tue, 8 Mar 2022 17:46:58 -0500
Subject: [PATCH] test: exclude vulnerability that is ok to ignore

- requires https://github.com/nodeshift/npcheck/pull/133
  to land in order to take effect

Signed-off-by: Michael Dawson <mdawson@devrus.com>
---
 npcheck.json | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/npcheck.json b/npcheck.json
index 773b9717..77f955f8 100644
--- a/npcheck.json
+++ b/npcheck.json
@@ -225,5 +225,14 @@
     "note-1" : "ibmcloud-appid, @ibm-cloud/cloudant, opossum, ibm_db are Red Hat/IBM modules that would need broader usage before being considered for CITGM",
     "note-2" : "cldr-localenames-full does not have tests as it is a data delivery module and therefore does not beong in CITGM",
     "skip": ["ibmcloud-appid", "@ibm-cloud/cloudant", "opossum", "ibm_db", "cldr-localenames-full"]
+  },
+  "audit": {
+    "allow": {
+      "CVE-2022-0235": [{
+        "note": ["opencollective uses an old version of node-fetch. opencollective is used to ask for funding and the reported vulnerability is not a concern in that module"],
+        "name": "node-fetch",
+        "effects": ["opencollective"]
+      }]
+    }
   }
 }