Skip to content

fix: allow array-based identifiers in ignore file#587

Open
MatrixNeoKozak wants to merge 1 commit into
RetireJS:masterfrom
MatrixNeoKozak:fix/improvement-1781796688396
Open

fix: allow array-based identifiers in ignore file#587
MatrixNeoKozak wants to merge 1 commit into
RetireJS:masterfrom
MatrixNeoKozak:fix/improvement-1781796688396

Conversation

@MatrixNeoKozak

Copy link
Copy Markdown

The .retireignore.json schema in node/src/cli.ts was overly restrictive, only allowing single string values for identifiers in the ignore configuration. This prevented users from ignoring vulnerabilities that are identified by arrays (e.g., CVE lists) in the vulnerability repository. This change updates the Zod schema in node/src/cli.ts to support both string and array-of-strings values for identifiers, and updates the hasIdentifier function in node/src/scanner.ts to correctly handle array-based comparisons. This ensures that the ignore logic properly matches vulnerabilities even when multiple identifiers are provided or when the vulnerability repository uses array-based identifiers.

eoftedal
eoftedal previously approved these changes Jun 18, 2026
@MatrixNeoKozak

Copy link
Copy Markdown
Author

Hi! Just checking in to see if there is anything else needed on this PR before it can be merged. Thanks!

@eoftedal

Copy link
Copy Markdown
Member

The repository requires signed commits.

@eoftedal eoftedal dismissed their stale review June 30, 2026 06:01

Need signed commits

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants