Merge pull request #107 from step-security/fix-Manual-Audit-Fix

some vulns were put to osv-scanner

Author: Raj-StepSecurity

.github/workflows/audit_package.yml

@@ -11,6 +11,11 @@ on:
         description: "Specify package manager (npm or yarn)"
         required: false
         default: "yarn"
+      script:
+        description: "Specify the build script to run"
+        required: false
+        type: string
+        default: "yarn build"        
 
   schedule:
     - cron: "0 0 * * 1"
@@ -21,9 +26,10 @@ jobs:
     with:
       base_branch: ${{ github.event.inputs.base_branch || 'main' }}
       package_manager: "yarn"
+      script: ${{ github.event.inputs.script || 'yarn build' }}
 
 permissions:
   contents: write
   pull-requests: write
   packages: read
-  issues: write
+  issues: write

osv-scanner.toml

@@ -4,4 +4,16 @@ reason = "It is a test dependency"
 
 [[IgnoredVulns]]
 id = "GHSA-vg6x-rcgg-rjx6"
-reason = "It is a test dependency"
+reason = "It is a test dependency"
+
+[[IgnoredVulns]]
+id = "GHSA-h5c3-5r3r-rr8q"
+reason = "Untrusted headers are not processed"
+
+[[IgnoredVulns]]
+id = "GHSA-rmvr-2pp2-xj38"
+reason = "Untrusted headers are not processed"
+
+[[IgnoredVulns]]
+id = "GHSA-xx4v-prfh-6cgc"
+reason = "Untrusted headers are not processed"