Commit 01f6180 1 parent 8e74b08 commit 01f6180 Copy full SHA for 01f6180
File tree 1 file changed +23
-1
lines changed
1 file changed +23
-1
lines changed Original file line number Diff line number Diff line change @@ -96,7 +96,7 @@ A pubspec can have the following fields:
96
96
97
97
` ignored_advisories `
98
98
: Optional. List of ignored security advisories.
99
- [ _ Learn more._ ] ( /tools/pub/security-advisories )
99
+ [ _ Learn more._ ] ( #ignored_advisories )
100
100
101
101
Pub ignores all other fields.
102
102
@@ -449,6 +449,28 @@ Pub.dev requires topics to follow these specifications:
449
449
When choosing topics, consider if [existing topics]({{site.pub}}/topics)
450
450
are relevant. Tagging with existing topics helps users discover your package.
451
451
452
+ # ## Ignored_advisories
453
+
454
+ If a package has a dependency that is affected by a security advisory,
455
+ pub warns about the advisory during dependency resolution.
456
+ Package authors can use the `ignored_advisories` field as an allowlist
457
+ of triggered advisories that are not relevant for the package.
458
+
459
+ To suppress the warning about an advisory,
460
+ add the advisory identifier to the `ignored_advisories` list.
461
+ For example :
462
+
463
+ ` ` ` yaml
464
+ name: myapp
465
+ dependencies:
466
+ foo: ^1.0.0
467
+ ignored_advisories:
468
+ - GHSA-4rgh-jx4f-qfcq
469
+ ` ` `
470
+
471
+ For more information, check out
472
+ [Security advisories](/tools/pub/security-advisories).
473
+
452
474
# ## SDK constraints
453
475
454
476
A package can indicate which versions of its dependencies it supports, but
You can’t perform that action at this time.
0 commit comments