Skip to content

Commit 129de06

Browse files
szakariasTony Sansone
authored and
Tony Sansone
committed
Add reference documentation for 'ignored_advisories' in the pubspec (dart-lang#5487)
1 parent a289ba6 commit 129de06

File tree

1 file changed

+23
-1
lines changed

1 file changed

+23
-1
lines changed

src/tools/pub/pubspec.md

+23-1
Original file line numberDiff line numberDiff line change
@@ -96,7 +96,7 @@ A pubspec can have the following fields:
9696

9797
`ignored_advisories`
9898
: Optional. List of ignored security advisories.
99-
[_Learn more._](/tools/pub/security-advisories)
99+
[_Learn more._](#ignored_advisories)
100100

101101
Pub ignores all other fields.
102102

@@ -449,6 +449,28 @@ Pub.dev requires topics to follow these specifications:
449449
When choosing topics, consider if [existing topics]({{site.pub}}/topics)
450450
are relevant. Tagging with existing topics helps users discover your package.
451451

452+
### Ignored_advisories
453+
454+
If a package has a dependency that is affected by a security advisory,
455+
pub warns about the advisory during dependency resolution.
456+
Package authors can use the `ignored_advisories` field as an allowlist
457+
of triggered advisories that are not relevant for the package.
458+
459+
To suppress the warning about an advisory,
460+
add the advisory identifier to the `ignored_advisories` list.
461+
For example:
462+
463+
```yaml
464+
name: myapp
465+
dependencies:
466+
foo: ^1.0.0
467+
ignored_advisories:
468+
- GHSA-4rgh-jx4f-qfcq
469+
```
470+
471+
For more information, check out
472+
[Security advisories](/tools/pub/security-advisories).
473+
452474
### SDK constraints
453475

454476
A package can indicate which versions of its dependencies it supports, but

0 commit comments

Comments
 (0)