From 0c644d6265d4340f185712cd088f289571cb2934 Mon Sep 17 00:00:00 2001
From: Dan J Miller <danjm.com@gmail.com>
Date: Tue, 10 Sep 2024 12:02:21 -0230
Subject: [PATCH] Cherry pick 9405bc1 (#27034)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->

## **Description**

<!--
Write a short description of the changes included in this pull request,
also include relevant motivation and context. Have in mind the following
questions:
1. What is the reason for the change?
2. What is the improvement/solution?
-->

[![Open in GitHub
Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/MetaMask/metamask-extension/pull/27034?quickstart=1)

## **Related issues**

Fixes:

## **Manual testing steps**

1. Go to this page...
2.
3.

## **Screenshots/Recordings**

<!-- If applicable, add screenshots and/or recordings to visualize the
before and after of your change. -->

### **Before**

<!-- [screenshots/recordings] -->

### **After**

<!-- [screenshots/recordings] -->

## **Pre-merge author checklist**

- [ ] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/develop/.github/guidelines/CODING_GUIDELINES.md).
- [ ] I've completed the PR template to the best of my ability
- [ ] I’ve included tests if applicable
- [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [ ] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/develop/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.
---
 .yarnrc.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/.yarnrc.yml b/.yarnrc.yml
index 252333917781..1522080c0561 100644
--- a/.yarnrc.yml
+++ b/.yarnrc.yml
@@ -43,6 +43,16 @@ npmAuditIgnoreAdvisories:
   # not appear to be used.
   - 1092461
 
+  # Issue: path-to-regexp outputs backtracking regular expressions
+  # URL: https://github.com/advisories/GHSA-9wv6-86v2-598j
+  # path-to-regexp is used in react-router v5.1.2, which we use. However, the
+  # vulnerability in path-to-regexp could only be exploited within react-router
+  # if malicious properties were passed to react-router components or methods
+  # explicitly from our code. As such, this vulneratibility cannot be exploited
+  # by an external / malicious actor. Meanwhile, once we update to v6+,
+  # path-to-regexp will no longer be used.
+  - 1099499
+
   # Temp fix for https://github.com/MetaMask/metamask-extension/pull/16920 for the sake of 11.7.1 hotfix
   # This will be removed in this ticket https://github.com/MetaMask/metamask-extension/issues/22299
   - 'ts-custom-error (deprecation)'