From a077582a07b0d72699161a8ede42fb9e3c6b7ea6 Mon Sep 17 00:00:00 2001
From: Asra Ali <asraa@google.com>
Date: Tue, 27 Jul 2021 15:55:28 -0400
Subject: [PATCH 1/2] fix false positive CVE scan from node

Signed-off-by: Asra Ali <asraa@google.com>
---
 tools/dependency/cve_scan.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/tools/dependency/cve_scan.py b/tools/dependency/cve_scan.py
index 85c4e7a0264df..7a38d7115f000 100755
--- a/tools/dependency/cve_scan.py
+++ b/tools/dependency/cve_scan.py
@@ -61,6 +61,9 @@
     # False positive on the match heuristic, fixed in Curl 7.76.0.
     'CVE-2021-22876',
     'CVE-2021-22890',
+    # Node.js issue unrelated to http-parser.
+    # See https://nvd.nist.gov/vuln/detail/CVE-2021-22921
+    'CVE-2021-22921',
 ])
 
 # Subset of CVE fields that are useful below.

From b306685db94825c175f0a43f8f6277a6297772bd Mon Sep 17 00:00:00 2001
From: Asra Ali <asraa@google.com>
Date: Tue, 27 Jul 2021 15:58:38 -0400
Subject: [PATCH 2/2] missed one

Signed-off-by: Asra Ali <asraa@google.com>
---
 tools/dependency/cve_scan.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/tools/dependency/cve_scan.py b/tools/dependency/cve_scan.py
index 7a38d7115f000..ddb4663cb10ef 100755
--- a/tools/dependency/cve_scan.py
+++ b/tools/dependency/cve_scan.py
@@ -61,8 +61,10 @@
     # False positive on the match heuristic, fixed in Curl 7.76.0.
     'CVE-2021-22876',
     'CVE-2021-22890',
-    # Node.js issue unrelated to http-parser.
+    # Node.js issues unrelated to http-parser.
+    # See https://nvd.nist.gov/vuln/detail/CVE-2021-22918
     # See https://nvd.nist.gov/vuln/detail/CVE-2021-22921
+    'CVE-2021-22918',
     'CVE-2021-22921',
 ])