chore: add GHSA-5c6j-r48x-rmvq to .iyarc exclusions

yashvanthbl137-crypto · yashvanthbl137-crypto · commit 6f15a3e87dbd · 2026-03-03T00:29:50.000+05:30
Ticket: CGARD-518
diff --git a/.iyarc b/.iyarc
@@ -43,3 +43,9 @@ GHSA-7r86-cg39-jmmj
 # - Only affects dev-time tooling, not production code
 # - Mitigated by controlled inputs (our own build scripts, not user-provided patterns)
 GHSA-23c5-xmqv-rm74
+
+# Excluded because:
+# - Transitive devDependency through mocha, terser-webpack-plugin, copy-webpack-plugin
+# - serialize-javascript RCE via malicious RegExp.flags and Date.prototype.toISOString()
+# - Only affects dev-time tooling, not production code
+GHSA-5c6j-r48x-rmvq
