pnpm.auditConfig.ignoreCves and vulnerabilities without a CVE

[pateljay1397]

The https://pnpm.io/package_json#pnpmauditconfigignorecves specifically targets CVEs to ignore in pnpm audit.

Some vulnerabilities, such as GHSA-36jr-mh4h-2g58, show up in pnpm audit but have no assigned CVE. we tried with GHSA but that does not seem to work.
Does anyone know if that's expected, or is this a bug?
If it is not a bug, then what should be the recommended workaround for it (ignore pnpm audit using GHSA).

[janhoy]

I too have this question