diff --git a/audit-ci.jsonc b/audit-ci.jsonc
index 8a81bf0d..c730cffa 100644
--- a/audit-ci.jsonc
+++ b/audit-ci.jsonc
@@ -72,11 +72,6 @@
     // https://github.com/cryptocoinjs/secp256k1-node/commit/dc37f41f2abfe87853b54bcd7d1b556db41b0c64#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519R35
     // from: @arbitrum/token-bridge-contracts > @openzeppelin/upgrades-core > ethereumjs-util > ethereum-cryptography
     "GHSA-584q-6j8j-r5pm",
-    // https://github.com/advisories/GHSA-fc9h-whq2-v747
-    // Valid ECDSA signatures erroneously rejected in Elliptic
-    // from: @arbitrum/token-bridge-contracts > @openzeppelin/upgrades-core > ethereumjs-util > ethereum-cryptography > secp256k1
-    // from: ethers > @ethersproject/signing-key
-    "GHSA-fc9h-whq2-v747",
     // https://github.com/advisories/GHSA-3xgq-45jj-v275
     // cross-spawn command injection vulnerability
     // Only used during development via audit-ci, nyc, and patch-package
@@ -101,12 +96,16 @@
     // https://github.com/advisories/GHSA-xcj6-pq6g-qj4x
     // the vite dev server (when exposed to the network with --host) can return contents of arbitrary files
     //
+    // https://github.com/advisories/GHSA-859w-5945-r5v3
+    // the vite dev server (when exposed to the network with --host) can return contents of arbitrary files
+    //
     // vite is only used with vitest for running tests, and without exposing the dev server to the network
     //
     // from: vitest>vite
     // from: vitest>vite-node>vite
     "GHSA-4r4m-qw57-chr8",
     "GHSA-356w-63v5-8wf4",
-    "GHSA-xcj6-pq6g-qj4x"
+    "GHSA-xcj6-pq6g-qj4x",
+    "GHSA-859w-5945-r5v3"
   ]
 }