diff --git a/audit-ci.jsonc b/audit-ci.jsonc
index e00f4a2f..79636a73 100644
--- a/audit-ci.jsonc
+++ b/audit-ci.jsonc
@@ -73,6 +73,8 @@
     // Valid ECDSA signatures erroneously rejected in Elliptic
     "GHSA-fc9h-whq2-v747",
     // secp256k1-node allows private key extraction over ECDH
-    "GHSA-584q-6j8j-r5pm"
+    "GHSA-584q-6j8j-r5pm",
+    // Regular Expression Denial of Service (ReDoS) in cross-spawn
+    "GHSA-3xgq-45jj-v275"
   ]
 }
diff --git a/scripts/boldUpgradeCommon.ts b/scripts/boldUpgradeCommon.ts
index 3d984569..a9c538a5 100644
--- a/scripts/boldUpgradeCommon.ts
+++ b/scripts/boldUpgradeCommon.ts
@@ -95,10 +95,6 @@ export const validateConfig = async (
   config: Config,
   l1Rpc: providers.Provider
 ) => {
-  // check all the config.contracts exist
-  // if ((await l1Rpc.getCode(config.contracts.excessStakeReceiver)).length <= 2) {
-  //   throw new Error('excessStakeReceiver address is not a contract')
-  // }
   if ((await l1Rpc.getCode(config.contracts.rollup)).length <= 2) {
     throw new Error('rollup address is not a contract')
   }
diff --git a/scripts/executeBoldUpgrade.ts b/scripts/executeBoldUpgrade.ts
index 7eb09efc..41e2c64e 100644
--- a/scripts/executeBoldUpgrade.ts
+++ b/scripts/executeBoldUpgrade.ts
@@ -112,7 +112,7 @@ async function perform(
     timelockSigner
   )
 
-  // // what validators did we have in the old rollup?
+  // what validators did we have in the old rollup?
   const boldActionPerformData = boldAction.interface.encodeFunctionData(
     'perform',
     [config.validators]