ci: allow CVE-2019-11255 in Kubernetes module dependency

It is unclear how a module for utility functions can have the same problem as a separate side-car that is expected to do the input validation. The side-cars have been fixed already, no further details are in the CVE description (from 2019). See-also: https://github.com/advisories/GHSA-f4w6-3rh6-6q4 Signed-off-by: Niels de Vos <[email protected]>
ceph · Jul 26, 2023 · d41c7c8 · d41c7c8
1 parent 910d852
commit d41c7c8
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/.github/workflows/dependency-review.yaml b/.github/workflows/dependency-review.yaml
@@ -18,3 +18,5 @@ jobs:
         uses: actions/checkout@v3
       - name: 'Dependency Review'
         uses: actions/dependency-review-action@v3
+        with:
+          allow-ghsas: GHSA-f4w6-3rh6-6q4q