mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-11-17 20:00:23 +00:00
ce26b0e212
It is unclear how a module for utility functions can have the same problem as a separate side-car that is expected to do the input validation. The side-cars have been fixed already, no further details are in the CVE description (from 2019). See-also: https://github.com/advisories/GHSA-f4w6-3rh6-6q4 Signed-off-by: Niels de Vos <ndevos@ibm.com>
23 lines
421 B
YAML
23 lines
421 B
YAML
---
|
|
name: 'Dependency Review'
|
|
# yamllint disable-line rule:truthy
|
|
on:
|
|
pull_request:
|
|
branches:
|
|
- '*'
|
|
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
dependency-review:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: 'Checkout Repository'
|
|
uses: actions/checkout@v3
|
|
- name: 'Dependency Review'
|
|
uses: actions/dependency-review-action@v3
|
|
with:
|
|
allow-ghsas: GHSA-f4w6-3rh6-6q4q
|