mirrors/ceph-csi
1
0
Fork 0
mirror of https://github.com/ceph/ceph-csi.git synced 2024-11-09 16:00:22 +00:00
Code Issues Packages Projects Releases Wiki Activity
f371aa2677
ceph-csi/.github/workflows/dependency-review.yaml
Niels de Vos ce26b0e212 ci: allow CVE-2019-11255 in Kubernetes module dependency 
It is unclear how a module for utility functions can have the same
problem as a separate side-car that is expected to do the input
validation. The side-cars have been fixed already, no further details
are in the CVE description (from 2019).

See-also: https://github.com/advisories/GHSA-f4w6-3rh6-6q4
Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-07-26 13:34:23 +00:00

23 lines
421 B
YAML
Raw Blame History

---
name: 'Dependency Review'
# yamllint disable-line rule:truthy
on:
pull_request:
branches:
- '*'
permissions:
contents: read
jobs:
dependency-review:
runs-on: ubuntu-latest
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v3
- name: 'Dependency Review'
uses: actions/dependency-review-action@v3
with:
allow-ghsas: GHSA-f4w6-3rh6-6q4q
Reference in New Issue View Git Blame Copy Permalink