Skip to content

Commit

Permalink
ci: allow CVE-2019-11255 in Kubernetes module dependency
Browse files Browse the repository at this point in the history
It is unclear how a module for utility functions can have the same
problem as a separate side-car that is expected to do the input
validation. The side-cars have been fixed already, no further details
are in the CVE description (from 2019).

See-also: https://github.com/advisories/GHSA-f4w6-3rh6-6q4
Signed-off-by: Niels de Vos <[email protected]>
  • Loading branch information
nixpanic committed Jul 26, 2023
1 parent f13a4e7 commit c7abe6e
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions .github/workflows/dependency-review.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -18,3 +18,5 @@ jobs:
uses: actions/checkout@v3
- name: 'Dependency Review'
uses: actions/dependency-review-action@v3
with:
allow-ghsas: GHSA-f4w6-3rh6-6q4q

0 comments on commit c7abe6e

Please sign in to comment.