From c7abe6e7c8af469e5ddae513d4ad0cd4d31731a0 Mon Sep 17 00:00:00 2001
From: Niels de Vos <ndevos@ibm.com>
Date: Wed, 26 Jul 2023 08:41:43 +0200
Subject: [PATCH] ci: allow CVE-2019-11255 in Kubernetes module dependency

It is unclear how a module for utility functions can have the same
problem as a separate side-car that is expected to do the input
validation. The side-cars have been fixed already, no further details
are in the CVE description (from 2019).

See-also: https://github.com/advisories/GHSA-f4w6-3rh6-6q4
Signed-off-by: Niels de Vos <ndevos@ibm.com>
---
 .github/workflows/dependency-review.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/dependency-review.yaml b/.github/workflows/dependency-review.yaml
index 28f8f12738a..8d0533c9d2d 100644
--- a/.github/workflows/dependency-review.yaml
+++ b/.github/workflows/dependency-review.yaml
@@ -18,3 +18,5 @@ jobs:
         uses: actions/checkout@v3
       - name: 'Dependency Review'
         uses: actions/dependency-review-action@v3
+        with:
+          allow-ghsas: GHSA-f4w6-3rh6-6q4q