Skip to content

Commit

Permalink
ci: allow CVE-2019-11255 in Kubernetes module dependency
Browse files Browse the repository at this point in the history
It is unclear how a module for utility functions can have the same
problem as a separate side-car that is expected to do the input
validation. The side-cars have been fixed already, no further details
are in the CVE description (from 2019).

See-also: https://github.com/advisories/GHSA-f4w6-3rh6-6q4
Signed-off-by: Niels de Vos <ndevos@ibm.com>
  • Loading branch information
nixpanic committed Jul 26, 2023
1 parent 910d852 commit 3c4ecbe
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions .github/workflows/dependency-review.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -18,3 +18,5 @@ jobs:
uses: actions/checkout@v3
- name: 'Dependency Review'
uses: actions/dependency-review-action@v3
with:
allow-ghas: CVE-2019-11255

0 comments on commit 3c4ecbe

Please sign in to comment.