Skip to content

Dependency Review #93235

Dependency Review

Dependency Review #93235

name: Dependency Review
on:
pull_request:
merge_group:
jobs:
dependency-review:
uses: gravitational/shared-workflows/.github/workflows/dependency-review.yaml@main
permissions:
contents: read
pull-requests: write
with:
base-ref: ${{ github.event.pull_request.base.sha || 'master' }}
# 'GHSA-6xf3-5hp7-xqqg' is a false positive. That's an old Teleport Vuln,
# but because of the replace, the dependency cannot find the correct
# Teleport version.
allow-ghsas: 'GHSA-6xf3-5hp7-xqqg'
allow-dependencies-licenses: >-
pkg:cargo/curve25519-dalek-derive,
pkg:cargo/ring,
pkg:cargo/sspi,
pkg:cargo/tokio-boring,
pkg:cargo/tokio-rustls,
pkg:cargo/asn1-rs,
pkg:cargo/asn1-rs-derive,
pkg:cargo/asn1-rs-impl,
pkg:cargo/der-parser