fix: allow known unpatched lodash advisory in dependency review

Copilot · web-flow · commit 8cd6d40f8084 · 2026-06-09T09:42:12.000Z
diff --git a/.github/dependency-review-config.yml b/.github/dependency-review-config.yml
@@ -12,3 +12,8 @@ comment-summary-in-pr: always
 fail-on-scopes:
   - runtime
   - unknown
+
+# GHSA-r5fr-rjxr-66jc currently has no patched lodash release.
+# This is only introduced transitively via @primer/react -> styled-components.
+allow-ghsas:
+  - GHSA-r5fr-rjxr-66jc
