Skip to content

Commit 0dbc251

Browse files
Merge pull request #16 from step-security/fix-vulns
chore: Add additional ignored vulnerabilities to osv-scanner configuration
2 parents 2176cdb + 82bcf40 commit 0dbc251

1 file changed

Lines changed: 12 additions & 0 deletions

File tree

osv-scanner.toml

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,3 +5,15 @@ reason = "undici - Low risk; requires malicious GitHub API response; action only
55
[[IgnoredVulns]]
66
id = "GHSA-2mjp-6q6p-2qxm"
77
reason = "undici - Low risk; requires proxy misconfiguration; action runs in GitHub-hosted environment"
8+
9+
[[IgnoredVulns]]
10+
id = "GHSA-vrm6-8vpv-qv8q"
11+
reason = "undici - Not exploitable; WebSocket functionality not used by this action"
12+
13+
[[IgnoredVulns]]
14+
id = "GHSA-v9p9-hfj2-hcw8"
15+
reason = "undici - Not exploitable; WebSocket functionality not used by this action"
16+
17+
[[IgnoredVulns]]
18+
id = "GHSA-4992-7rv2-5pvq"
19+
reason = "undici - Not exploitable; upgrade option not used by this action"

0 commit comments

Comments
 (0)