Skip to content

Commit 2176cdb

Browse files
Merge pull request #15 from step-security/fix-vulns
chore: Add ignored vulnerabilities to osv-scanner configuration
2 parents e3acb9e + 8afbc32 commit 2176cdb

1 file changed

Lines changed: 7 additions & 0 deletions

File tree

osv-scanner.toml

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
[[IgnoredVulns]]
2+
id = "GHSA-g9mf-h72j-4rw9"
3+
reason = "undici - Low risk; requires malicious GitHub API response; action only calls trusted GitHub endpoints"
4+
5+
[[IgnoredVulns]]
6+
id = "GHSA-2mjp-6q6p-2qxm"
7+
reason = "undici - Low risk; requires proxy misconfiguration; action runs in GitHub-hosted environment"

0 commit comments

Comments
 (0)