ci: fix dep review

across-protocol · Nov 8, 2024 · cc83e77 · cc83e77
1 parent 2befc7f
commit cc83e77
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/.github/workflows/dependency-review.yaml b/.github/workflows/dependency-review.yaml
@@ -16,6 +16,8 @@ jobs:
         with:
           fail-on-severity: high
           # Comma-separated list of GHSA IDs to allow.
-          # We allow @openzeppelin/[email protected] critical vulnerabilities
+          # We allow the following critical vulnerabilities
           # because they are not exploitable in our usage of the package.
-          allow-ghsas: GHSA-fg47-3c2x-m2wr, GHSA-88g8-f5mf-f5rj, GHSA-3h5v-q93c-6h6q
+          # - @openzeppelin/[email protected]
+          # - @openzeppelin/[email protected]
+          allow-ghsas: GHSA-fg47-3c2x-m2wr, GHSA-88g8-f5mf-f5rj, GHSA-3h5v-q93c-6h6q, GHSA-qh9x-gcfh-pcrw, GHSA-4g63-c64m-25w9, GHSA-xrc4-737v-9q75, GHSA-4h98-2769-gh6h, GHSA-4h98-2769-gh6h