name: Dependency Review on: pull_request: merge_group: jobs: dependency-review: uses: gravitational/shared-workflows/.github/workflows/dependency-review.yaml@main permissions: contents: read pull-requests: write with: base-ref: ${{ github.event.pull_request.base.sha || 'branch/v15' }} # 'GHSA-6xf3-5hp7-xqqg' is a false positive. That's an old Teleport Vuln, # but because of the replace, the dependency cannot find the correct # Teleport version. allow-ghsas: 'GHSA-xwh9-gc39-5298,GHSA-6xf3-5hp7-xqqg' allow-dependencies-licenses: >- pkg:cargo/curve25519-dalek-derive, pkg:cargo/ring, pkg:cargo/sspi, pkg:cargo/tokio-boring, pkg:cargo/asn1-rs, pkg:cargo/asn1-rs-derive, pkg:cargo/asn1-rs-impl, pkg:cargo/der-parser