Skip to content

Dependency Review #95430

Dependency Review

Dependency Review #95430

name: Dependency Review
on:
pull_request:
merge_group:
jobs:
dependency-review:
uses: gravitational/shared-workflows/.github/workflows/dependency-review.yaml@main
permissions:
contents: read
pull-requests: write
with:
base-ref: ${{ github.event.pull_request.base.sha || 'master' }}
# 'GHSA-6xf3-5hp7-xqqg' is a false positive. That's an old Teleport Vuln,
# but because of the replace, the dependency cannot find the correct
# Teleport version.
allow-ghsas: 'GHSA-6xf3-5hp7-xqqg'
# IronRDP uses MIT/Apache-2.0 but slashes are not recognized by dependency review action
allow-dependencies-licenses: >-
pkg:cargo/ironrdp-core,
pkg:cargo/ironrdp-async,
pkg:cargo/ironrdp-connector,
pkg:cargo/ironrdp-pdu,
pkg:cargo/ironrdp-session,
pkg:cargo/ironrdp-svc,
pkg:cargo/ironrdp-tokio,
pkg:cargo/asn1-rs,
pkg:cargo/asn1-rs-derive,
pkg:cargo/asn1-rs-impl,
pkg:cargo/curve25519-dalek-derive,
pkg:cargo/der-parser,
pkg:cargo/icu_collections,
pkg:cargo/icu_locid,
pkg:cargo/icu_locid_transform,
pkg:cargo/icu_locid_transform_data,
pkg:cargo/icu_normalizer,
pkg:cargo/icu_normalizer_data,
pkg:cargo/icu_properties,
pkg:cargo/icu_properties_data,
pkg:cargo/icu_provider,
pkg:cargo/icu_provider_macros,
pkg:cargo/litemap,
pkg:cargo/ring,
pkg:cargo/sspi,
pkg:cargo/tokio-boring,
pkg:cargo/tokio-rustls,
pkg:cargo/writeable,
pkg:cargo/yoke,
pkg:cargo/yoke-derive,
pkg:cargo/zerofrom,
pkg:cargo/zerofrom-derive,
pkg:cargo/zerovec,
pkg:cargo/zerovec-derive,
pkg:npm/prettier