We've added a new configuration option:
allow-ghsas: Specify a list of various GitHub Advisory IDs you want the action to skip and not fail on.
dependency-review:
runs-on: ubuntu-latest
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v3
- name: 'Dependency Review'
uses: actions/dependency-review-action@v2
with:
allow-ghsas: 'GHSA-abcd-1234-5679, GHSA-efgh-1234-5679'