From 1a213549e62b9655b09939f57082aa67230913d4 Mon Sep 17 00:00:00 2001
From: mdtro <20070360+mdtro@users.noreply.github.com>
Date: Thu, 17 Oct 2024 13:30:17 -0500
Subject: [PATCH] custom dependency review config

---
 .github/dependency-review-config.yml | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 .github/dependency-review-config.yml

diff --git a/.github/dependency-review-config.yml b/.github/dependency-review-config.yml
new file mode 100644
index 0000000..99deb0e
--- /dev/null
+++ b/.github/dependency-review-config.yml
@@ -0,0 +1,7 @@
+fail-on-severity: 'high'
+allow-ghsas:
+  # dependency review does not allow specific file exclusions
+  # we use an older version of NextJS in our tests and thus need to 
+  # exclude this
+  # once our minimum supported version is over 14.1.1 this can be removed
+  - GHSA-fr5h-rqp8-mj6g