From cd8cbdfc9434ec352eb0ae3d90de6f8b743eccd6 Mon Sep 17 00:00:00 2001
From: mdtro <20070360+mdtro@users.noreply.github.com>
Date: Tue, 23 Jul 2024 16:50:58 -0500
Subject: [PATCH 1/3] ci: dependency review action

---
 .github/workflows/dependency-review.yml | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 .github/workflows/dependency-review.yml

diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
new file mode 100644
index 000000000000..24510de818ed
--- /dev/null
+++ b/.github/workflows/dependency-review.yml
@@ -0,0 +1,19 @@
+name: 'Dependency Review'
+on:
+  pull_request:
+    branches: ['master']
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout Repository'
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - name: Dependency Review
+        uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4
+        with:
+          # Possible values: "critical", "high", "moderate", "low"
+          fail-on-severity: high

From 2351c9c3260ccab62e34a65bb49cdc90c36d5804 Mon Sep 17 00:00:00 2001
From: mdtro <20070360+mdtro@users.noreply.github.com>
Date: Thu, 17 Oct 2024 13:33:09 -0500
Subject: [PATCH 2/3] custom dependency review config

---
 .github/dependency-review-config.yml | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 .github/dependency-review-config.yml

diff --git a/.github/dependency-review-config.yml b/.github/dependency-review-config.yml
new file mode 100644
index 000000000000..99deb0e2677c
--- /dev/null
+++ b/.github/dependency-review-config.yml
@@ -0,0 +1,7 @@
+fail-on-severity: 'high'
+allow-ghsas:
+  # dependency review does not allow specific file exclusions
+  # we use an older version of NextJS in our tests and thus need to 
+  # exclude this
+  # once our minimum supported version is over 14.1.1 this can be removed
+  - GHSA-fr5h-rqp8-mj6g

From 848c37f1de9a4bace7d23b5e3ecc3c70349d2ea5 Mon Sep 17 00:00:00 2001
From: mdtro <20070360+mdtro@users.noreply.github.com>
Date: Thu, 17 Oct 2024 13:34:11 -0500
Subject: [PATCH 3/3] remove dependency-review workflow, we use the org-level
 one

---
 .github/workflows/dependency-review.yml | 19 -------------------
 1 file changed, 19 deletions(-)
 delete mode 100644 .github/workflows/dependency-review.yml

diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
deleted file mode 100644
index 24510de818ed..000000000000
--- a/.github/workflows/dependency-review.yml
+++ /dev/null
@@ -1,19 +0,0 @@
-name: 'Dependency Review'
-on:
-  pull_request:
-    branches: ['master']
-
-permissions:
-  contents: read
-
-jobs:
-  dependency-review:
-    runs-on: ubuntu-latest
-    steps:
-      - name: 'Checkout Repository'
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - name: Dependency Review
-        uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4
-        with:
-          # Possible values: "critical", "high", "moderate", "low"
-          fail-on-severity: high