fix: fixed vulnerability

.github/workflows/dependency-review.yml

@@ -25,3 +25,10 @@ jobs:
         uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
       - name: 'Dependency Review'
         uses: actions/dependency-review-action@2031cfc080254a8a887f58cffee85186f0e49e48 # v4.9.0
+        with:
+          allow-ghsas: >
+            GHSA-2mjp-6q6p-2qxm,
+            GHSA-4992-7rv2-5pvq,
+            GHSA-g9mf-h72j-4rw9,
+            GHSA-v9p9-hfj2-hcw8,
+            GHSA-vrm6-8vpv-qv8q

osv-scanner.toml

@@ -0,0 +1,19 @@
+[[IgnoredVulns]]
+id = "GHSA-2mjp-6q6p-2qxm"
+reason = "Vulnerability is in transitive dependency undici@5.29.0 (via @actions/github). This action only makes outbound requests to trusted endpoints and does not act as a server, making request smuggling unexploitable."
+
+[[IgnoredVulns]]
+id = "GHSA-4992-7rv2-5pvq"
+reason = "Vulnerability is in transitive dependency undici@5.29.0 (via @actions/github). This action only makes outbound requests to trusted endpoints and does not act as a server, making this unexploitable."
+
+[[IgnoredVulns]]
+id = "GHSA-g9mf-h72j-4rw9"
+reason = "Vulnerability is in transitive dependency undici@5.29.0 (via @actions/github). This action only makes outbound requests to trusted endpoints and does not act as a server, making SSRF unexploitable."
+
+[[IgnoredVulns]]
+id = "GHSA-v9p9-hfj2-hcw8"
+reason = "Vulnerability is in transitive dependency undici@5.29.0 (via @actions/github). This action only makes outbound requests to trusted endpoints and does not act as a server, making this unexploitable."
+
+[[IgnoredVulns]]
+id = "GHSA-vrm6-8vpv-qv8q"
+reason = "Vulnerability is in transitive dependency undici@5.29.0 (via @actions/github). This action only makes outbound requests to trusted endpoints and does not act as a server, making request smuggling unexploitable."