Merge pull request #55 from step-security/Raj-StepSecurity-patch-3

Raj-StepSecurity · web-flow · commit f7359926a154 · 2025-10-14T10:25:18.000+05:30
fix: test vulnerable deps moved to osv scanner
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -55,7 +55,7 @@ jobs:
     timeout-minutes: 10
     strategy:
       matrix:
-        os: [ubuntu-20.04, ubuntu-22.04, ubuntu-latest, macos-latest]
+        os: [ubuntu-22.04, ubuntu-latest, macos-latest]
     steps:
       - name: Harden Runner
         uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
diff --git a/osv-scanner.toml b/osv-scanner.toml
@@ -12,4 +12,12 @@ reason = "Untrusted headers are not processed"
 
 [[IgnoredVulns]]
 id = "GHSA-67mh-4wv8-2f99"
-reason = "It is a a test dependency"
+reason = "It is a a test dependency"
+
+[[IgnoredVulns]]
+id = "GHSA-g4jq-h2w9-997c"
+reason = "It is only used for testing"
+
+[[IgnoredVulns]]
+id = "GHSA-jqfw-vq24-v9c3"
+reason = "It is only used for testing"
