Dependency Review #90225

	name: Dependency Review

	on:
	pull_request:
	merge_group:

	jobs:
	dependency-review:
	uses: gravitational/shared-workflows/.github/workflows/dependency-review.yaml@main
	permissions:
	contents: read
	pull-requests: write
	with:
	base-ref: ${{ github.event.pull_request.base.sha \|\| 'branch/v15' }}
	# 'GHSA-6xf3-5hp7-xqqg' is a false positive. That's an old Teleport Vuln,
	# but because of the replace, the dependency cannot find the correct
	# Teleport version.
	allow-ghsas: 'GHSA-xwh9-gc39-5298,GHSA-6xf3-5hp7-xqqg'
	allow-dependencies-licenses: >-
	pkg:cargo/curve25519-dalek-derive,
	pkg:cargo/ring,
	pkg:cargo/sspi,
	pkg:cargo/tokio-boring,
	pkg:cargo/asn1-rs,
	pkg:cargo/asn1-rs-derive,
	pkg:cargo/asn1-rs-impl,
	pkg:cargo/der-parser

Provide feedback