From 587012f94467263755259584b82831f02785af69 Mon Sep 17 00:00:00 2001
From: Raj-StepSecurity <rajkumar@stepsecurity.io>
Date: Wed, 8 Apr 2026 19:14:41 +0530
Subject: [PATCH] Create osv-scanner.toml

---
 osv-scanner.toml | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 osv-scanner.toml

diff --git a/osv-scanner.toml b/osv-scanner.toml
new file mode 100644
index 0000000..e62e0df
--- /dev/null
+++ b/osv-scanner.toml
@@ -0,0 +1,19 @@
+[[IgnoredVulns]]
+id = "GHSA-g9mf-h72j-4rw9"
+reason = "undici: Fetch API decompression issue; action uses Octokit REST client not fetch()"
+
+[[IgnoredVulns]]
+id = "GHSA-2mjp-6q6p-2qxm"
+reason = "undici: HTTP smuggling requires untrusted intermediary; action only talks to GitHub API"
+
+[[IgnoredVulns]]
+id = "GHSA-vrm6-8vpv-qv8q"
+reason = "undici: WebSocket memory issue; action does not use WebSockets"
+
+[[IgnoredVulns]]
+id = "GHSA-v9p9-hfj2-hcw8"
+reason = "undici: WebSocket client exception; action does not use WebSockets"
+
+[[IgnoredVulns]]
+id = "GHSA-4992-7rv2-5pvq"
+reason = "undici: CRLF injection via upgrade option; not used by @actions/github or @actions/http-client"