From 7f027c6ec2f38101a539979e84547f9a2e953a86 Mon Sep 17 00:00:00 2001
From: Chris Farhood <chris@farhood.org>
Date: Wed, 6 May 2026 13:16:51 +0000
Subject: [PATCH] chore(ci): add audit-ci config path for allowlist support

Add --config ./audit-ci.jsonc to audit-ci step so plugin repos can
provide their own allowlist for inherited @kinvolk/headlamp-plugin
dev-dependency CVEs (CTO decision PRI-854).

Co-Authored-By: Paperclip <noreply@paperclip.ing>
---
 .github/workflows/plugin-ci.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/plugin-ci.yaml b/.github/workflows/plugin-ci.yaml
index f01b7b3..e8d013f 100644
--- a/.github/workflows/plugin-ci.yaml
+++ b/.github/workflows/plugin-ci.yaml
@@ -173,7 +173,7 @@ jobs:
       - name: Security audit
         run: |
           if [ "${{ steps.pkg-manager.outputs.manager }}" = "pnpm" ]; then
-            npx audit-ci --pnpm --audit-level=high
+            npx audit-ci --pnpm --audit-level=high --config ./audit-ci.jsonc
           else
-            npx audit-ci --npm --audit-level=high
+            npx audit-ci --npm --audit-level=high --config ./audit-ci.jsonc
           fi
\ No newline at end of file