diff --git a/.github/dependency-review-config.yml b/.github/dependency-review-config.yml
new file mode 100644
index 0000000..99deb0e
--- /dev/null
+++ b/.github/dependency-review-config.yml
@@ -0,0 +1,7 @@
+fail-on-severity: 'high'
+allow-ghsas:
+  # dependency review does not allow specific file exclusions
+  # we use an older version of NextJS in our tests and thus need to 
+  # exclude this
+  # once our minimum supported version is over 14.1.1 this can be removed
+  - GHSA-fr5h-rqp8-mj6g