From 2ce59f6954a1f63173ae980e17ab28d5e254d5da Mon Sep 17 00:00:00 2001 From: naveen <172697+naveensrinivasan@users.noreply.github.com> Date: Sun, 5 Jun 2022 13:06:49 +0000 Subject: [PATCH 1/3] chore(deps): Included dependency review > Dependency Review GitHub Action in your repository to enforce dependency > reviews on your pull requests. > The action scans for vulnerable versions of dependencies introduced by package version > changes in pull requests, > and warns you about the associated security vulnerabilities. > This gives you better visibility of what's changing in a pull request, > and helps prevent vulnerabilities being added to your repository. https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com> --- .github/workflows/depsreview.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 .github/workflows/depsreview.yaml diff --git a/.github/workflows/depsreview.yaml b/.github/workflows/depsreview.yaml new file mode 100644 index 0000000000..f2605b7a7e --- /dev/null +++ b/.github/workflows/depsreview.yaml @@ -0,0 +1,14 @@ +name: 'Dependency Review' +on: [pull_request] + +permissions: + contents: read + +jobs: + dependency-review: + runs-on: ubuntu-latest + steps: + - name: 'Checkout Repository' + uses: actions/checkout@v3 + - name: 'Dependency Review' + uses: actions/dependency-review-action@v1 From 9a81b797449308890d79bf6d654a10bb0f042ff4 Mon Sep 17 00:00:00 2001 From: Karsten Hassel Date: Fri, 28 Oct 2022 21:02:38 +0200 Subject: [PATCH 2/3] updated dependency-review-action to v2 --- .github/workflows/depsreview.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/depsreview.yaml b/.github/workflows/depsreview.yaml index f2605b7a7e..a25de591ba 100644 --- a/.github/workflows/depsreview.yaml +++ b/.github/workflows/depsreview.yaml @@ -11,4 +11,4 @@ jobs: - name: 'Checkout Repository' uses: actions/checkout@v3 - name: 'Dependency Review' - uses: actions/dependency-review-action@v1 + uses: actions/dependency-review-action@v2 From 8059aab8bb8aea603318044f36fb9c0f984f1af7 Mon Sep 17 00:00:00 2001 From: Karsten Hassel Date: Fri, 28 Oct 2022 21:06:51 +0200 Subject: [PATCH 3/3] run prettier --- .github/workflows/depsreview.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/depsreview.yaml b/.github/workflows/depsreview.yaml index a25de591ba..745f4c5eee 100644 --- a/.github/workflows/depsreview.yaml +++ b/.github/workflows/depsreview.yaml @@ -1,4 +1,4 @@ -name: 'Dependency Review' +name: "Dependency Review" on: [pull_request] permissions: @@ -8,7 +8,7 @@ jobs: dependency-review: runs-on: ubuntu-latest steps: - - name: 'Checkout Repository' + - name: "Checkout Repository" uses: actions/checkout@v3 - - name: 'Dependency Review' + - name: "Dependency Review" uses: actions/dependency-review-action@v2