Skip to content

[2.8] Add dependency review workflow #35

New issue
New issue
Closed
Closed
[2.8] Add dependency review workflow#35
Labels
enhancementNew feature or improvementowner:agentAgent can complete autonomouslypriority:highHigh prioritystatus:planningTask is in planning
Milestone
v2.0 — Workflows
@vbonk

Description

@vbonk
vbonk
opened on Mar 13, 2026

What needs to be done

Create .github/workflows/dependency-review.yml using actions/dependency-review-action (SHA-pinned). Runs on PRs, flags new dependencies with known vulnerabilities.

Acceptance Criteria

  • Workflow exists with fail-on-severity: moderate
  • Comments summary on PR
  • SHA-pinned action

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or improvementowner:agentAgent can complete autonomouslypriority:highHigh prioritystatus:planningTask is in planning

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions