pad.pub0.org/.github/workflows/dependency-review.yml

# Dependency Review Action
#
# This Action will scan dependency manifest files that change as part of a Pull Reqest, surfacing known-vulnerable versions of the packages declared or updated in the PR. Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable packages will be blocked from merging.
#
# Source repository: https://github.com/actions/dependency-review-action
# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
name: 'Dependency Review'
on: [pull_request]

permissions:
  contents: read

jobs:
  dependency-review:
    runs-on: ubuntu-latest
    steps:
      - name: 'Checkout Repository'
        uses: actions/checkout@v3
      - name: 'Dependency Review'
        uses: actions/dependency-review-action@v3
chore(deps): Included dependency review > Dependency Review GitHub Action in your repository to enforce dependency reviews on your pull requests. > The action scans for vulnerable versions of dependencies introduced by package version changes in pull requests, > and warns you about the associated security vulnerabilities. > This gives you better visibility of what's changing in a pull request, > and helps prevent vulnerabilities being added to your repository. https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement 2022-05-03 01:00:25 +00:00			`# Dependency Review Action`
			`#`
			`# This Action will scan dependency manifest files that change as part of a Pull Reqest, surfacing known-vulnerable versions of the packages declared or updated in the PR. Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable packages will be blocked from merging.`
			`#`
			`# Source repository: https://github.com/actions/dependency-review-action`
			`# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement`
			`name: 'Dependency Review'`
			`on: [pull_request]`

			`permissions:`
			`contents: read`

			`jobs:`
			`dependency-review:`
			`runs-on: ubuntu-latest`
			`steps:`
			`- name: 'Checkout Repository'`
			`uses: actions/checkout@v3`
			`- name: 'Dependency Review'`
build(deps): bump actions/dependency-review-action from 1 to 3 Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 1 to 3. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/v1...v3) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> 2023-06-20 15:58:21 +00:00			`uses: actions/dependency-review-action@v3`