Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add dependency review check #1930

Merged
merged 8 commits into from
Mar 26, 2024
Merged

Conversation

fredvisser
Copy link
Contributor

@fredvisser fredvisser commented Mar 13, 2024

Pull Request

🀨 Rationale

#801 highlighted that our current use of npm audit is brittle. This action should elevate any issues tracked by Github to the PR.

πŸ‘©β€πŸ’» Implementation

πŸ§ͺ Testing

This PR only highlights the packages that are changed (the Github Actions), but since the Github dependency graph sees our other NPM dependencies, I expect this will evaluate package.json issues when a PR has those changes in it.

I could add known bad issues to this PR to validate, or we could just submit this and validate over time.

βœ… Checklist

  • I have updated the project documentation to reflect my changes or determined no changes are needed.

Copy link

github-actions bot commented Mar 18, 2024

Dependency Review

βœ… No vulnerabilities or license issues found.

Scanned Manifest Files

.github/workflows/dependency-review.yml
  • actions/checkout@4.*.*
  • actions/dependency-review-action@4.*.*

@fredvisser fredvisser marked this pull request as ready for review March 20, 2024 18:18
@rajsite rajsite merged commit 95fa45b into main Mar 26, 2024
13 checks passed
@rajsite rajsite deleted the users-fvisser-dependency-review-action branch March 26, 2024 14:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants