Files
json/.github/workflows/dependency-review.yml
T
Niels Lohmann 272411c5e6 Overwork project infrastructure (#5218)
* 📝 overwork project infrastructure

Signed-off-by: Niels Lohmann <mail@nlohmann.me>

* 🐛 fix GCC16 issue

Signed-off-by: Niels Lohmann <mail@nlohmann.me>

* 🐛 fix GCC16 issue

Signed-off-by: Niels Lohmann <mail@nlohmann.me>

* 🐛 only build module for GCC

Signed-off-by: Niels Lohmann <mail@nlohmann.me>

* 🐛 fix build

Signed-off-by: Niels Lohmann <mail@nlohmann.me>

* 📝 fix documentation

Closes #5012: fix the error_handler_t::ignore wording

Signed-off-by: Niels Lohmann <mail@nlohmann.me>

* 📝 fix documentation

Closes #4354: fix "Custom data source" example

Signed-off-by: Niels Lohmann <mail@nlohmann.me>

---------

Signed-off-by: Niels Lohmann <mail@nlohmann.me>
2026-06-30 18:09:06 +02:00

30 lines
1021 B
YAML

# Dependency Review Action
#
# This Action will scan dependency manifest files that change as part of a Pull Request,
# surfacing known-vulnerable versions of the packages declared or updated in the PR.
# Once installed, if the workflow run is marked as required,
# PRs introducing known-vulnerable packages will be blocked from merging.
#
# Source repository: https://github.com/actions/dependency-review-action
name: 'Dependency Review'
on: [pull_request]
permissions:
contents: read
jobs:
dependency-review:
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
with:
egress-policy: audit
- name: 'Checkout Repository'
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
- name: 'Dependency Review'
uses: actions/dependency-review-action@a1d282b36b6f3519aa1f3fc636f609c47dddb294 # v5.0.0