chore(deps): update all non-major dependencies #380
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: 'Dependency Review' | |
on: [pull_request] | |
permissions: | |
contents: read | |
jobs: | |
dependency-review: | |
runs-on: ubuntu-latest | |
steps: | |
- name: 'Checkout Repository' | |
uses: actions/checkout@v4 | |
- name: 'Dependency Review' | |
uses: actions/dependency-review-action@72eb03d02c7872a771aacd928f3123ac62ad6d3a # Version 4.3.3 # https://github.com/actions/dependency-review-action/releases/tag/v4.3.3 | |
# Version 4.3.4 does not work with invalid license names in the config and since that version, | |
# SPDX expression licenses are considered invalid (see: https://github.com/actions/dependency-review-action/issues/792). | |
# In short, remove all SPDX expressions from the config! | |
# | |
# Note that if you have packages that use SPDX expressions, this will report them as invalid, | |
# as support is not yet implemented (see: https://github.com/actions/dependency-review-action/issues/263). | |
# | |
# In that case you need to downgrade to version 4.3.3 where SPDX expressions are handled as exact strings !! | |
# @source https://github.com/actions/dependency-review-action/issues/809#issuecomment-2285930024 | |
with: | |
# Use comma-separated names to pass list arguments: | |
allow-licenses: Apache-2.0,BSD-3-Clause,BSD-2-Clause,MIT,Apache-2.0 AND MIT |