Dependency-Review defaults update #53
Conversation
Update dependency-review to also by default include the `master` branch. In addition the minimal severity for failing was raised to moderate.
| @@ -12,6 +12,7 @@ on: | |||
| pull_request: | |||
| branches: | |||
| - main | |||
| - master | |||
There was a problem hiding this comment.
This should be handled on the calling repo, not this repo. Look at how this is called on teleport repo.
There was a problem hiding this comment.
Ok, I was trying to see if we could reduce how many repo's needed the branch definition. If we want it to be defined on the calling repo always should I remove the branches entirely?
| @@ -29,4 +30,5 @@ jobs: | |||
| - name: 'Dependency Review' | |||
| uses: actions/dependency-review-action@11310527b429536e263dc6cc47873e608189ba21 | |||
| with: | |||
| fail-on-severity: moderate | |||
There was a problem hiding this comment.
Do we have cases where we have low severity issues causing problems?
There was a problem hiding this comment.
As best I can tell the teleport repo is the only repo that has this rolled out so far. So no, but I was concerned it may cause some noise as we roll it out. If you want to start stricter I am fine with it, I just wondered if it had been considered.
Co-authored-by: Reed Loden <[email protected]>
Update dependency-review to also by default include the
masterbranch. In addition the minimal severity for failing was raised to moderate.I think this will allow most projects to accept this configuration without modification.