kastenhq-kubestr/.github/workflows/dependency-review.yaml

# Dependency Review Action
#
# This workflow scans dependency manifest files that change as part of a pull
# reqest, surfacing known-vulnerable versions of the packages declared or
# updated in the PR.
# If the workflow run is marked as required, PRs introducing known-vulnerable
# packages will be blocked from merging.
#
# Source repository: https://github.com/actions/dependency-review-action
# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
#
name: 'Dependency Review'
on: [pull_request]

permissions:
  contents: read

jobs:
  dependency-review:
    runs-on: ubuntu-latest
    steps:
      - name: 'Checkout Repository'
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
      - name: 'Dependency Review'
        uses: actions/dependency-review-action@01bc87099ba56df1e897b6874784491ea6309bc4 # v3.1.4
chore(deps): Enable dependabot updates (#114) Enables dependabot updates Add automatic dependency review to avoid vulnerability regressions 2022-07-20 04:31:51 +00:00			`# Dependency Review Action`
			`#`
chore(deps) upgrade various GH actions (#170) * chore(ci): update comment in dependency review action * chore(deps): use commit id for action/setup-go version * deps(gha): upgrade docker/setup-buildx-action to v3.0.0 * deps(gha): upgrade docker/metadata-action to v5.0.0 * deps(gha): upgrade docker/login-action to v3.0.0 * deps(gha): upgrade docker/build-push-action to v5.0.0 * deps(gha): upgrade docker/setup-qemu-action to v3.0.0 Release notes: https://github.com/docker/setup-qemu-action/releases/tag/v3.0.0 * deps(gha): use commit id for dependency-review-action * deps(gha): upgrade goreleaser-action to v5.0.0 Release notes: https://github.com/goreleaser/goreleaser-action/releases/tag/v5.0.0 * deps(gha): use commit id for golangci-lint-action Pin to v3.7.0 Release notes: https://github.com/golangci/golangci-lint-action/releases/tag/v3.7.0 2023-09-14 22:33:53 +00:00			`# This workflow scans dependency manifest files that change as part of a pull`
			`# reqest, surfacing known-vulnerable versions of the packages declared or`
			`# updated in the PR.`
			`# If the workflow run is marked as required, PRs introducing known-vulnerable`
			`# packages will be blocked from merging.`
chore(deps): Enable dependabot updates (#114) Enables dependabot updates Add automatic dependency review to avoid vulnerability regressions 2022-07-20 04:31:51 +00:00			`#`
			`# Source repository: https://github.com/actions/dependency-review-action`
			`# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement`
chore(deps) upgrade various GH actions (#170) * chore(ci): update comment in dependency review action * chore(deps): use commit id for action/setup-go version * deps(gha): upgrade docker/setup-buildx-action to v3.0.0 * deps(gha): upgrade docker/metadata-action to v5.0.0 * deps(gha): upgrade docker/login-action to v3.0.0 * deps(gha): upgrade docker/build-push-action to v5.0.0 * deps(gha): upgrade docker/setup-qemu-action to v3.0.0 Release notes: https://github.com/docker/setup-qemu-action/releases/tag/v3.0.0 * deps(gha): use commit id for dependency-review-action * deps(gha): upgrade goreleaser-action to v5.0.0 Release notes: https://github.com/goreleaser/goreleaser-action/releases/tag/v5.0.0 * deps(gha): use commit id for golangci-lint-action Pin to v3.7.0 Release notes: https://github.com/golangci/golangci-lint-action/releases/tag/v3.7.0 2023-09-14 22:33:53 +00:00			`#`
chore(deps): Enable dependabot updates (#114) Enables dependabot updates Add automatic dependency review to avoid vulnerability regressions 2022-07-20 04:31:51 +00:00			`name: 'Dependency Review'`
			`on: [pull_request]`

			`permissions:`
			`contents: read`

			`jobs:`
			`dependency-review:`
			`runs-on: ubuntu-latest`
			`steps:`
			`- name: 'Checkout Repository'`
Bump actions/checkout from 4.1.0 to 4.1.1 (#186) Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.0 to 4.1.1. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/8ade135a41bc03ea155e62e844d188df1ea18608...b4ffde65f46336ab88eb53be808477a3936bae11) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 2023-10-26 05:06:29 +00:00			`uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1`
chore(deps): Enable dependabot updates (#114) Enables dependabot updates Add automatic dependency review to avoid vulnerability regressions 2022-07-20 04:31:51 +00:00			`- name: 'Dependency Review'`
Bump actions/dependency-review-action from 3.1.3 to 3.1.4 (#196) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 3.1.3 to 3.1.4. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/7bbfa034e752445ea40215fff1c3bf9597993d3f...01bc87099ba56df1e897b6874784491ea6309bc4) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 2023-12-05 02:31:18 +00:00			`uses: actions/dependency-review-action@01bc87099ba56df1e897b6874784491ea6309bc4 # v3.1.4`