Files
santifer--career-ops/.github/workflows/dependency-review.yml
T
wehub-resource-sync d083df1fdb
CodeQL Analysis / Analyze (javascript-typescript) (push) Failing after 2s
Web CI / web typecheck + build (push) Failing after 1s
Release Please / release-please (push) Failing after 1s
CodeQL Analysis / Analyze (go) (push) Failing after 16s
chore: import upstream snapshot with attribution
2026-07-13 12:02:43 +08:00

27 lines
776 B
YAML

name: Dependency Review
on:
pull_request:
branches: [main]
permissions:
contents: read
pull-requests: write
jobs:
dependency-review:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v7
- name: Dependency Review
# TODO: remove continue-on-error once the Dependency graph is enabled in
# Settings > Security & Analysis (see #343). Until then, this is a temporary
# workaround to unblock PRs — note that fail-on-severity: high is still
# configured but will not block merges while continue-on-error is true.
continue-on-error: true
uses: actions/dependency-review-action@v5.0.0
with:
fail-on-severity: high
comment-summary-in-pr: always