ci: bump the actions-all group with 2 updates #7
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Dependency Review | |
| on: | |
| pull_request: | |
| jobs: | |
| dependency-review: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Dependency review | |
| continue-on-error: true | |
| uses: actions/dependency-review-action@a1d282b36b6f3519aa1f3fc636f609c47dddb294 # v5.0.0 | |
| with: | |
| # MPL-2.0 is safe only as a transitive dependency — do not vendor or | |
| # fork MPL-licensed source without re-evaluating the obligations. | |
| allow-licenses: Apache-2.0, MIT, ISC, BSD-2-Clause, BSD-3-Clause, CC0-1.0, Unlicense, 0BSD, Python-2.0, MPL-2.0 | |
| - name: Dependency review not supported notice | |
| if: ${{ failure() }} | |
| run: | | |
| echo "Dependency review is not supported for this repository configuration." | |
| echo "Proceeding without blocking CI." |