Closed jeffpaul closed 2 years ago
Adds a dependency review action that scans all PRs for introducing insecure dependencies and will block merge of those PRs until the insecure item is resolved. Will help protect us from accidentally introducing insecure code into our projects. More details on this official GitHub Action here: https://github.blog/changelog/2022-04-06-github-action-for-dependency-review-enforcement/.
Don't have this and just... 🤞🏼?
none identified
Already verified as working in https://github.com/10up/distributor/pull/869, merely replicating that change in this repo.
Added - Dependency security scanning.
Props @jeffpaul.
Description of the Change
Adds a dependency review action that scans all PRs for introducing insecure dependencies and will block merge of those PRs until the insecure item is resolved. Will help protect us from accidentally introducing insecure code into our projects. More details on this official GitHub Action here: https://github.blog/changelog/2022-04-06-github-action-for-dependency-review-enforcement/.
Alternate Designs
Don't have this and just... 🤞🏼?
Possible Drawbacks
none identified
Verification Process
Already verified as working in https://github.com/10up/distributor/pull/869, merely replicating that change in this repo.
Checklist:
Changelog Entry
Credits
Props @jeffpaul.