issues
search
actions
/
dependency-review-action
A GitHub Action for detecting vulnerable dependencies and invalid licenses in your PRs
MIT License
558
stars
94
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Job Summary Size Limitation aborts the job [BUG]
#786
Shweta4398
opened
4 days ago
2
Update README.md
#785
singha04
closed
2 weeks ago
1
Bump got from 14.2.0 to 14.4.1
#784
dependabot[bot]
opened
2 weeks ago
0
Include all added dependencies in scorecard entries
#783
elireisman
closed
3 weeks ago
1
Bump undici from 5.28.3 to 5.28.4
#782
dependabot[bot]
closed
3 weeks ago
0
Bump project version to 4.3.3 in prep for a release
#781
elireisman
closed
3 weeks ago
0
Why is this not named `dependency-review`
#780
jasonkarns
closed
3 weeks ago
1
[BUG] When the report exceeds 64KB pr issue is not created since it exceeds max comment issue
#779
tspascoal
closed
3 weeks ago
1
Updates to the contribution guidelines
#778
jonjanego
closed
3 weeks ago
1
Create issue templates
#777
jonjanego
closed
3 weeks ago
1
fix show-openssf-scorecard-levels input
#776
ramann
closed
3 weeks ago
1
`fail-on-severity` should still show lower severity vulnerabilities
#775
mario-campos
opened
3 weeks ago
0
Job Summary Size Limitation aborts the job
#774
alagappanu
closed
1 week ago
2
PR with suggestions - [Improvement]: Help streamline / simplify dependency review action README
#773
am-stead
closed
4 weeks ago
1
Bump got from 14.2.0 to 14.3.0
#772
dependabot[bot]
closed
2 weeks ago
1
Add trusty scores
#771
therealnb
closed
3 weeks ago
6
Bump zod from 3.22.4 to 3.23.8
#769
dependabot[bot]
opened
1 month ago
0
Bump zod from 3.22.4 to 3.23.6
#768
dependabot[bot]
closed
1 month ago
1
Fix the max comment length issue
#767
jhutchings1
closed
3 weeks ago
4
fix: getRefs function to handle merge_group events
#766
louis-bompart
opened
1 month ago
4
Allow slashes in purl package names
#765
juxtin
closed
1 month ago
1
Adding a license in 'allow-dependencies-licenses' does not prevent it from being populated in "invalid-license-changes"
#764
sreya
opened
1 month ago
5
Error :- Purl String argument is required .
#763
Shweta4398
closed
1 month ago
4
Update version number to 4.3.2
#762
juxtin
closed
1 month ago
0
Fix package-url parsing for allow-dependencies-licenses
#761
juxtin
closed
1 month ago
0
fix: fixed issue with allowed-dependencies-licenses confirguration always causing action to fail
#760
jdavis-etdx
closed
2 months ago
0
Configuring allow-dependencies-licenses fails the action
#759
jdavis-etdx
closed
1 month ago
3
Change version to 4.3.1
#758
juxtin
closed
2 months ago
0
Latest release breaks dependabot
#757
phlax
closed
2 months ago
3
Bump zod from 3.22.4 to 3.23.4
#756
dependabot[bot]
closed
1 month ago
1
Bump got from 14.2.0 to 14.2.1
#755
dependabot[bot]
closed
1 month ago
1
Allow this action to run on branch
#754
writemevm
opened
2 months ago
4
Parse purls cautiously in getDeniedChanges
#753
juxtin
closed
2 months ago
1
v4.3.0 Causing PURL Processing Errors
#752
watercable76
closed
2 months ago
6
Update version to 4.3.0 in preparation for release
#751
juxtin
closed
2 months ago
2
Show denied packages with red X
#750
juxtin
closed
2 months ago
1
Bump @octokit/plugin-retry from 6.0.1 to 7.1.1
#749
dependabot[bot]
opened
2 months ago
0
Fix extra https:// in summary
#748
jhutchings1
closed
2 months ago
1
Bump @octokit/request-error from 5.0.1 to 6.1.1
#747
dependabot[bot]
opened
2 months ago
1
Conflict between vulnerabilities in scorecard vs check
#746
james-smith-uk
opened
2 months ago
0
Bump @octokit/plugin-retry from 6.0.1 to 7.1.0
#745
dependabot[bot]
closed
2 months ago
2
Bump typescript from 5.3.3 to 5.4.5
#744
dependabot[bot]
closed
2 months ago
1
Question: Is this action limited to revisions on the _default_ branch only?
#743
andreas-borglin
closed
2 months ago
2
MIT is an invalid SPDX license identifier?
#742
recurly-bearley
opened
2 months ago
2
use the v3 version of the deps.dev API
#741
josieang
closed
1 month ago
6
Bump typescript from 5.3.3 to 5.4.4
#740
dependabot[bot]
closed
2 months ago
1
Bump @octokit/request-error from 5.0.1 to 6.1.0
#739
dependabot[bot]
closed
2 months ago
1
Scorecard table URLs include duplicate https://
#738
phyrog
closed
2 months ago
3
Bump eslint-plugin-github from 4.10.1 to 4.10.2
#737
dependabot[bot]
closed
2 months ago
0
error "fetch failed" with v4.2.5
#736
cpanato
closed
2 weeks ago
3
Next