issues
search
actions
/
dependency-review-action
A GitHub Action for detecting vulnerable dependencies and invalid licenses in your PRs
MIT License
610
stars
107
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Prepare for 4.5.0 release
#851
Ahmed3lmallah
closed
1 day ago
0
Overriding the cross-spawn dependency to use a safe version
#850
Ahmed3lmallah
closed
2 days ago
0
Bump @vercel/ncc from 0.38.1 to 0.38.3
#849
dependabot[bot]
closed
3 days ago
0
feat: Github fallback for empty PURL for license exclusion
#848
jscaltreto
opened
2 weeks ago
3
Bump nodemon from 3.1.0 to 3.1.7
#847
dependabot[bot]
closed
3 days ago
0
Fix for merge_group event bug
#846
Ahmed3lmallah
closed
3 weeks ago
0
Bump @vercel/ncc from 0.38.1 to 0.38.2
#845
dependabot[bot]
closed
4 days ago
3
Bump got from 14.4.2 to 14.4.3
#844
dependabot[bot]
closed
3 weeks ago
0
[BUG] merge_group tigger fails due to different event structure
#843
ebickle
closed
3 weeks ago
2
[BUG] Incompatible licenses in actions/setup-python
#842
mryzhov
closed
1 week ago
2
[BUG] Action fails in merge queue with v4.3.5
#841
kylebjordahl
closed
3 weeks ago
4
Bump eslint-plugin-jest and ts-jest
#840
Ahmed3lmallah
closed
1 month ago
0
[BUG] mypy 1.12 problems determining license
#839
emlowe
opened
1 month ago
1
Bump eslint-plugin-jest from 27.9.0 to 28.8.3
#836
dependabot[bot]
closed
1 month ago
1
Different configuration per package type?
#834
steve-gore-snapdocs
opened
1 month ago
0
Bump @octokit/request-error from 5.0.1 to 6.1.5
#833
dependabot[bot]
opened
1 month ago
1
Update stale.yaml
#832
jonjanego
closed
1 month ago
0
Bump @octokit/plugin-retry from 6.0.1 to 7.1.2
#831
dependabot[bot]
opened
2 months ago
0
[BUG] Dependency Review reports the Vulnerability which we are updating.
#830
Shweta4398
opened
2 months ago
0
Upgrade transitive micromatch library
#829
elireisman
closed
2 months ago
0
Do not list changed dependencies in summary
#828
hmaurer
closed
2 months ago
0
fix: add summary comment on failure when warn-only: true
#827
ebickle
closed
1 day ago
3
Can it work with normal push instead of just pull request?
#826
umeshnebhani733
opened
2 months ago
1
Add option for commit status check
#825
ebickle
opened
2 months ago
0
[BUG] warn-only set and job fails when having a vulnerability
#824
dolorsfg
opened
2 months ago
0
Show patched version of dependency in the dependency review summary
#823
virangdoshi
opened
2 months ago
1
Bump got from 14.4.1 to 14.4.2
#822
dependabot[bot]
closed
1 month ago
0
Bump ts-jest from 29.1.2 to 29.2.5
#821
dependabot[bot]
closed
1 month ago
1
[BUG] Dependency Review gets stuck if forked .
#820
Shweta4398
opened
3 months ago
1
Bump @typescript-eslint/eslint-plugin from 6.21.0 to 8.2.0
#819
dependabot[bot]
closed
3 months ago
1
[BUG] unexpected addition of `AND NOASSERTION` to license when updating pywin32-ctypes
#818
altendky
opened
3 months ago
3
Add comment when warn-only: true and comment-summary-in-pr: on-failure
#817
ebickle
closed
1 day ago
7
Bump @typescript-eslint/eslint-plugin from 6.21.0 to 8.1.0
#816
dependabot[bot]
closed
3 months ago
2
Bump @types/node from 20.11.28 to 20.16.0
#815
dependabot[bot]
closed
3 months ago
0
[BUG] Error "fetch failed" when using proxy
#814
lindeberg
opened
3 months ago
4
Print `Dependency Changes` in PR comment
#813
wzieba
opened
3 months ago
0
[BUG] `allow-dependencies-licenses` not respected after changing from `==` to `>=` with Python
#812
altendky
opened
3 months ago
0
Bump @typescript-eslint/eslint-plugin from 6.21.0 to 8.0.1
#811
dependabot[bot]
closed
3 months ago
1
Bump @types/node from 20.11.28 to 20.14.15
#810
dependabot[bot]
closed
3 months ago
1
Packages being flagged incorrectly with invalid SPDX license definitions
#809
shubhashish-certa
opened
3 months ago
6
Report of existing Branch
#808
wortkotze
opened
3 months ago
0
Bump @typescript-eslint/eslint-plugin from 6.21.0 to 8.0.0
#807
dependabot[bot]
closed
3 months ago
1
Bump @types/node from 20.11.28 to 20.14.14
#806
dependabot[bot]
closed
3 months ago
1
Support for GHES
#805
x3dfxjunkie
opened
3 months ago
0
Duplicate
#804
felickz
closed
3 months ago
0
Bump @types/node from 20.11.28 to 20.14.13
#802
dependabot[bot]
closed
3 months ago
1
[BUG] Listing too many allow-dependencies-licenses makes the summary output unreadable
#801
jtomkiew-mng
opened
4 months ago
0
Bump @types/node from 20.11.28 to 20.14.11
#800
dependabot[bot]
closed
3 months ago
1
[BUG] Action Is Now Unable To Parse NPM pURL Without a Namespace
#799
AlexWilson-GIS
closed
4 months ago
8
Bump @octokit/request-error from 5.0.1 to 6.1.4
#797
dependabot[bot]
closed
1 month ago
1
Next