search

actions / dependency-review-action

A GitHub Action for detecting vulnerable dependencies and invalid licenses in your PRs
MIT License
558 stars 94 forks source link

Configuring allow-dependencies-licenses fails the action #759

Closed jdavis-etdx closed 2 months ago

jdavis-etdx commented 2 months ago

The following change made in #753 is now causing using the allow-dependencies-licenses configuration to fail the action with the following error: Error: Invalid purl(s) in allow-dependencies-licenses:... when configured. This logic is indicating that if the the error property for an object in the list is null, add it to the invalid_purls list in which an an exception if this list has at at least one item. The correct logic should be to only add an item to the list if the error property contains a value.

https://github.com/actions/dependency-review-action/blob/e58c696e52cac8e62d61cc21fda89565d71505d7/src/config.ts#L235-L243

juxtin commented 2 months ago

Thanks for the report, @jdavis-etdx! I see you also opened and closed a PR for this, but I've gone ahead and created another solution in https://github.com/actions/dependency-review-action/pull/761.

jdavis-etdx commented 2 months ago

Excellent! I am just happy to get it resolved. Thanks @juxtin

juxtin commented 2 months ago

@jdavis-etdx v4.3.2 has been released and the v4 tag has been updated, so you shouldn't see this issue again.