Closed jdavis-etdx closed 2 months ago
Thanks for the report, @jdavis-etdx! I see you also opened and closed a PR for this, but I've gone ahead and created another solution in https://github.com/actions/dependency-review-action/pull/761.
Excellent! I am just happy to get it resolved. Thanks @juxtin
@jdavis-etdx v4.3.2 has been released and the v4 tag has been updated, so you shouldn't see this issue again.
The following change made in #753 is now causing using the
allow-dependencies-licenses
configuration to fail the action with the following error:Error: Invalid purl(s) in allow-dependencies-licenses:...
when configured. This logic is indicating that if the the error property for an object in the list is null, add it to theinvalid_purls
list in which an an exception if this list has at at least one item. The correct logic should be to only add an item to the list if the error property contains a value.https://github.com/actions/dependency-review-action/blob/e58c696e52cac8e62d61cc21fda89565d71505d7/src/config.ts#L235-L243