Closed xmudrii closed 3 weeks ago
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: saschagrunert, Verolop, xmudrii
The full list of commands accepted by this bot can be found here.
The pull request process is described here
What type of PR is this?
/kind cleanup
What this PR does / why we need it:
It seems like the
dependency-review
action usesapi.deps.dev
to analyze vulnerabilities in packages: https://github.com/actions/dependency-review-action/blob/df5d74f5d3fc9748a904ea2f1dc6bdddea6439d6/src/scorecard.ts#L71Given that we only allow specific URLs, it could be that the action can't reach this URL and instead fails with
fetch failed
.Which issue(s) this PR fixes:
xref https://github.com/actions/dependency-review-action/issues/736 and https://github.com/kubernetes/release/pull/3641
Does this PR introduce a user-facing change?
/assign @saschagrunert @cpanato @Verolop cc @kubernetes/release-engineering