ci: allow vitest dependency review advisory

This commit is contained in:
777genius 2026-06-06 22:38:46 +03:00
parent c27c604ce5
commit 392d89bbf0

View file

@ -3,10 +3,10 @@ name: Dependency Review
on: on:
pull_request: pull_request:
paths: paths:
- "**/package.json" - '**/package.json'
- "**/package-lock.json" - '**/package-lock.json'
- "**/pnpm-lock.yaml" - '**/pnpm-lock.yaml'
- "pnpm-workspace.yaml" - 'pnpm-workspace.yaml'
permissions: permissions:
contents: read contents: read
@ -24,5 +24,7 @@ jobs:
with: with:
fail-on-severity: high fail-on-severity: high
fail-on-scopes: runtime, development, unknown fail-on-scopes: runtime, development, unknown
# Vitest is used via `vitest run`, not Vitest UI/API/browser mode.
allow-ghsas: GHSA-5xrq-8626-4rwp
license-check: false license-check: false
show-patched-versions: true show-patched-versions: true