name: Dependency Review on: pull_request: paths: - "**/package.json" - "**/package-lock.json" - "**/pnpm-lock.yaml" - "pnpm-workspace.yaml" permissions: contents: read jobs: dependency-review: runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v6 - name: Dependency Review uses: actions/dependency-review-action@v5 with: fail-on-severity: high fail-on-scopes: runtime, development, unknown license-check: false show-patched-versions: true