agent-ecosystem/.github/workflows/dependency-review.yml
2026-06-06 22:38:46 +03:00

30 lines
701 B
YAML

name: Dependency Review
on:
pull_request:
paths:
- '**/package.json'
- '**/package-lock.json'
- '**/pnpm-lock.yaml'
- 'pnpm-workspace.yaml'
permissions:
contents: read
jobs:
dependency-review:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v6
- name: Dependency Review
uses: actions/dependency-review-action@v5
with:
fail-on-severity: high
fail-on-scopes: runtime, development, unknown
# Vitest is used via `vitest run`, not Vitest UI/API/browser mode.
allow-ghsas: GHSA-5xrq-8626-4rwp
license-check: false
show-patched-versions: true