chore: add dependency review

[sheyanjie-qq]

Description

add dependency review

Issue(s)

• Close: https://project.feishu.cn/taosdata_td/feature/detail/6785941906

Checklist

Please check the items in the checklist if applicable.

• Is the user manual updated?
• Are the test cases passed and automated?
• Is there no significant decrease in test coverage?

[gemini-code-assist]

Summary of Changes

Hello @sheyanjie-qq, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request, titled 'chore: add dependency review', aims to introduce dependency review capabilities. However, the provided patch primarily focuses on minor maintenance within the .gitignore file. Specifically, it adds .DS_Store to the ignore list and ensures a consistent newline at the end of the version.txt entry. The core 'dependency review' functionality mentioned in the title and description is not reflected in the code changes provided.

Highlights

• .gitignore update: The .gitignore file has been modified to include .DS_Store in the list of ignored files.
• File formatting: A trailing newline character has been added to the version.txt entry within the .gitignore file, ensuring consistent file formatting.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• .gitignore
  • Added .DS_Store to the list of ignored files.
  • Ensured the version.txt entry has a trailing newline character.

Ignored Files

• Ignored by pattern: .github/workflows/** (4)
  • .github/workflows/ci.yml
  • .github/workflows/codeql.yml
  • .github/workflows/dependency-report.yml
  • .github/workflows/trivy-scan.yml

Activity

• The pull request was opened by sheyanjie-qq with the title 'chore: add dependency review'.
• The description states the intent to 'add dependency review' and includes a standard checklist for PRs.
• No review comments or further activity have been recorded since the PR's creation based on the provided context.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request updates the .gitignore file to ignore .DS_Store files and adds a newline at the end of the file. These are good housekeeping changes. However, the title and description of the pull request mention 'dependency review', which doesn't seem to align with the actual changes. It would be helpful to update them to accurately reflect the modifications. I've also left a minor suggestion to improve the formatting of the .gitignore file.

[Copilot]

Pull request overview

Adds automated dependency/security scanning to the repository via GitHub Actions, alongside small CI and housekeeping updates.

Changes:

• Add Trivy vulnerability + license scanning workflow with SARIF upload.
• Add OWASP Dependency-Check “dependency report” workflow (scheduled + on PR).
• Add CodeQL Advanced workflow for code scanning; update CI to use actions/checkout@v4 and tweak .gitignore.

Reviewed changes

Copilot reviewed 4 out of 5 changed files in this pull request and generated 6 comments.

Show a summary per file

File	Description
.gitignore	Ignore macOS .DS_Store and normalize version.txt ignore entry.
.github/workflows/ci.yml	Bump actions/checkout from v3 to v4.
.github/workflows/trivy-scan.yml	Introduce Trivy FS vulnerability scan + SARIF upload + license scan.
.github/workflows/dependency-report.yml	Introduce OWASP Dependency-Check scheduled/PR workflow and artifact upload.
.github/workflows/codeql.yml	Introduce CodeQL Advanced workflow configuration.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.