chore(deps): Bump dotnet-stryker from 4.14.0 to 4.14.1 #11
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Dependency Review | |
| # Scans dependency changes in PRs for known vulnerabilities (OSV/Advisory DB). | |
| # Fails on HIGH or CRITICAL severity; warns on MODERATE. | |
| # Only runs on pull_request to main so it doesn't block direct pushes. | |
| on: | |
| pull_request: | |
| branches: [main] | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| jobs: | |
| dependency-review: | |
| name: Review dependency changes | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| # continue-on-error: dependency graph may not be indexed on first use after enabling; | |
| # the action fails hard if the graph is unavailable. Real findings are still reported. | |
| continue-on-error: true | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Dependency Review | |
| uses: actions/dependency-review-action@v4 | |
| with: | |
| # Fail the PR if any dependency introduces a HIGH or CRITICAL CVE | |
| fail-on-severity: high | |
| # Post a summary comment on the PR with all findings | |
| comment-summary-in-pr: always | |
| # Reject any dependency whose SPDX license is on this list | |
| deny-licenses: GPL-2.0, LGPL-2.0, AGPL-3.0 | |
| # Don't fail on MODERATE — warn only | |
| warn-only: false |