Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add dependency review action #891

Merged
merged 1 commit into from
May 4, 2022
Merged

Add dependency review action #891

merged 1 commit into from
May 4, 2022

Conversation

ericwb
Copy link
Member

@ericwb ericwb commented May 3, 2022

This change adds a new GitHub Action that can check for a dependency that has known vulnerabilities being introduced via the pull request.

https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement

Signed-off-by: Eric Brown eric_wade_brown@yahoo.com

This change adds a new GitHub Action that can check for a dependency that has known vulnerabilities being introduced via the pull request.

https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement

Signed-off-by: Eric Brown <eric_wade_brown@yahoo.com>
@sigmavirus24 sigmavirus24 merged commit c6b3db7 into PyCQA:main May 4, 2022
@ericwb ericwb deleted the dependency-review branch May 4, 2022 02:23
@mportesdev
Copy link
Contributor

Hi Eric, I guess the ericwb-patch-2 branch can also be deleted after this merge?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants