chore(dependencies): loosen constraints on dependency checker (#26708)

apache · Jan 22, 2024 · ffc357c · ffc357c
1 parent 3ed70d8
commit ffc357c
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -4,7 +4,7 @@
 #
 # Source repository: https://github.com/actions/dependency-review-action
 # Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
-name: 'Dependency Review'
+name: "Dependency Review"
 on: [pull_request]
 
 permissions:
@@ -14,12 +14,12 @@ jobs:
  dependency-review:
  runs-on: ubuntu-latest
  steps:
- - name: 'Checkout Repository'
+ - name: "Checkout Repository"
  uses: actions/checkout@v3
- - name: 'Dependency Review'
+ - name: "Dependency Review"
  uses: actions/dependency-review-action@v2
  with:
- fail-on-severity: high
+ fail-on-severity: critical
  # compatible/incompatible licenses addressed here: https://www.apache.org/legal/resolved.html
  # find SPDX identifiers here: https://spdx.org/licenses/
  deny-licenses: MS-LPL, BUSL-1.1, QPL-1.0, Sleepycat, SSPL-1.0, CPOL-1.02, AGPL-3.0, GPL-1.0+, BSD-4-Clause-UC, NPL-1.0, NPL-1.1, JSON