Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Test package deny list 9 #11

Closed
wants to merge 3 commits into from
Closed

Test package deny list 9 #11

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
eb65890
Update DependencyReview.yml
AlexWilson-GIS Feb 27, 2024
1a27fb7
Update pom.xml
AlexWilson-GIS Feb 27, 2024
d7f1fae
Update dependency-review-config.yml
AlexWilson-GIS Feb 27, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions .github/dependency-review-config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,9 +65,9 @@ deny_packages:
- 'pkg:maven/org.apache.logging.log4j/[email protected]'
- 'pkg:maven/org.apache.logging.log4j/[email protected]'
# Any number of groups (namespaces in purl format) to block in a PR.
deny_groups:
#deny_groups:
# All log4j v1
- 'pkg:maven/log4j'
#- 'pkg:maven/log4j'
# Enable or disable retrying the action every 10 seconds while waiting for dependency submission actions to complete.
# This will have no effect on GHES until the Dependency Submission API is available.
retry_on_snapshot_warnings: true
Expand All @@ -78,4 +78,4 @@ warn_only: true
# We are not going to run license checks for now.
# We will look into running them later.
# This check doesn't run on GHES anyway due to limitations in the API, so enabling it would only change things in github.com
license_check: false
license_check: false
6 changes: 3 additions & 3 deletions .github/workflows/DependencyReview.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,12 +14,12 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: 'Dependency Review'
uses: actions/dependency-review-action@v3
uses: actions/dependency-review-action@v4
with:
# This argument supplies the configuration file in this repo to your action.
config-file: './.github/dependency-review-config.yml'
# You only need this if the repo containing the config file is not publicly accessible.
# This currently includes all GHES repos.
#external-repo-token: ${{ secrets.GITHUB_TOKEN }} # or a personal access token
#external-repo-token: ${{ secrets.GITHUB_TOKEN }} # or a personal access token
6 changes: 6 additions & 0 deletions my-app/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,12 @@
</properties>

<dependencies>
<!-- https://mvnrepository.com/artifact/log4j/log4j -->
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>1.2.17</version>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
Expand Down
Loading