issues Search Results · repo:actions/dependency-review-action language:TypeScript
Filter by
174 results
(59 ms)174 results
inactions/dependency-review-action (press backspace or delete to remove)Describe the bug
When submitting dependencies via the Dependency Submission API, License and ScoreCard Info is empty.
To Reproduce Steps to reproduce the behavior:
1. Report Dependencies via API. Example ...
bug
maennchen
- 1
- Opened 12 days ago
- #923
Is your feature request related to a problem? Please describe. When a dependency is added and dependency-review-action
is enabled after, the dependency isn t scanned.
Describe the solution you d like ...
enhancement
Wovchena
- Opened 21 days ago
- #922
Describe the bug Error message mentions private repositories, but the action can know that the repository in question is
not private.
To Reproduce Steps to reproduce the behavior:
1. Go to https://github.com/check-spelling-sandbox/caffeine/actions/runs/14451650273/job/40525556101?pr=1#step:5:9 ...
bug
jsoref
- Opened 24 days ago
- #919
Describe the bug The dependency-review-action does not properly resolve package versions in C# projects that use
centralized package management (Directory.Packages.props). The action inspects only .csproj ...
bug
dave-schmitz1
- Opened 28 days ago
- #917
Describe the bug v4 tag should be updated to point to the latest v4.6.0
To Reproduce Steps to reproduce the behavior:
1. Go to Tags page
2. Look at the SHA of v4 and v4.6.0
Expected behavior SHA should ...
bug
fabasoad
- 3
- Opened on Apr 1
- #912
Describe the bug Hi! Docs contain explicit note about underscores in config file
https://github.com/actions/dependency-review-action?tab=readme-ov-file#option-2-using-an-external-configuration-file For ...
bug
ChesterEcwid
- Opened on Mar 31
- #909
Describe the bug Starting on version v4.3.4, the MIT license began displaying the following error:
The following dependencies have incompatible licenses:
.github/workflows/dependabot-dependency-review.yml ...
bug
mathiasquatorze
- 7
- Opened on Mar 17
- #907
Describe the bug
At a glance, (MIT OR Apache-2.0) AND Unicode-3.0 looks to me like a valid SPDX license but dependency-review-action is
having trouble with it.
https://github.com/Chia-Network/clvm_tools_rs/actions/runs/13433337446/job/37529914688?pr=88 ...
bug
altendky
- 7
- Opened on Feb 20
- #897
Describe the bug
I have a PR that upgrades our application from Nokogiri v1.18.2 to v1.18.3 to address the recent CVE. However, in that
PR the dependency review action is reporting v1.18.3 as vulnerable ...
bug
larouxn
- 6
- Opened on Feb 19
- #896
Describe the bug When using dependency-review-action@v4.5.0 inside a reusable workflow invoked from another repository,
the action consistently logs::
No snapshots were found for the head SHA commit-hash ...
bug
AppSecCharlie
- Opened on Feb 5
- #892
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip!
Press the /
key to activate the search input again and adjust your query.Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip!
Press the /
key to activate the search input again and adjust your query.