Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: add dependency-review #963

Merged
merged 1 commit into from
Apr 14, 2022
Merged

ci: add dependency-review #963

merged 1 commit into from
Apr 14, 2022

Conversation

tao12345666333
Copy link
Member

Signed-off-by: Jintao Zhang zhangjintao9020@gmail.com

Type of change:

  • Bugfix
  • New feature provided
  • Improve performance
  • Backport patches

What this PR does / why we need it:

You can use the Dependency Review GitHub Action in your repository to enforce dependency reviews on your pull requests. The action scans for vulnerable versions of dependencies introduced by package version changes in pull requests, and warns you about the associated security vulnerabilities. This gives you better visibility of what's changing in a pull request, and helps prevent vulnerabilities being added to your repository.

xref: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement

Pre-submission checklist:

  • Did you explain what problem does this PR solve? Or what new features have been added?
  • Have you added corresponding test cases?
  • Have you modified the corresponding document?
  • Is this PR backward compatible? If it is not backward compatible, please discuss on the mailing list first

@tao12345666333
ci: add dependency-review
1abb267 
Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
@gxthrj gxthrj merged commit 77ab065 into apache:master Apr 14, 2022
@tao12345666333 tao12345666333 deleted the ci-dep-review branch April 14, 2022 09:00
AlinsRan pushed a commit to AlinsRan/apisix-ingress-controller that referenced this pull request May 9, 2022
@tao12345666333
ci: add dependency-review (apache#963)
01c11dc 
Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gxthrj gxthrj gxthrj approved these changes

@lingsamuel lingsamuel lingsamuel approved these changes

@tokers tokers Awaiting requested review from tokers

@nic-6443 nic-6443 Awaiting requested review from nic-6443

@juzhiyuan juzhiyuan Awaiting requested review from juzhiyuan

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@tao12345666333 @gxthrj @lingsamuel