Pin version and ignore broken versions for dependency-review-action

See kachick/kachick.github.io#148 and kachick/wait-other-jobs#780 for the detail
kachick · Apr 30, 2024 · ef7a373 · ef7a373
1 parent 132b2b8
commit ef7a373
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -6,6 +6,13 @@ updates:
       interval: 'weekly'
     ignore:
       - dependency-name: 'crate-ci/typos'
+      - dependency-name: 'actions/dependency-review-action'
+        versions:
+          # https://github.com/actions/dependency-review-action/issues/759
+          - '4.3.1'
+          - '4.3.0'
+          # https://github.com/actions/dependency-review-action/issues/493
+          - '3.0.5'
     groups:
       determinatesystems-actions:
         patterns:

diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -13,7 +13,7 @@ jobs:
       - name: 'Checkout Repository'
         uses: actions/checkout@v4
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@v4
+        uses: actions/dependency-review-action@v4.2.5
         with:
           # https://spdx.org/licenses/
           allow-licenses: MIT, BSD-3-Clause, BSD-2-Clause, 0BSD, Unlicense, ISC, Apache-2.0, CC-BY-4.0