⬆️ Bump the nuget-dependencies group with 2 updates #655
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 'Dependency Review' | |
| on: [pull_request, push, workflow_dispatch] | |
| permissions: | |
| contents: read | |
| # https://www.meziantou.net/how-to-cancel-github-workflows-when-pushing-new-commits-on-a-branch.htm | |
| concurrency: | |
| # pull request number or branch name if not a pull request | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| dependency-review: | |
| if: ${{ contains(github.event.pull_request.user.login, 'dependabot') }} == false && ${{ contains(github.event.issue.user.login, 'dependabot') }} == false | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: 'Checkout Repository' | |
| uses: actions/checkout@v4.1.7 | |
| - name: 'Dependency Review' | |
| uses: actions/dependency-review-action@v4 | |
| with: | |
| base-ref: master | |
| head-ref: master | |
| fail-on-severity: high | |
| - name: Check for vulnerable packages | |
| run: | | |
| set -e # This will cause the script to exit on the first error | |
| dotnet restore --force-evaluate | |
| OUTPUT=$(dotnet list package --vulnerable --include-transitive) | |
| echo "$OUTPUT" | |
| if echo "$OUTPUT" | grep -q 'Vulnerable'; then | |
| echo "Vulnerable packages found" | |
| exit 1 | |
| else | |
| echo "No vulnerable packages found" | |
| fi |