deps: bump serde_json from 1.0.149 to 1.0.150 #121
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Dependency Review | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| permissions: | |
| contents: read | |
| pull-requests: read | |
| jobs: | |
| dependency-review: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Detect dependency graph support | |
| id: depgraph | |
| uses: actions/github-script@v7 | |
| with: | |
| script: | | |
| const { owner, repo } = context.repo; | |
| try { | |
| await github.request("GET /repos/{owner}/{repo}/dependency-graph/sbom", { | |
| owner, | |
| repo, | |
| }); | |
| core.setOutput("enabled", "true"); | |
| core.notice("Dependency graph is available; running dependency review."); | |
| } catch (error) { | |
| if (error.status === 403 || error.status === 404) { | |
| core.setOutput("enabled", "false"); | |
| core.warning( | |
| "Dependency graph is unavailable; skipping dependency review. Enable Dependency graph in repository security analysis settings to enforce this check.", | |
| ); | |
| } else { | |
| throw error; | |
| } | |
| } | |
| - name: Dependency review | |
| if: steps.depgraph.outputs.enabled == 'true' | |
| uses: actions/dependency-review-action@v4 |