add a version #24
dependency-review.yml
on: pull_request
dependency-review
8s
Annotations
1 error and 2 warnings
dependency-review
Dependency review detected vulnerable packages.
|
dependency-review
Unexpected input(s) 'trusty-scores', 'trusty-show', valid inputs are ['repo-token', 'fail-on-severity', 'fail-on-scopes', 'base-ref', 'head-ref', 'config-file', 'allow-licenses', 'deny-licenses', 'allow-dependencies-licenses', 'allow-ghsas', 'external-repo-token', 'license-check', 'vulnerability-check', 'comment-summary-in-pr', 'deny-packages', 'deny-groups', 'retry-on-snapshot-warnings', 'retry-on-snapshot-warnings-timeout', 'warn-only', 'show-openssf-scorecard', 'warn-on-openssf-scorecard-level']
|
OpenSSF Scorecard Warning
npm/bluebird has an OpenSSF Scorecard of 1.8, which is less than this repository's threshold of 3.
|