Stirling-PDF/.github/workflows/dependency-review.yml

# Dependency Review Action
#
# This Action will scan dependency manifest files that change as part of a Pull Request,
# surfacing known-vulnerable versions of the packages declared or updated in the PR.
# Once installed, if the workflow run is marked as required,
# PRs introducing known-vulnerable packages will be blocked from merging.
#
# Source repository: https://github.com/actions/dependency-review-action
name: "Dependency Review"
on: [pull_request]

permissions:
  contents: read

jobs:
  dependency-review:
    runs-on: ubuntu-latest
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
        with:
          egress-policy: audit

      - name: "Checkout Repository"
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: "Dependency Review"
        uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0
[StepSecurity] Apply security best practices Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> 2024-12-21 13:28:35 +01:00			`# Dependency Review Action`
			`#`
			`# This Action will scan dependency manifest files that change as part of a Pull Request,`
			`# surfacing known-vulnerable versions of the packages declared or updated in the PR.`
			`# Once installed, if the workflow run is marked as required,`
			`# PRs introducing known-vulnerable packages will be blocked from merging.`
			`#`
			`# Source repository: https://github.com/actions/dependency-review-action`
Bump: Harden Runner from v2.10.2 to v2.10.3 (#2686) # Description https://github.com/Stirling-Tools/Stirling-PDF/security/code-scanning/197 https://github.com/Stirling-Tools/Stirling-PDF/security/code-scanning/198 https://github.com/Stirling-Tools/Stirling-PDF/security/code-scanning/199 ## Checklist - [x] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [x] I have performed a self-review of my own code - [ ] I have attached images of the change if it is UI based - [ ] I have commented my code, particularly in hard-to-understand areas - [ ] If my code has heavily changed functionality I have updated relevant docs on [Stirling-PDFs doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) - [x] My changes generate no new warnings - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) 2025-01-13 23:26:05 +01:00			`name: "Dependency Review"`
[StepSecurity] Apply security best practices Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> 2024-12-21 13:28:35 +01:00			`on: [pull_request]`

			`permissions:`
			`contents: read`

			`jobs:`
			`dependency-review:`
			`runs-on: ubuntu-latest`
			`steps:`
			`- name: Harden Runner`
Bump: Harden Runner from v2.10.2 to v2.10.3 (#2686) # Description https://github.com/Stirling-Tools/Stirling-PDF/security/code-scanning/197 https://github.com/Stirling-Tools/Stirling-PDF/security/code-scanning/198 https://github.com/Stirling-Tools/Stirling-PDF/security/code-scanning/199 ## Checklist - [x] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [x] I have performed a self-review of my own code - [ ] I have attached images of the change if it is UI based - [ ] I have commented my code, particularly in hard-to-understand areas - [ ] If my code has heavily changed functionality I have updated relevant docs on [Stirling-PDFs doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) - [x] My changes generate no new warnings - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) 2025-01-13 23:26:05 +01:00			`uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3`
[StepSecurity] Apply security best practices Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> 2024-12-21 13:28:35 +01:00			`with:`
			`egress-policy: audit`

Bump: Harden Runner from v2.10.2 to v2.10.3 (#2686) # Description https://github.com/Stirling-Tools/Stirling-PDF/security/code-scanning/197 https://github.com/Stirling-Tools/Stirling-PDF/security/code-scanning/198 https://github.com/Stirling-Tools/Stirling-PDF/security/code-scanning/199 ## Checklist - [x] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [x] I have performed a self-review of my own code - [ ] I have attached images of the change if it is UI based - [ ] I have commented my code, particularly in hard-to-understand areas - [ ] If my code has heavily changed functionality I have updated relevant docs on [Stirling-PDFs doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) - [x] My changes generate no new warnings - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) 2025-01-13 23:26:05 +01:00			`- name: "Checkout Repository"`
[StepSecurity] Apply security best practices Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> 2024-12-21 13:28:35 +01:00			`uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2`
Bump: Harden Runner from v2.10.2 to v2.10.3 (#2686) # Description https://github.com/Stirling-Tools/Stirling-PDF/security/code-scanning/197 https://github.com/Stirling-Tools/Stirling-PDF/security/code-scanning/198 https://github.com/Stirling-Tools/Stirling-PDF/security/code-scanning/199 ## Checklist - [x] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [x] I have performed a self-review of my own code - [ ] I have attached images of the change if it is UI based - [ ] I have commented my code, particularly in hard-to-understand areas - [ ] If my code has heavily changed functionality I have updated relevant docs on [Stirling-PDFs doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) - [x] My changes generate no new warnings - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) 2025-01-13 23:26:05 +01:00			`- name: "Dependency Review"`
[StepSecurity] Apply security best practices Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> 2024-12-21 13:28:35 +01:00			`uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0`