Skip to content

chore(deps): bump the github-actions group across 1 directory with 6 updates #928

chore(deps): bump the github-actions group across 1 directory with 6 updates

chore(deps): bump the github-actions group across 1 directory with 6 updates #928

# Copyright(C) 2025-2026 Advanced Micro Devices, Inc. All rights reserved.
# SPDX-License-Identifier: MIT
# Dependency review (SCA) — flags known-vulnerable or restrictively-licensed
# dependencies introduced by a PR. SAST is already handled by GitHub's
# default CodeQL setup (enabled at the repo level).
name: Dependency Review
on:
pull_request:
branches: [ main ]
types: [opened, synchronize, reopened, ready_for_review]
merge_group:
workflow_dispatch:
# Cancel in-progress runs when a new run is triggered
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.ref }}
cancel-in-progress: true
permissions:
contents: read
pull-requests: write
jobs:
dependency-review:
name: Dependency Review
runs-on: ubuntu-latest
timeout-minutes: 10
if: github.event_name != 'pull_request' || github.event.pull_request.draft == false || contains(github.event.pull_request.labels.*.name, 'ready_for_ci')
steps:
- uses: actions/checkout@v7
- name: Dependency Review
uses: actions/dependency-review-action@v5
with:
fail-on-severity: high
deny-licenses: GPL-3.0, AGPL-3.0
comment-summary-in-pr: on-failure