Bump dotnet-sdk from 9.0.102 to 9.0.200 (#248) #818
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 'Dependency Review' | |
| on: [pull_request, push, workflow_dispatch] | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| # https://www.meziantou.net/how-to-cancel-github-workflows-when-pushing-new-commits-on-a-branch.htm | |
| concurrency: | |
| # pull request number or branch name if not a pull request | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| dependency-review: | |
| if: github.actor != 'dependabot[bot]' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: 'Checkout Repository' | |
| uses: actions/[email protected] | |
| - name: 'Dependency Review' | |
| uses: actions/dependency-review-action@v4 | |
| with: | |
| base-ref: master | |
| head-ref: master | |
| fail-on-severity: high | |
| comment-summary-in-pr: always | |
| - name: Set up .NET | |
| uses: actions/[email protected] | |
| with: | |
| global-json-file: global.json | |
| cache: true | |
| cache-dependency-path: '**/packages.lock.json' | |
| - name: Check for vulnerable packages | |
| run: | | |
| set -e # This will cause the script to exit on the first error | |
| dotnet restore --force-evaluate | |
| OUTPUT=$(dotnet list package --vulnerable --include-transitive) | |
| echo "$OUTPUT" | |
| if echo "$OUTPUT" | grep -q 'Vulnerable'; then | |
| echo "Vulnerable packages found" | |
| exit 1 | |
| else | |
| echo "No vulnerable packages found" | |
| fi |