From dd7d2d7b0dfed6de773e6c3f97be0b79a5612eae Mon Sep 17 00:00:00 2001 From: Marco Mariani Date: Thu, 2 Feb 2023 10:17:53 +0100 Subject: [PATCH 1/5] CI: dependency review action --- .github/workflows/dependency-review.yml | 28 +++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 .github/workflows/dependency-review.yml diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml new file mode 100644 index 00000000000..faf4c8486a4 --- /dev/null +++ b/.github/workflows/dependency-review.yml @@ -0,0 +1,28 @@ +--- +name: Dependency review + +on: + push: + branches: + - master + - releases/** + paths-ignore: + - 'README.md' + pull_request: + branches: + - master + - releases/** + paths-ignore: + - 'README.md' + +jobs: + review: + name: "Dependency Review" + runs-on: ubuntu-latest + steps: + - name: Check out CrowdSec repository + uses: actions/checkout@v3 + - name: Dependency Review + uses: actions/dependency-review-action@v3 + with: + deny-licenses: 'GPL-1.0+' From 59f4af024ec963a2ffbea13c914edb0c7abaa6b3 Mon Sep 17 00:00:00 2001 From: Marco Mariani Date: Thu, 2 Feb 2023 11:44:54 +0100 Subject: [PATCH 2/5] wip --- .github/workflows/dependency-review.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index faf4c8486a4..da45c23831b 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -25,4 +25,4 @@ jobs: - name: Dependency Review uses: actions/dependency-review-action@v3 with: - deny-licenses: 'GPL-1.0+' + deny-licenses: 'MIT' From c7e7acb2da08bb4d6007a813c3f279b064be6de7 Mon Sep 17 00:00:00 2001 From: marco Date: Fri, 2 Aug 2024 15:30:28 +0200 Subject: [PATCH 3/5] update action --- .github/workflows/dependency-review.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index da45c23831b..efe2a90a9b0 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -21,8 +21,8 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out CrowdSec repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Dependency Review - uses: actions/dependency-review-action@v3 + uses: actions/dependency-review-action@v4 with: deny-licenses: 'MIT' From 7414dac9e033a1c56624f534dc6b165bdf09e69e Mon Sep 17 00:00:00 2001 From: marco Date: Mon, 9 Feb 2026 13:58:38 +0100 Subject: [PATCH 4/5] update actions --- .github/workflows/codeql-analysis.yml | 4 ++-- .github/workflows/dependency-review.yml | 4 ++-- .github/workflows/docker-tests.yml | 2 +- .github/workflows/version.yml | 4 ++-- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 03ddd18dfbb..d294f3a2b4c 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -57,7 +57,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@6bc82e05fd0ea64601dd4b465378bbcf57de0314 # v4.32.1 + uses: github/codeql-action/init@b5ebac6f4c00c8ccddb7cdcd45fdb248329f808a # v3.32.2 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -81,4 +81,4 @@ jobs: make clean build BUILD_RE2_WASM=1 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@6bc82e05fd0ea64601dd4b465378bbcf57de0314 # v4.32.1 + uses: github/codeql-action/analyze@b5ebac6f4c00c8ccddb7cdcd45fdb248329f808a # v3.32.2 diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index efe2a90a9b0..5fa5f7c4496 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -21,8 +21,8 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out CrowdSec repository - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Dependency Review - uses: actions/dependency-review-action@v4 + uses: actions/dependency-review-action@3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261 # v4.8.2 with: deny-licenses: 'MIT' diff --git a/.github/workflows/docker-tests.yml b/.github/workflows/docker-tests.yml index 4c30ba80062..9a1745568c3 100644 --- a/.github/workflows/docker-tests.yml +++ b/.github/workflows/docker-tests.yml @@ -54,7 +54,7 @@ jobs: run: docker network create net-test - name: Install uv - uses: astral-sh/setup-uv@803947b9bd8e9f986429fa0c5a41c367cd732b41 # v7.2.1 + uses: astral-sh/setup-uv@eac588ad8def6316056a12d4907a9d4d84ff7a3b # v7.3.0 with: version: 0.5.24 enable-cache: true diff --git a/.github/workflows/version.yml b/.github/workflows/version.yml index 71a35e0d819..b88c615c475 100644 --- a/.github/workflows/version.yml +++ b/.github/workflows/version.yml @@ -23,7 +23,7 @@ jobs: steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v4 + - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 with: node-version: 20 @@ -63,7 +63,7 @@ jobs: # Deploy the build output directory (adjust ./dist to your framework output) - name: Publish to Cloudflare Pages - uses: cloudflare/wrangler-action@da0e0dfe58b7a431659754fdf3f186c529afbe65 # v3 + uses: cloudflare/wrangler-action@da0e0dfe58b7a431659754fdf3f186c529afbe65 # v3.14.1 with: apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }} accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} From 880b009a52471aae1b1e3297aa5d1cc2e291c5c0 Mon Sep 17 00:00:00 2001 From: marco Date: Mon, 9 Feb 2026 14:02:12 +0100 Subject: [PATCH 5/5] deny -> allow --- .github/workflows/dependency-review.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 5fa5f7c4496..d5249148efa 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -15,6 +15,9 @@ on: paths-ignore: - 'README.md' +permissions: + contents: read + jobs: review: name: "Dependency Review" @@ -25,4 +28,4 @@ jobs: - name: Dependency Review uses: actions/dependency-review-action@3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261 # v4.8.2 with: - deny-licenses: 'MIT' + allow-licenses: 'MIT'