[BUG] Dependency Review reports the Vulnerability which we are updating. #830
Comments
|
👋 This issue has been marked as stale because it has been open with no activity for 180 days. You can: comment on the issue or remove the stale label to hold stalebot off for a while, add the |
|
👋 This issue has been closed by stalebot because it has been open with no activity for over 180 days. Please see CONTRIBUTING.md for more policy details. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
Hello ,
I had a quick question , if the changes are made to package.json file does dependency scans for lock file as well ?? But in the PR there is no changes made to the lock file.
Here , we saw an issue with there was a PR raised by dependabot to bump the body parser version from 1.20.2 to 1.20.3 . PR is making the change but the dependency review check is failing here , I don't understand why ??
Please find the attach screenshots!!
To Reproduce
Steps to reproduce the behavior:
Expected behavior
A clear and concise description of what you expected to happen.
Screenshots
If applicable, add screenshots to help explain your problem.
Action version
What version of the action are you using in your workflow?
Note: if you're not running the latest release please try that first!
Examples
If possible, please link to a public example of the issue that you're encountering, or a copy of the workflow that you're using to run the action.
If you have encountered a problem with a specific package (e.g. issue with license or attributions data) please share details about the package, as well as a link to the manifest where it's being referenced.
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: