Merge pull request #806 from finos/fix-private-to-private-contributions

feat: support secure interactions with private repositories 🔒
finos · Nov 20, 2024 · 4cf8c01 · 4cf8c01
2 parents 5ac891c + 793194f
commit 4cf8c01
Show file tree

Hide file tree

Showing 5 changed files with 254 additions and 125 deletions.
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -9,13 +9,13 @@ jobs:
   dependency-review:
     runs-on: ubuntu-latest
     steps:
-     - name: 'Checkout Repository'
-       uses: actions/checkout@v4
-     - name: Dependency Review
-       uses: actions/dependency-review-action@v4
-       with:
-        comment-summary-in-pr: always
-        fail-on-severity: high
-        allow-licenses: MIT, Apache-2.0, BSD-3-Clause, ISC, BSD-2-Clause, Unlicense, CC0-1.0, 0BSD, X11, MPL-2.0, MPL-1.0, MPL-1.1, MPL-2.0
-        fail-on-scopes: development, runtime
-        allow-dependencies-licenses: 'pkg:npm/caniuse-lite'
+      - name: 'Checkout Repository'
+        uses: actions/checkout@v4
+      - name: Dependency Review
+        uses: actions/dependency-review-action@v4
+        with:
+          comment-summary-in-pr: always
+          fail-on-severity: high
+          allow-licenses: MIT, Apache-2.0, BSD-3-Clause, ISC, BSD-2-Clause, Unlicense, CC0-1.0, 0BSD, X11, MPL-2.0, MPL-1.0, MPL-1.1, MPL-2.0, Zlib
+          fail-on-scopes: development, runtime
+          allow-dependencies-licenses: 'pkg:npm/caniuse-lite'