8000 Allow deny package removal by ellenfieldn · Pull Request #888 · actions/dependency-review-action · GitHub
[go: up one dir, main page]
Skip to content

Allow deny package removal #888

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Feb 6, 2025
Merged

Allow deny package removal #888

merged 4 commits into from
Feb 6, 2025

Conversation

ellenfieldn
Copy link
Contributor

Summary

There was a bug where if a repository already has a dependency specified as part of deny_packages, the dependency review action will block any commit that attempts to remove that dependency. See #887

In deny.ts, there was no logic around whether the dependency was being added or removed as part of the change. By comparison, licenses are only rejected when dependencies are added or updated (which I believe shows up as two distinct changes -- an add and a remove).

This PR updates the behavior so that pre-existing dependencies not allowed as part of deny_packages can be removed. This works for each of the key scenarios:

  • Deny a package by name
  • Deny a package by name and version
  • Deny a package by namespace

@ellenfieldn ellenfieldn requested a review from a team as a code owner January 27, 2025 21:14
@AshelyTC
Copy link
Contributor
AshelyTC commented Feb 5, 2025

👋 @ellenfieldn thank you for contributing! There seems to be an error with the generated /dist files — it's failing in one of our CI checks. Could you try rebuilding the changes by running npm run build && npm run package?

@ellenfieldn
Copy link
Contributor Author

👋 @ellenfieldn thank you for contributing! There seems to be an error with the generated /dist files — it's failing in one of our CI checks. Could you try rebuilding the changes by running npm run build && npm run package?

Woops! Sorry about that, I think i crossed some streams when I merged from main.

Ran the commands and also enabled and ran the action in my fork just to be sure.

@AshelyTC AshelyTC merged commit ea2cae5 into actions:main Feb 6, 2025
6 checks passed
@brrygrdn brrygrdn mentioned this pull request Apr 1, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AshelyTC AshelyTC AshelyTC approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ellenfieldn @AshelyTC
0