Skip to content

ci(deps): bump actions/checkout from 4 to 6 #1

ci(deps): bump actions/checkout from 4 to 6

ci(deps): bump actions/checkout from 4 to 6 #1

Workflow file for this run

# SPDX-License-Identifier: Apache-2.0 OR MIT
# Scheduled supply-chain scanning and pull-request dependency review.
# Complements ci.yml (which runs cargo-deny on push); this re-scans on a weekly
# schedule to catch newly disclosed advisories against unchanged dependencies,
# and reviews dependency changes on pull requests.
name: security
on:
schedule:
- cron: "0 6 * * 1"
pull_request:
branches: [main]
workflow_dispatch:
permissions:
contents: read
jobs:
advisories:
name: cargo-deny (advisories, bans, licences, sources)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- uses: EmbarkStudios/cargo-deny-action@v2
with:
command: check
dependency-review:
name: Dependency review
runs-on: ubuntu-latest
if: github.event_name == 'pull_request'
steps:
- uses: actions/checkout@v6
- uses: actions/dependency-review-action@v4