Skip to content

Update dependency lucide-react to v1.23.0 #1082

Update dependency lucide-react to v1.23.0

Update dependency lucide-react to v1.23.0 #1082

name: Dependency Review
# Block PRs that introduce dependencies with known high-severity CVEs or
# licenses outside the project's accepted set. Runs on every PR targeting
# main.
#
# Ref: #1273
on:
pull_request:
branches: [main]
concurrency:
group: dependency-review-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
permissions:
contents: read
jobs:
review:
name: Dependency review
runs-on: ubuntu-latest
timeout-minutes: 10
permissions:
contents: read
pull-requests: write
steps:
- name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
- name: Dependency Review
uses: actions/dependency-review-action@a1d282b36b6f3519aa1f3fc636f609c47dddb294 # v5.0.0
with:
fail-on-severity: high
comment-summary-in-pr: on-failure
# Accepted OSS-permissive licenses. Keep in sync with
# .github/workflows/license-compliance.yml.
allow-licenses: >-
Apache-2.0,
MIT,
BSD-2-Clause,
BSD-3-Clause,
ISC,
MPL-2.0,
Python-2.0,
Unlicense,
CC0-1.0
# Specific dependencies exempted from the license allow-list.
# SonarSource/sonarqube-scan-action is LGPL-3.0 (CI-only GitHub
# Action, not linked into the distributed wheel - runs in an
# isolated workflow runner, so library-level LGPL obligations
# do not propagate to the project's binaries).
allow-dependencies-licenses: >-
pkg:githubactions/SonarSource/sonarqube-scan-action