Jon Janego comments

Results 36 comments of


                                            Jon Janego

Blocking issues (should block but does not)

Hi @austimkelly, thank you for the feedback! re: > Additionally, allow-licenses and deny-licenses cannot be used together. This is by design. I've updated [the readme](https://github.com/actions/dependency-review-action/blob/main/README.md) to clarify the behavior.

Support for packages with multiple licenses

> We are using many packages which uses multiple packages HI @prakyathr thank you for following up on this. Could you clarify, do you mean you're using packages that use...

Support for packages with multiple licenses

@prakyathr Thanks for clarifying! We're going to look into this and will share an update when we have more information on next steps.

Add 'licence' field to /api/packages/<package> endpoint

👋 from the [GitHub dependency graph team](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph). We'd also love to have this data in the API, as it would help us report on license information in Dart packages. Currently...

Monkey patch to add method default_gem? to Bundler LazySpecification

Do we have usage stats on distribution of bundler 1 vs. bundler 2 jobs? Bundler v1 appears to not be "formally EOL", but by the transitive nature of its requirements,...

Monkey patch to add method default_gem? to Bundler LazySpecification

> > Bundler v1 appears to not be "formally EOL", but by the transitive nature of its requirements, it's effectively EOL. Per https://bundler.io/guides/bundler_2_upgrade.html v2 requires a minimum ruby version of...

Monkey patch to add method default_gem? to Bundler LazySpecification

> You can check Bundler policies [here](https://github.com/rubygems/rubygems/blob/master/bundler/doc/POLICIES.md#compatibility-guidelines). > > We should generalize them now that we've settled on "following Ruby". Last time we updated them it was 2022, and we...