name: Dependency Review on: push: branches: [ main, develop ] pull_request: branches: [ main, develop ] paths: - '**/package.json' - '**/package-lock.json' - '**/pyproject.toml' - '**/uv.lock' - '**/requirements*.txt' - '.github/workflows/dependency-review.yml' workflow_call: permissions: contents: read jobs: dependency-review: name: Review Dependencies runs-on: ubuntu-latest permissions: contents: write # Elevated for Dependency Submission API (uv.lock) pull-requests: write steps: - name: Checkout code uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false - name: Submit uv.lock dependencies # Runs on push (base snapshots) and non-fork PRs if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository uses: advanced-security/component-detection-dependency-submission-action@b876b8cc341a53970394b33ea0ca4e86c25542de # v0.1.3 with: detectorArgs: 'UvLock=EnableIfDefaultOff' - name: Dependency Review if: github.event_name == 'pull_request' uses: actions/dependency-review-action@a1d282b36b6f3519aa1f3fc636f609c47dddb294 # v5.0.0 with: retry-on-snapshot-warnings: true retry-on-snapshot-warnings-timeout: 120 fail-on-severity: moderate # GHSA-69w3-r845-3855 (CVE-2026-1839): transformers Trainer # arbitrary code execution via torch.load() without weights_only. # The advisory states the issue only affects torch>=2.2 used with # PyTorch < 2.6; the moderation eval pins torch==2.9.1 (>=2.6), so # safe_globals() protection applies and the path is not exploitable. # The only patched release (5.0.0rc3) is a pre-release that breaks # detoxify==0.5.2, which requires transformers<5. allow-ghsas: GHSA-69w3-r845-3855 comment-summary-in-pr: always license-check: true allow-licenses: >- MIT, MIT-0, MIT-CMU, Apache-2.0, BSD-2-Clause, BSD-3-Clause, ISC, 0BSD, BlueOak-1.0.0, CC0-1.0, Unlicense, CC-BY-4.0, CC-BY-3.0, PSF-2.0, Python-2.0, HPND, LicenseRef-scancode-secret-labs-2011, WTFPL, LicenseRef-scancode-unicode # Packages with compound SPDX expressions containing GPL or MPL # from bundled code; distributed licenses are permissive. # pkg:npm/hve-core is the private root package (never published to npm). # pkg:pypi/certifi uses MPL-2.0 (Mozilla CA bundle). # pkg:pypi/charset-normalizer is MIT licensed but some older wheel # metadata declares a compound SPDX expression; the action treats # compound expressions as a mismatch against allow-licenses. # pkg:pypi/shapely declares a compound SPDX expression # (BSD-3-Clause AND LGPL-2.1-only); shapely's distributed code is # BSD-3-Clause and the LGPL component refers to bundled GEOS headers. # The mural skill keyring/cryptography stack below ships permissive # licenses (Apache-2.0, MIT, BSD-3-Clause, PSF-2.0) per each # project's source repository, but PyPI metadata reports "unknown" # so the action requires explicit allowlisting. # pkg:npm/lightningcss (and its optional platform-specific binaries) # is MPL-2.0 licensed; it is pulled in transitively by # @docusaurus/faster's Rspack toolchain. MPL-2.0 is file-level # copyleft and safe to consume as a dependency. # pkg:npm/uri-js declares a compound SPDX expression # (BSD-2-Clause AND BSD-2-Clause-Views); both components are # permissive BSD variants, but the action treats the compound # expression as a mismatch against allow-licenses. # The pkg:pypi/torch ML stack below is the transitive dependency # graph of the moderation eval (scripts/evals/moderation). torch # resolves from the CPU-only wheel index # (download.pytorch.org/whl/cpu), so the nvidia-*-cu12 CUDA runtime # libraries are no longer pulled in. PyPI metadata reports # "unknown" for the remaining packages so the action cannot match # them against allow-licenses: torch is BSD-3-Clause; filelock is # Unlicense (public domain); hf-xet, idna, and safetensors ship # permissive licenses (Apache-2.0 / BSD-style) per their source # repositories. pkg:pypi/regex declares a compound SPDX expression # (CNRI-Python AND Apache-2.0) and is pulled transitively by # transformers; CNRI-Python is a permissive PSF-style license. The # moderation eval is an internal test harness, not a distributed # product. allow-dependencies-licenses: >- pkg:pypi/lxml, pkg:pypi/typing-extensions, pkg:pypi/certifi, pkg:pypi/charset-normalizer, pkg:pypi/shapely, pkg:pypi/backports-tarfile, pkg:pypi/cryptography, pkg:pypi/jaraco-classes, pkg:pypi/jaraco-context, pkg:pypi/jaraco-functools, pkg:pypi/keyrings-alt, pkg:pypi/torch, pkg:pypi/filelock, pkg:pypi/hf-xet, pkg:pypi/idna, pkg:pypi/safetensors, pkg:pypi/regex, pkg:npm/dompurify, pkg:npm/lunr-languages, pkg:npm/lightningcss, pkg:npm/lightningcss-android-arm64, pkg:npm/lightningcss-darwin-arm64, pkg:npm/lightningcss-darwin-x64, pkg:npm/lightningcss-freebsd-x64, pkg:npm/lightningcss-linux-arm-gnueabihf, pkg:npm/lightningcss-linux-arm64-gnu, pkg:npm/lightningcss-linux-arm64-musl, pkg:npm/lightningcss-linux-x64-gnu, pkg:npm/lightningcss-linux-x64-musl, pkg:npm/lightningcss-win32-arm64-msvc, pkg:npm/lightningcss-win32-x64-msvc, pkg:npm/uri-js, pkg:npm/hve-core show-openssf-scorecard: true warn-on-openssf-scorecard-level: 3