Merge pull request #42 from ministryofjustice/feature/updates

🎨 Update repository
ministryofjustice · Feb 22, 2024 · fe77718 · fe77718
2 parents edc724a + dda3e68
commit fe77718
Show file tree

Hide file tree

Showing 5 changed files with 24 additions and 27 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -1,9 +1,11 @@
+---
 # To get started with Dependabot version updates, you'll need to specify which
 # package ecosystems to update and where the package manifests are located.
 # Please see the documentation for all configuration options:
 # https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
 
 version: 2
+
 updates:
   - package-ecosystem: "bundler"
     directory: "/"

diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -1,21 +1,28 @@
-# Need a GitHub Advanced Security license to run this action on private repos.
-
+---
 name: Dependency Review
+
 on:
   pull_request:
-    types: [opened, edited, reopened, synchronize]
+    types:
+      - edited
+      - opened
+      - reopened
+      - synchronize
 
-permissions:
-  contents: read
+permissions: {}
 
 jobs:
   dependency-review:
+    name: Dependency Review
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     steps:
-      - name: Checkout Repository
-        uses: actions/checkout@v4
+      - name: Checkout
+        id: checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
       - name: Dependency Review
-        uses: actions/dependency-review-action@v3
+        uses: actions/dependency-review-action@9129d7d40b8c12c1ed0f60400d00c92d437adcce # v4.1.3
         with:
-          # Possible values: critical, high, moderate, low 
           fail-on-severity: critical
diff --git a/.github/workflows/format-code.yml b/.github/workflows/format-code.yml
diff --git a/LICENSE b/LICENSE
@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2022 Crown Copyright (Ministry of Justice)
+Copyright (c) 2024 Crown Copyright (Ministry of Justice)
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

diff --git a/README.md b/README.md
@@ -12,8 +12,8 @@ The repository comes with the following preset files:
 - .gitignore
 - CODEOWNERS
 - dependabot.yml
-- GitHub Actions example file
-- Ministry of Justice Compliance Badge (Public repositories only)
+- GitHub Actions example files
+- Ministry of Justice Compliance Badge (public repositories only)
 
 ## Setup Instructions
 
@@ -61,4 +61,6 @@ To add an Outside Collaborator to the repository, follow the guidelines detailed
 
 Adapt the dependabot.yml file to match your project's [dependency manager](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#package-ecosystem) and to enable [automated pull requests for package updates](https://docs.github.com/en/code-security/supply-chain-security).
 
-If your repository is private with no GitHub Advanced Security license, remove the .github/workflows/dependency-review.yml file.
+### Dependency Review
+
+If your repository is private with no GitHub Advanced Security license, remove the `.github/workflows/dependency-review.yml` file.