Bump Microsoft.Extensions.Http from 8.0.1 to 10.0.9 #3
dependabot-auto-merge.yml
on: pull_request
vuln-gate
/
check
3s
auto-merge
Annotations
3 errors, 1 warning, and 2 notices
|
❌ [VULN-GATE] Critical vulnerability gate failed
simplify9/SW-HttpExtensions is blocked — either the Dependabot Alerts API call failed, or an open CRITICAL-severity alert exists. Checkpoint — 1) Query alerts: ⏳ Pending. See the step above for affected package(s)/advisory ID(s).
|
|
vuln-gate / check
Process completed with exit code 1.
|
|
❌ [VULN-GATE] Missing dependabot-alerts-token
simplify9/SW-HttpExtensions — this gate requires a PAT/App token with 'Dependabot alerts: read', forwarded explicitly by the caller (GITHUB_TOKEN cannot access this API regardless of granted permissions). Add a dependabot-alerts-token entry (set to the DEPENDABOT_ALERTS_TOKEN org secret) to this job's secrets block in the caller workflow. Fails closed until forwarded.
|
|
vuln-gate / check
Can't add secret mask for empty string in ##[add-mask] command.
|
|
📝 [SUMMARY] Critical Dependabot Vulnerability Gate
status: failure
|
|
🔒 [VULN-GATE] Critical Vulnerability Check
repository: simplify9/SW-HttpExtensions
|