From b86ddd4964708d2518bf2bcbfaf42697f1ba258a Mon Sep 17 00:00:00 2001
From: Jens Troeger <jens.troeger@light-speed.de>
Date: Fri, 11 Nov 2022 22:37:40 +1000
Subject: [PATCH 1/3] feat(ci): add Dependency and License checks to build
 workflow

---
 .github/workflows/_build.yaml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/.github/workflows/_build.yaml b/.github/workflows/_build.yaml
index f3118e7e..22daf709 100644
--- a/.github/workflows/_build.yaml
+++ b/.github/workflows/_build.yaml
@@ -65,6 +65,14 @@ jobs:
       with:
         fetch-depth: 0
 
+    # Dependency review scans for introduced vulnerabilities and compatible licenses.
+    - name: Dependency Review
+      uses: actions/dependency-review-action@0efb1d1d84fc9633afcdaad14c485cbbc90ef46c # v2.5.1
+      with:
+        fail-on-severity: moderate
+        license-check: true
+        vulnerability-check: true
+
     - name: Set up Python
       uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
       with:

From 9ff0cc050f92fc0e8d6f39a24994b276b1a52e9b Mon Sep 17 00:00:00 2001
From: Jens Troeger <jens.troeger@light-speed.de>
Date: Thu, 18 Jun 2026 12:37:43 +1000
Subject: [PATCH 2/3] chore: update Action and rebase

---
 .github/workflows/_build.yaml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/_build.yaml b/.github/workflows/_build.yaml
index 22daf709..59bb5efe 100644
--- a/.github/workflows/_build.yaml
+++ b/.github/workflows/_build.yaml
@@ -67,11 +67,13 @@ jobs:
 
     # Dependency review scans for introduced vulnerabilities and compatible licenses.
     - name: Dependency Review
-      uses: actions/dependency-review-action@0efb1d1d84fc9633afcdaad14c485cbbc90ef46c # v2.5.1
+      uses: actions/dependency-review-action@a1d282b36b6f3519aa1f3fc636f609c47dddb294 # v5.0.0
       with:
         fail-on-severity: moderate
-        license-check: true
         vulnerability-check: true
+        license-check: true
+        allow-licenses:
+        comment-summary-in-pr: always
 
     - name: Set up Python
       uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0

From 45487a1bcc95f8f710b2f82ce08e298da3d64953 Mon Sep 17 00:00:00 2001
From: Jens Troeger <jens.troeger@light-speed.de>
Date: Thu, 18 Jun 2026 12:43:03 +1000
Subject: [PATCH 3/3] chore: fix typo

---
 .github/workflows/_build.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/_build.yaml b/.github/workflows/_build.yaml
index 59bb5efe..cb305391 100644
--- a/.github/workflows/_build.yaml
+++ b/.github/workflows/_build.yaml
@@ -72,7 +72,7 @@ jobs:
         fail-on-severity: moderate
         vulnerability-check: true
         license-check: true
-        allow-licenses:
+        # allow-licenses:
         comment-summary-in-pr: always
 
     - name: Set up Python