Skip to content

#ZH-3 - Applying small improvements to and Actions #676

New issue

Have a question about this project? Sign up for a free account to open an issue and contact its maintainers and the community.

Sign up for

By clicking “Sign up for ”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on ? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
May 27, 2022
Merged

#ZH-3 - Applying small improvements to and Actions #676

merged 2 commits into from
May 27, 2022

Conversation

israelboudoux
Copy link
Contributor

@israelboudoux israelboudoux commented May 25, 2022
edited
Loading

Adds a dependency-check to Action which verifies for vulnerabilities on dependencies and enables the use of WIP (Work in Progress) into PR titles.

#ZH-3 - Applying small improvements to and Actions for allowin…
3762db2
…g verification of vulnerabilities for dependencies (new or changes, not for the ones already contained into the repo) and enabling WIP for Pull Requests
@IlyasRidhuan
Copy link
Contributor

Can you add a description to what this PR is meant to do? It looks like it adds a check for vulnerable dependencies.

What is it actually doing under the hood. Running nom audit in the repo raises multiple vulnerabilities, yet this workflow passes.

@israelboudoux
Copy link
Contributor Author

Can you add a description to what this PR is meant to do? It looks like it adds a check for vulnerable dependencies.

What is it actually doing under the hood. Running nom audit in the repo raises multiple vulnerabilities, yet this workflow passes.

Short description added!
A double-check in vulnerabilities is never too much.

@ChaitanyaKonda
Copy link
Contributor

How do the following work ?

@israelboudoux
Copy link
Contributor Author

How do the following work ?

Hello Chaitanya,

  • The WIP thing is related to making your Pull request pending, I mean, by putting one of the words "WIP", "Work in Progress", "Do not merge" in the title will make it pending and this prevents someone of reviewing it in advance;
  • The dependency-check basically checks if new dependencies added in the PR run into vulnerabilities.

That is it!

@ChaitanyaKonda
Copy link
Contributor

ChaitanyaKonda commented May 26, 2022
edited
Loading

The WIP thing is related to making your Pull request pending, I mean, by putting one of the words "WIP", "Work in Progress", "Do not merge" in the title will make it pending and this prevents someone of reviewing it in advance;

Apologies if this might seem silly, what do you mean by Pending please. I am asking to understand how to use, it seems good to approve in general. I am sure David Ruiz or David Rodriguez will approve as soon as they see it

@IlyasRidhuan
Copy link
Contributor

LGTM

@israelboudoux
Copy link
Contributor Author

israelboudoux commented May 26, 2022
edited
Loading

The WIP thing is related to making your Pull request pending, I mean, by putting one of the words "WIP", "Work in Progress", "Do not merge" in the title will make it pending and this prevents someone of reviewing it in advance;

Apologies if this might seem silly, what do you mean by Pending please. I am asking to understand how to use, it seems good to approve in general. I am sure David Ruiz or David Rodriguez will approve as soon as they see it

Nw! Basically speaking the Pending state put the PR in a state where the Merge button isn't enabled and only the Administrator could merge it.

daveroga
daveroga approved these changes May 26, 2022
View reviewed changes
Copy link
Contributor

@daveroga daveroga left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@WestladWestlad removed the question label May 27, 2022
@WestladWestlad merged commit 9eddeed into master May 27, 2022
@WestladWestlad deleted the zh#3-small-improvements-in- branch May 27, 2022 08:16
Sign up for free to join this conversation on . Already have an account? Sign in to comment
Reviewers

@druiz0992 druiz0992 druiz0992 approved these changes

@daveroga daveroga daveroga approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

6 participants
@israelboudoux @IlyasRidhuan @ChaitanyaKonda @druiz0992 @daveroga @Westlad