Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GitHub Action to Detect Unused Dependencies #1274

Closed
palisadoes opened this issue Apr 9, 2023 · 2 comments
Closed

GitHub Action to Detect Unused Dependencies #1274

palisadoes opened this issue Apr 9, 2023 · 2 comments
Assignees
@anshgoyalevil
Labels
bug Something isn't working dependencies Pull requests that update a dependency file

Comments

@palisadoes
Copy link
Contributor

Describe the bug
We need a way to automatically detect unused dependencies as part of our GitHub Actions and fail if any are found.

  1. Receiving alerts for unused dependencies and performing upgrades to these dependencies is pointless.
  2. It also exposes our code base to potential exploits even though the risk is low

To Reproduce

N/A

Expected behavior

See Above

Actual behavior

See Above

Screenshots

N/A

Additional details

This package and other similar ones may be useful
@palisadoes palisadoes added the bug Something isn't working label Apr 9, 2023
@github-actions github-actions bot added dependencies Pull requests that update a dependency file unapproved Unapproved for Pull Request labels Apr 9, 2023
@anshgoyalevil
Copy link
Contributor

@palisadoes

I would like to work on it. Please assign it to me.

@palisadoes palisadoes removed the unapproved Unapproved for Pull Request label Apr 9, 2023
@anshgoyalevil
Copy link
Contributor

@palisadoes

Sir, this issue may be closed.

PalisadoesFoundation/talawa-admin#858 (comment)

There are no unused dependency in Talawa API, other than graphql-upload, removing which is redundant, since it would be used for file uploads in near future.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@anshgoyalevil anshgoyalevil

Labels
bug Something isn't working dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@palisadoes @anshgoyalevil