[StepSecurity] Apply security best practices #11
Conversation
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
|
This is the setup for the GitHub Dependabot that checks for new versions of GitHub actions. |
|
CI is not happy here. I restricted merges if checks fail. It the problem of the failing tests known? |
|
Yes, sorry. I am in the middle of fixing some issue with the undocumented names test. I started to fix this on the small_fixes branch, but it is not ready yet. Problem is that there are two (out of many) names which are reexported from ExtendableFEMBase without Docstring (which I assumed is not necessary for reexports, since I don't do this for others as well). I have to continue to work on this later when I have more time. We can either merge this now or wait for this fix. It should be orthogonal. |
|
No reason to be sorry. I am happy that the CI Issue is already attacked in #12. Then we should wait for a proper fix there. |
|
@step-security-bot rebase |
|
let's see if it is smart enough. |
Summary
This pull request is created by StepSecurity at the request of @jpthiele. Please merge the Pull Request to incorporate the requested changes. Please tag @jpthiele on your message if you have any questions related to the PR.
Security Fixes
Keeping your actions up to date with Dependabot
With Dependabot version updates, when Dependabot identifies an outdated dependency, it raises a pull request to update the manifest to the latest version of the dependency. This is recommended by GitHub as well as The Open Source Security Foundation (OpenSSF).
Feedback
For bug reports, feature requests, and general feedback; please email support@stepsecurity.io. To create such PRs, please visit https://app.stepsecurity.io/securerepo.
Signed-off-by: StepSecurity Bot bot@stepsecurity.io