Skip to content

Remove development run time from fail-on-scope (Dependency Review) ✅ #514

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
JamieSlome merged 2 commits into from
Apr 5, 2024
Merged

Remove development run time from fail-on-scope (Dependency Review) ✅ #514

JamieSlome merged 2 commits into from
Apr 5, 2024

Conversation

@JamieSlome
Copy link
Member

@JamieSlome JamieSlome commented Apr 5, 2024

Unblocks CI for #506 & #335

@JamieSlome JamieSlome added the bug Something isn't working label Apr 5, 2024
@JamieSlome JamieSlome requested a review from maoo April 5, 2024 10:42
@JamieSlome JamieSlome self-assigned this Apr 5, 2024
@github-actions
Copy link

github-actions bot commented Apr 5, 2024

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
npm/@docusaurus/core ^3.0.0 🟢 7.5
Details
CheckScoreReason
Code-Review🟢 10all last 30 commits are reviewed through GitHub
Maintained🟢 1030 commit(s) out of 30 and 26 issue activity out of 30 found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no badge detected
Vulnerabilities🟢 10no vulnerabilities detected
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 3branch protection is not maximal on development and all release branches
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Packaging⚠️ -1no published package detected
License🟢 10license file detected
Token-Permissions⚠️ 0non read-only tokens detected in GitHub workflows
Pinned-Dependencies🟢 10all dependencies are pinned
Binary-Artifacts🟢 10no binaries found in the repo
Fuzzing⚠️ 0project is not fuzzed
Security-Policy🟢 10security policy file detected
npm/@docusaurus/preset-classic ^3.0.0 🟢 7.5
Details
CheckScoreReason
Code-Review🟢 10all last 30 commits are reviewed through GitHub
Maintained🟢 1030 commit(s) out of 30 and 26 issue activity out of 30 found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no badge detected
Vulnerabilities🟢 10no vulnerabilities detected
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 3branch protection is not maximal on development and all release branches
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Packaging⚠️ -1no published package detected
License🟢 10license file detected
Token-Permissions⚠️ 0non read-only tokens detected in GitHub workflows
Pinned-Dependencies🟢 10all dependencies are pinned
Binary-Artifacts🟢 10no binaries found in the repo
Fuzzing⚠️ 0project is not fuzzed
Security-Policy🟢 10security policy file detected
npm/classnames ^2.2.6 🟢 5.6
Details
CheckScoreReason
Code-Review🟢 3found 7 unreviewed changesets out of 10 -- score normalized to 3
Maintained🟢 1024 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Signed-Releases⚠️ -1no releases found
License🟢 10license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Fuzzing⚠️ 0project is not fuzzed
Security-Policy⚠️ 0security policy file not detected
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 100 existing vulnerabilities detected
Pinned-Dependencies⚠️ 2dependency not pinned by hash detected -- score normalized to 2
npm/clsx ^2.0.0 🟢 3.7
Details
CheckScoreReason
Code-Review⚠️ 2found 22 unreviewed changesets out of 30 -- score normalized to 2
Maintained⚠️ 11 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 1
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Packaging⚠️ -1packaging workflow not detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities🟢 100 existing vulnerabilities detected
Security-Policy⚠️ 0security policy file not detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
npm/eslint ^8.0.0 🟢 6.9
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 7found 6 unreviewed changesets out of 29 -- score normalized to 7
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Vulnerabilities🟢 100 existing vulnerabilities detected
Binary-Artifacts🟢 10no binaries found in the repo
Security-Policy🟢 10security policy file detected
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
npm/eslint-plugin-react ^7.23.2 🟢 6.2
Details
CheckScoreReason
Code-Review🟢 7found 8 unreviewed changesets out of 27 -- score normalized to 7
Maintained🟢 1029 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Vulnerabilities🟢 100 existing vulnerabilities detected
Signed-Releases⚠️ -1no releases found
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
npm/react ^18.0.0 🟢 5.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10
License🟢 10license file detected
CII-Best-Practices⚠️ 2badge detected: InProgress
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 0179 existing vulnerabilities detected
npm/react-dom ^18.0.0 🟢 5.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10
License🟢 10license file detected
CII-Best-Practices⚠️ 2badge detected: InProgress
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 0179 existing vulnerabilities detected

Scanned Manifest Files

website/package.json
  • @docusaurus/core@^3.0.0
  • @docusaurus/preset-classic@^3.0.0
  • classnames@^2.2.6
  • clsx@^2.0.0
  • eslint@^8.0.0
  • eslint-plugin-react@^7.23.2
  • react@^18.0.0
  • react-dom@^18.0.0
  • @docusaurus/core@^3.0.0
  • @docusaurus/preset-classic@^3.0.0
  • classnames@^2.2.6
  • clsx@^2.0.0
  • eslint@^8.0.0
  • eslint-plugin-react@^7.23.2
  • react@^18.0.0
  • react-dom@^18.0.0

@netlify
Copy link

netlify bot commented Apr 5, 2024
edited
Loading

Deploy Preview for endearing-brigadeiros-63f9d0 ready!

Name Link
🔨 Latest commit 71e0d76
🔍 Latest deploy log https://app.netlify.com/sites/endearing-brigadeiros-63f9d0/deploys/660fd5a62bfae2000834d26f
😎 Deploy Preview https://deploy-preview-514--endearing-brigadeiros-63f9d0.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@JamieSlome JamieSlome mentioned this pull request Apr 5, 2024
Closed
@codecov
Copy link

codecov bot commented Apr 5, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 57.35%. Comparing base (afe4ff4) to head (71e0d76).

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #514   +/-   ##
=======================================
  Coverage   57.35%   57.35%           
=======================================
  Files          39       39           
  Lines        1060     1060           
=======================================
  Hits          608      608           
  Misses        452      452

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

maoo
maoo approved these changes Apr 5, 2024
View reviewed changes
Copy link
Member

@maoo maoo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@JamieSlome JamieSlome merged commit bfee678 into main Apr 5, 2024
@JamieSlome JamieSlome deleted the fix/dev-dependency-consumption-for-docs branch April 5, 2024 10:49
@JamieSlome JamieSlome mentioned this pull request Apr 5, 2024
Merged
Psingle20 pushed a commit to Psingle20/git-proxy that referenced this pull request Nov 27, 2024
@JamieSlome
Merge pull request finos#514 from finos/fix/dev-dependency-consumptio…
941a1dc 
…n-for-docs

Remove development run time from `fail-on-scope` (Dependency Review) ✅
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@maoo maoo maoo approved these changes

Assignees

@JamieSlome JamieSlome

Labels

bug Something isn't working

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@JamieSlome @maoo