-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
🛡️ Security | Upgrade to latest dependencies in GHA & tweak installs/build #7
Conversation
There's probably a few more things that could be done to beef up CI security:
|
@Fdawgs good looking on the updating the actions, bad C+P on our end 😄 I'll take a look at the permissions. On the npm install vs ci I think thats the issue I hit... with the peerDep |
Gotcha, I can see that now in the CI test failure, will revert. |
@Fdawgs looks like its still failing (no idea why tbh) also made changes to deploy process so might conflict I'm happy to merge just the updates to the GHA actions and do the |
Signed-off-by: Zac Rosenbauer <zacrosenbauer@gmail.com>
Signed-off-by: Zac Rosenbauer <zac@joggr.io>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Until we can figure out the npm i
I don't want to merge, we can merge in the GHA upgrades though
sounds good, will update PR. |
Description
This PR:
actions/checkout
can be found hereactions/setup-node
can be found hereReferences
N/A
Testing
Checklist
main